Skip to main content
Beamtune

Privacy Policy

Effective date: March 8, 2026

This Privacy Policy explains how Beamtune collects, uses, stores, shares, and protects personal data when you use the Service.

1. Controller and Contact

Beamtune, operated by Individual Entrepreneur Boris Zubarev, acts as the controller for core service processing.

Contact us about privacy, access, deletion, objection, or correction requests at support@beamtune.ai.

2. Data We Process

  • Account data: Email address, authentication identifiers, display profile data, and session metadata.
  • Creator content and settings: Connected source identifiers, profile metadata, uploaded files, and configuration needed to power public assistants.
  • Conversation data: User prompts, AI-generated responses, cited source references, moderation events, and related service metadata.
  • Operational data: Logs, diagnostics, service health telemetry, security events, and billing-related metadata.
  • Support correspondence: Information you submit when contacting support, requesting billing help, or asking procurement or security-review questions.

3. Why We Process Personal Data

We process personal data to:

  • Provide the Service, including account access and AI assistant responses.
  • Operate content indexing, retrieval, citations, and conversation history.
  • Protect the Service through abuse prevention, security monitoring, and logging.
  • Handle billing, refunds, disputes, and account communications.
  • Respond to support tickets, legal requests, and data rights requests.

4. Legal Basis

Contract + Legitimate Interest is our baseline for core service processing.

  • Contract: Account access, subscription delivery, AI response generation, connected-source processing, and support tied to the Service.
  • Legitimate Interest: Security, fraud prevention, abuse enforcement, service reliability, incident investigation, and internal operations.
  • Legal Obligation: Invoicing, tax, financial records, and lawful requests where disclosure is required.

5. What We Do Not Do

  • We do not sell personal data.
  • We do not use public-web analytics cookies or analytics scripts without consent.
  • We do not use creator content, conversation content, or personal data to train general-purpose AI models.

6. AI Transparency and Safety

Users are informed no later than their first interaction that they are chatting with an AI assistant and receiving AI-generated responses.

We also use safety and misuse controls to restrict prohibited or high-risk requests, including regulated-advice prompts, and we log relevant abuse or escalation events when needed to evidence enforcement and protect the Service.

7. Sharing and Subprocessors

We share personal data with service providers only as needed to operate the Service or comply with law. Our current public register of providers, roles, purposes, locations, safeguards, and status is published at /subprocessors.

Active providers currently include Hetzner, Cloudflare, OpenRouter, Google OAuth, and Resend. Planned additions currently include PostHog and Sentry, neither of which is active on public web by default today.

8. Data Location and International Transfers

We process and store personal data primarily in the United States (Hetzner, Ashburn).

Where data is transferred across borders, including from the EEA, UK, or Switzerland to the United States, we apply appropriate safeguards, including Standard Contractual Clauses where required by law.

9. Retention

  • Account and creator data: Retained while the account remains active and deleted up to 30 days after verified account deletion, subject to legal-hold obligations.
  • Conversation data: Retained while necessary to operate the Service and enforce safety, then deleted according to the same baseline unless law requires longer retention.
  • Logs and telemetry: Typically retained for up to 30 days for security and debugging.
  • Backups: Retained for up to 30 days and then rotated out, subject to disaster-recovery schedules.
  • Legal or financial records: Retained for longer where required by law or dispute-handling obligations.

10. Your Rights and DSAR Runbook

You may request access, correction, deletion, objection, restriction, or portability where applicable.

To make a request, email support@beamtune.ai. We verify identity before disclosing or deleting data. Verification may include confirming control of the account email address, checking active account context, or requesting limited additional evidence that is proportionate to the risk of unauthorized disclosure.

We respond without undue delay and within 1 month after a request is verified, with up to 2 additional months for complex requests when the extension is disclosed within the first month.

If you request deletion, primary account data is deleted within the retention baseline above. We may retain limited information in backups, security logs, or legal-hold records where required.

11. Cookies and Public-Web Tracking

We currently use only strictly necessary cookies required for authentication and session continuity. We do not activate public-web analytics cookies or tracking scripts without a consent-compliant rollout.

12. Security and Incident Handling

We use technical and organizational measures appropriate to the Service, including encrypted transport, access controls, secret management, and infrastructure monitoring.

We document suspected personal data breaches, assess risk, and notify regulators or affected individuals when required by law. Processors and subprocessors are expected to escalate relevant incidents without undue delay.

13. Children

You must be at least 16 years old to use the Service.

We do not knowingly provide the Service to children under 16. If underage use is confirmed, we restrict access and delete related data under the disclosed retention and legal-hold baseline.

14. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be published at this canonical URL and reflected across the public legal package.