Privacy Policy

Beacon(“we”, “us”, “our”) is a guidance app that helps you find and understand UK government services, including a chat experience built around GOV.UK-first sources and optional in-app features such as a street crime map using Police UK open data. This Privacy Policy applies to theBeacon iOS appand ourpublic websiteatgetbeacon.uk(informational pages — there is no web version of the chat app and no account login on the site today). This Privacy Policy explains what personal data we collect, how we use it, and your rights. We process data in line with UK data protection law (including UK GDPR, the Data Protection Act 2018, and subsequent amendments such as the Data (Use and Access) Act 2025, where applicable). Beacon is intended for users in the United Kingdom.

1. Who is responsible for your data?

Data controller:an independent developer based in theUnited Kingdom, operating the Beacon app under the product nameBeacon. You can contact us for privacy and data-protection matters atinfo@getbeacon.uk.

Postal address:we do not publish a postal address on this page.info@getbeacon.ukis the main way to reach us for privacy matters. If applicable law requires a correspondence address for your specific request, we will provide it when we respond.

The app is identified on theApple App Storelisting for Beacon in the UK; the operator described here should match that listing.

2. What data we collect

• Account and identity

  When you sign in with Google or Apple we receive account identifiers from them. Whether anemail addressis included depends on the provider andyour choices in their sign-in flow(for example, Apple may offer to hide or relay your email).

  Guest (“anonymous”) mode— If you open Beacon without signing in, we may create a guest session tied to adevice identifierfrom the app. Guest mode isread-only/limited: guests cannot send chat messages (including starter prompts). If you try to send a message while not signed in, the app opens a sign-in bottom sheet and requires login before sending. We maychange, restrict, or endguest access.Signing out or deleting the appdoes not by itself erase server-side history. Signed-in users candelete their accountfromProfilein the app (this disables access and starts our deletion process as described below). You can also contactinfo@getbeacon.ukto request erasure. We do not store your Google or Apple password.

• Chat and conversations

  Messages you send, assistant replies, conversation titles, and metadata (e.g. which official sources were used). This is necessary to provide the chat, show history, and improve responses. Where you uselonger-running research or deep-search style flows, we process the inputs and outputs of those tasks like other chat content. We also keep operational trace records (for example response type, safety/policy codes, timing metrics, and tool/retrieval telemetry) for reliability monitoring, quality assurance, and abuse prevention.

• Profile information

  If you use the profile feature: your situation summary (bio), Case Vault notes by topic, and app settings (e.g. which GOV.UK document types to search). This is used to personalise answers and show your profile in the app. If youedit your bio manually, we use that text until you switch back to automatic bio generation in the app. You can turn profile use in chat on or off in app settings; when it is off, Beacon does not use your bio/Case Vault context to personalise chat responses.

• Images and documents

  If you sendphotos or PDF filesin chat (e.g. photos of documents or uploaded PDFs), we store them in secure cloud storage and use them only to answer your question (including with AI tools that process the file). We may keep a short text description for context in the conversation.

• Push notifications and reminders

  If you enable notifications we store a device push token so we can deliverreminders you set(e.g. from Case Vault) andoptional alerts for long-running tasksyou start in the app (for example when a background research job completes), where the app asks for notification permission for that flow. We do not use push for marketing.

• Feedback

  If you rate a message or send feedback we store that to improve the service. Feedback records may be retained even if a chat is removed from your visible chat list.

• Map and local exploration

  For the street crime map (Police UK open data), the app sendscoordinates for the point you choose on the mapand parameters such as thetime window(e.g. which months to include) and, where shown in the app, anOffice for National Statistics (ONS)population year used for rate-style figures. Street-level incidents are counted within afixed on-map analysis circle(currently150 metresradius from that point; not user-adjustable in the current product). We use this only for that request — not to track your movements over time.

• Website (getbeacon.uk)

  Our public site hosts the marketing page and legal documents.We do not use analytics or advertising cookieson the site as it is built today (static pages, no third-party tracking scripts). When you load a page,standard server or hosting logsmay record technical data such as IP address, time, and requested URL — see alsoTechnical and logsbelow.

• Technical and logs

  We may log requests (e.g. IP, time, endpoint) for security and fixing errors. Operational logs can include error identifiers and service performance metrics. We do not sell this data.

3. How we use your data

We use your data to:

• Provide and run the Beacon app (chat, history, profile, reminders and optional task alerts, map exploration).
• Personalise answers using your profile and conversation context.
• Improve our systems (e.g. understanding how the service is used and fixing issues).
• Comply with legal obligations and protect our rights and users’ safety.

We do not use your data for advertising or selling to third parties.

4. Who we share data with

We work with trusted providers who process data on our behalf or as part of their own service:

• AI / LLM provider— Your messages (and, when you send images or PDFs, those files or descriptions derived from them) are sent to our AI provider to generate answers.
• GOV.UK— Beacon chat is built to use GOV.UK as the primary source base. We send search queries and request content from official government sources. We do not send your name or email to GOV.UK.
• Police UK (data.police.uk)— For map features we request open data from Police UK (and may serve a derived archive in-app), under theOpen Government Licence v3.0. We attribute where appropriate. Police UK does not receive your name or email from us for these requests.
• Google / Apple— When you sign in, they process your sign-in. We only receive what they send us (typically an identifier; an email may or may not be included, depending on the provider and your choices).
• Cloud storage— Images and PDFs you upload in chat are stored in secure cloud storage.
• Push delivery— To send reminders and optional task-completion alerts we use the relevant push service (e.g. Apple Push Notification service).

We do not sell or rent your personal data. We may disclose data if required by law or to protect our or others’ rights and safety.

What we donotuse:The Beacon iOS app does not integrate in-app advertising,AdMob, or third-party analytics / attribution SDKs such asFirebase Analytics,Google Analytics, or similar cross-app tracking tools. Sign-in usesGoogleandAppleonly for authentication (see above), not for ads or behavioural ad tracking. The public website does not load comparable third-party analytics or ad scripts as currently built.

5. Legal basis (UK GDPR)

We process your data on the following bases:

• Contract— To provide the app (chat, account, profile, reminders).
• Legitimate interests— To improve the service, keep it secure, and run our systems.
• Consent— Where we explicitly ask for it (e.g. optional features or marketing, if we introduce them later).

6. How long we keep your data

While your account (including guest) isactive, we keep chat and related data so the app can work — there is no automatic “delete every message after N days” in the current product. Under UK GDPR, retention must be justified and proportionate; you can request erasure and we describe how we honour that below.

• Access tokens— After sign-in or guest sign-on, the app receives a session token valid for alimited time(default server setting:90 days, configurable). When it expires, protected features may return errors until yousign in again(the app may prompt you; we do not rely on silent indefinite renewal).
• After you delete your account— We mark the account closed and stop access to it. Self-service restoration is not available. Account-linked content may be retained for up to180 daysfor safety, abuse prevention, service analytics, and product improvement, then deleted orirreversibly anonymisedunless a longer retention period is required by law.
• When you delete a chat in the app— Chat deletion is currently a visibility/action delete (the chat is removed from your active list). Underlying conversation records may be retained for up to90 daysfor safety, abuse prevention, analytics, and product improvement, then deleted orirreversibly anonymised.
• Feedback linked to deleted chats/accounts— Feedback and related quality/safety records may be retained for up to180 daysafter deletion events, then deleted orirreversibly anonymisedunless legal obligations require longer retention.
• Guests— Same retention approach. Removing the app does not erase server data; contactinfo@getbeacon.ukto request erasure. If you later create a full account, you can use in-app account deletion from Profile when signed in.
• Logs— Often up toabout 90 days, depending on hosting, then removed or aggregated.

We maintain retention periods by data category (for example, logs versus account content) and review them periodically to ensure they remain necessary and proportionate. Deleting your account closes access and cannot be undone in the app. If you want data erasure, contact us using the details below and we will assess and process your request in line with UK data protection law.

7. Your rights

Under UK data protection law you have the right to:Access,Rectification,Erasure,Restrict processing,Object, andData portability.

To exercise these rights, contact us atinfo@getbeacon.uk. We will respond within one month. You can also complain to theInformation Commissioner’s Office (ICO)(ico.org.uk) if you are unhappy with how we handle your data.

8. Security

We use appropriate technical and organisational measures (e.g. encryption, access controls, secure storage) to protect your data. No system is completely secure; we will notify you and the ICO of serious breaches where we are required to do so.

9. International transfers

Your data may be processed in the UK and in other countries where our providers operate. Where we use providers outside the UK we ensure appropriate safeguards are in place.

10. Children

Beacon is for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe we have done so, please contact us and we will delete it.

11. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version with an updated “Last updated” date and, for significant changes, we will notify you in the app or by email where appropriate.