Beacon
Privacy Policy
Effective: March 30, 2026 · Provided by The Hidden Door LLC
The short version: we collect what's necessary to run the platform. We use third-party services for login, messaging, and storage. We don't sell your data, and you can ask us to delete your account at any time.
1. What We Collect
When you create an account or sign in via GitHub, Google, or Discord, we collect:
- Your name, email address, and avatar (from your OAuth provider)
- Your username and profile bio
- Your OAuth provider user ID (GitHub, Google, and/or Discord)
- Your phone number (if you provide it for SMS notifications or login verification)
- Content you create: forum threads, replies, scripts, themes, and documentation
We also collect automatically:
- Your IP address and browser user agent string (stored in your session record)
- Your last login time and last active timestamp (used for online presence indicators)
- Server logs (IP addresses, request timestamps, error logs) for security and debugging
2. Online Presence & Activity
Beacon tracks your login status and last active time to power community features like online indicators and activity feeds. Other users can see when you are online or were recently active. This data is stored in our database and is not shared with third parties.
3. How We Use Your Data
We use your information to:
- Authenticate your account and maintain your session
- Display your public profile, content, and online status to other users
- Send transactional emails (account notices, replies) if you opt in
- Send SMS messages you have consented to receive
- Investigate abuse reports and enforce our Terms of Service
4. SMS Messaging
If you provide your phone number or receive an invitation via SMS, we may send you:
- Channel invitation links from existing Beacon members
- Login verification codes (one-time passcodes)
- Platform notifications you have opted into
SMS messages are sent via Twilio, our messaging provider. Your phone number and message content are transmitted to Twilio to deliver messages. Message and data rates may apply. You can opt out at any time by replying STOP.
If you opt out, we retain your phone number in an opt-out list indefinitely to ensure we don't message you again.
5. Slack Workspace Migration
If you use our Slack-to-IRC migration tool, we request access to your Slack workspace via OAuth. This grants us:
- Your Slack workspace name and ID
- A list of channels (public and private) including names, topics, and member counts
- A list of workspace members including display names and email addresses
- An OAuth access token (stored encrypted in our database)
This data is stored in our database for the duration of the migration process. You choose which channels and users to include before any migration is executed.
6. Third-Party Services
Beacon uses the following third-party services. Each has its own privacy policy, and we do not control their data practices:
- GitHub, Google, Discord — OAuth login providers. We receive what you authorize during sign-in. These providers may independently track that you signed into Beacon.
- Twilio — SMS delivery. Phone numbers and message content are transmitted to Twilio.
- Slack — Workspace data import during migration (see Section 5).
- Supabase — File and asset storage. Uploads (avatars, script files, theme files) are stored on Supabase S3-compatible infrastructure.
- Google Fonts — We load typefaces from Google's font service. This means your browser sends requests to Google's servers (including your IP address and referrer) when loading pages on Beacon.
7. API Tokens
You can create personal API tokens to access Beacon programmatically. Tokens are stored as hashed values in our database. You can view and revoke your tokens at any time from your account settings. Tokens do not expire unless you revoke them.
8. Where Your Data Lives
Your data is stored on servers operated by Akamai / Linode, located in the United States. Akamai is SOC 2 Type II and ISO 27001 certified.
9. Data Retention
We retain your account data for as long as your account is active. If you delete your account, we will remove your personal information within 30 days. Public content you created (forum posts, published scripts) may remain visible but will be disassociated from your deleted account.
SMS opt-out records are retained indefinitely to prevent re-contact. Session records are cleared periodically by automated cleanup.
10. Your Rights
You have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your account and personal data
- Revoke API tokens and disconnect OAuth providers
To exercise any of these rights, contact us at thehiddendoor.ai.
11. Analytics
We use Google Analytics 4 (GA4) on the beacon-irc.app website to understand how visitors find and use the site. GA4 collects anonymized usage data such as pages visited, referral source, device type, and general location. Google's privacy policy governs their handling of this data.
12. Cookies
We use the following cookies:
- Session cookie — keeps you logged in. HTTP-only, not accessible to JavaScript.
- CSRF token cookie — protects against cross-site request forgery.
- Google Analytics cookies — used by GA4 to distinguish visitors and measure site usage.
We do not use advertising cookies or tracking pixels.
13. What We Don't Do
- We do not sell, rent, or share your personal data with third parties for marketing purposes
- We do not run advertising networks or ad tracking
- We do not use data brokers
14. Changes to This Policy
We may update this policy from time to time. When we do, we'll update the effective date above. Continued use of Beacon after changes are posted constitutes acceptance of the revised policy.
15. Contact
Questions or requests? Reach us at thehiddendoor.ai.