Privacy Policy
Last updated: July 4, 2026
1. Introduction
PrivBeacon ("we", "us", "our") operates the privacy compliance scanner at https://www.privbeacon.com. This policy describes how we collect, use, and protect personal information when you use our website and services.
2. Information we collect
We may collect the following categories of personal information:
- Identifiers — name, email address, account credentials
- Commercial information — subscription plan, billing history (via Stripe)
- Internet activity — pages visited, scan requests, device type, IP address (for security)
- Professional information — company name, site URLs you submit for scanning
3. Lawful basis for processing
We process personal data on the following lawful bases (GDPR / UK GDPR): - **Consent** — non-essential cookies, marketing communications where applicable - **Contract** — providing scans, dashboards, and subscriptions you request - **Legitimate interests** — security, fraud prevention, and service improvement
4. How we use your information
- Provide privacy scans, dashboards, and compliance reports
- Process subscriptions and authenticate your account
- Respond to support requests and data subject requests (DSARs)
- Improve our product and prevent fraud
- Comply with legal obligations
5. Cookies & similar technologies
We categorize cookies as essential, analytics, and marketing. Non-essential cookies load only after consent via our cookie banner. See our Cookie Policy for details.
6. Third-party subprocessors
- Stripe — Payment processing (US/EU)
- Google — Optional OAuth sign-in (login page only) (US)
- Hosting provider — Application hosting & database (Configurable)
7. International data transfers
Data may be processed in the United States and other countries where our subprocessors operate. We use Standard Contractual Clauses and vendor agreements with appropriate safeguards for international transfers.
8. Data retention
Account data is retained while your account is active and up to 24 months after closure unless a longer period is required by law. Scan results are retained per your plan settings. Analytics data (if consented) is retained up to 26 months.
9. Your privacy rights
**GDPR / UK GDPR data subject rights:** right to access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. **CCPA / CPRA (California):** right to know, delete, correct, and opt out of sale/sharing. We do **not** sell personal information. **LGPD (Brazil), PIPEDA (Canada), POPIA (South Africa), APPI (Japan), PDPA (Singapore), PIPA (Korea), Privacy Act (Australia), FADP (Switzerland), and US state laws (VCDPA, CPA, CTDPA):** contact us to exercise access, correction, deletion, or portability rights applicable in your region.
To exercise your rights, email privacy@privbeacon.com or visit Privacy Choices.
10. Non-discrimination
We will not discriminate against you for exercising your privacy rights under CCPA, CPRA, or other applicable laws.
11. Children
PrivBeacon is not directed at children under 16. We do not knowingly collect data from children.
12. Contact
Privacy & data protection contact: privacy@privbeacon.com
PrivBeacon provides automated privacy scans and document templates for informational purposes only. This is not legal advice. Consult qualified legal counsel before relying on generated policies or compliance scores for regulatory decisions.