Privacy Policy
Your documents and workbench output stay on your iPhone.
Beacon (“we”, “us”, “our”) is an independent on-device AI workbench for iPhone. Import documents and recordings, run tools such as OCR, summarise, clean personal data, transcribe, and understand content, then share or save results — on your iPhone. This Privacy Policy applies to the Beacon iOS app and our public website at getbeacon.uk (informational pages only — there is no web app and no account login on the site). We explain what personal data we collect, what stays on your device, and your rights under UK data protection law (UK GDPR and the Data Protection Act 2018).
1. Who is responsible for your data?
Data controller: an independent developer based in the United Kingdom, operating the Beacon app under the product name Beacon. Contact: info@getbeacon.uk.
Postal address: We do not publish a postal address on this page. A correspondence address can be provided upon request where required.
The app is listed on the Apple App Store (Beacon).
2. Privacy by design — what stays on your iPhone
For the Welcome workbench, Storage, scanner capture and batch review, and on-device AI tools (including OCR, summarise, clean personal data, transcribe, understand, and related analysis), Beacon is designed so that your imported files, scan pages, recordings, workbench text, redacted output, and gallery collections are processed and stored on your iPhone for those flows. We do not upload that content to our servers to run those pipelines.
Saved notes in Profile are stored locally on your device unless a future version explicitly tells you otherwise.
You can use many workbench features without signing in. Sign-in is mainly for downloading on-device model files and account-related controls described below.
3. What we collect on our servers
In short: we do not store your workbench files or tool output on our servers. What we hold is minimal — chiefly sign-in identifiers (and sometimes an email from Google or Apple), session tokens, optional feature-interest taps, abuse-control flags, and short-lived technical logs. There is no chat history, document library, or profile content on our side in the current app.
Account and identity (when you sign in)
When you sign in with Google or Apple, we receive identifiers from them (for example a stable account id from the provider). An email address may be included depending on the provider and your choices in their sign-in flow (Apple may offer to hide or relay your email). We store a Beacon account record so we can recognise you on return visits, issue session tokens, and enforce abuse controls. We do not store your Google or Apple password.
Session tokens
After sign-in, the app receives an access token so it can call protected APIs (for example to list downloadable models and request time-limited download links). Tokens expire after a limited period (server default: 90 days; we may change this via configuration).
On-device model downloads (sign-in required)
To download large model files (for example Llama or vision weights) we issue short-lived presigned links to private object storage. We need sign-in so downloads can be tied to an account and we can limit abuse of storage bandwidth (for example automated or excessive pulling of model files). We do not receive your documents or workbench output through this flow — only authentication and technical download requests.
Abuse prevention and account status
We may store account flags (for example banned or deactivated status) and related timestamps to protect the service and other users. This is part of controlling misuse of authenticated download access.
Feature interest (optional)
If you register interest in a future server feature, we may store which feature you tapped and a coarse source label, linked to your account. This is not your document content.
Website (getbeacon.uk)
Our public site hosts marketing and legal pages. We do not use analytics or advertising cookies on the site as built today. Hosting may process standard technical data (IP address, time, requested URL) to deliver pages and protect the service.
Technical logs
Our API and hosting providers may generate technical logs for security, abuse prevention, and reliability (for example request timestamps, endpoints, and network identifiers such as IP address). These logs are operational — not a profile of what you work on in the app.
4. What we do not collect for the workbench
For the current on-device product focus, we do not receive on our servers:
- Files you import in the workbench (PDFs, photos, audio, video)
- Text recognised by OCR, summaries, PII redaction output, transcripts, or vision descriptions produced on your iPhone
- Your Storage gallery pages or batch scan images for workbench processing
- Saved notes content stored locally in Profile
Older server features (such as cloud chat) are not available in the current app and do not collect data today. If we ship new server features later, we will update this Policy first.
5. Local data on your iPhone
The app may keep data on your device, including:
- Workbench imports, Storage collections, and scan batch caches
- Downloaded on-device AI model files (large; removable via Clear caches in Profile)
- Saved notes and app preferences
Removing the app or clearing caches deletes local data as described in the app. That does not by itself delete your server-side account record — use account deletion in Profile or contact us.
6. How we use your data
- Authenticate you and provide presigned model download links
- Operate, secure, and maintain the API (including abuse prevention on storage access)
- Comply with law and protect users’ safety where required
We do not use your data for advertising. We do not use workbench content to train our own models — we do not receive that content today.
7. Who we share data with
We share the small amount of account-related data we hold only with:
- Google / Apple — when you choose their sign-in (they process authentication; we receive only what they send us).
- DigitalOcean — where we host the API, account database, and private object storage for model files (UK London region where configured).
On-device tools use third-party model weights downloaded to your iPhone (see Licences & attribution). That inference runs on your device; we do not receive the text or files you process.
We do not sell mailing lists or workbench content — we do not have the latter on our servers. We are not an ad network. We may disclose account or log records if law requires it (for example a valid legal request).
What we do not use in the app: No in-app advertising SDKs and no Firebase/Google Analytics-style cross-app tracking. Sign-in providers are used for authentication only.
8. Legal basis (UK GDPR)
- Contract — To provide sign-in, model download access, and related account features you request.
- Legitimate interests — To keep the service secure, prevent abuse of storage downloads, and maintain reliability.
- Consent — Where we explicitly ask for it (for example optional future features).
9. How long we keep your data
- Active accounts — Account identifiers and abuse-related flags while your account remains active.
- Access tokens — Limited lifetime (default 90 days); sign in again when expired.
- After account deletion — We mark the account closed and stop access. Related records may be retained for up to 90 days for safety, abuse prevention, and legal compliance, then deleted or irreversibly anonymised unless law requires longer retention.
- Logs — Typically up to about 30 days, then removed or aggregated, depending on hosting configuration.
10. Your rights
Under UK data protection law you have the right to: Access, Rectification, Erasure, Restrict processing, Object, and Data portability where applicable.
Because we store limited server-side personal data, an access request will typically show only sign-in identifiers, account status, optional feature-interest flags, and coarse technical metadata — not your documents or workbench output (those stay on your iPhone unless you delete them locally).
Contact info@getbeacon.uk. We respond within one month. You may complain to the ICO (ico.org.uk).
11. Security
Our servers hold little personal data — mainly sign-in identifiers and abuse-control fields. We still protect that data with encryption in transit, access controls, and standard hosting practices. If a breach affects those account records, we will tell you and the ICO when UK law requires it.
12. International transfers
Our infrastructure is hosted in the United Kingdom where we configure it that way. Google and Apple may process sign-in data under their own global infrastructure and terms.
13. Children
Beacon is for users aged 13 and over. We do not knowingly collect data from children under 13. Contact us if you believe we have.
14. Changes to this policy
We may update this Policy with a new “Last updated” date. For significant changes we will notify you in the app or by email where appropriate. Beacon is free today. If we introduce paid features, we will update this Policy before you pay.