Privacy Policy

Beacon (“we”, “us”, “our”) is an independent iOS app for scanning and understanding documents and screens. Scanning, batch review, and on-device reading (including text recognition and optional on-device summaries or scene descriptions) run on your iPhone and do not require an account. Cloud chat (including Ask Beacon from a scan) requires sign-in; for UK public-guidance questions we use only official GOV.UK pages as document sources for answers (via GOV.UK APIs and copies of that material on our infrastructure — not other publishers or general web sources). Optional map-based exploration of Police UK street-level crime open data (England, Wales and Northern Ireland) is available in Profile (beta); it is contextual open data, not official police output. This Privacy Policy applies to the Beacon iOS app and our public website at getbeacon.uk (informational pages — there is no web version of the chat app and no account login on the site). We explain what personal data we collect, how we use it, and your rights under UK data protection law (including UK GDPR and the Data Protection Act 2018). Beacon is operated from the United Kingdom; scanning works globally, while cloud answers with GOV.UK links are UK-focused today.

1. Who is responsible for your data?

Data controller: an independent developer based in the United Kingdom, operating the Beacon app under the product name Beacon. You can contact us for privacy and data-protection matters at info@getbeacon.uk.

Postal address: We do not publish a postal address on this page. For privacy and data-protection requests, please contact us at info@getbeacon.uk. A correspondence address can be provided upon request where required.

The app is listed on the Apple App Store (Beacon, UK region); the operator described here should match that listing.

2. What data we collect

• Without an account (scan on your iPhone)

  If you choose Continue without account on the welcome screen, you can use document scanning, multi-page batch review, on-device text recognition, and related on-device features without sending document content to our chat servers. Scanned pages may be stored temporarily in the app cache on your device so your batch can be restored. This path does not create a Beacon account on our servers.

• Account and identity

  When you sign in with Google or Apple we receive account identifiers from them. Whether an email address is included depends on the provider and your choices in their sign-in flow (for example, Apple may offer to hide or relay your email).

  You must sign in with Google or Apple to use cloud chat, Ask Beacon handoff to chat, optional model downloads tied to your account flow, and related server features. Signing out or deleting the app does not by itself erase server-side history. You can delete your account from Profile in the app (this disables access and starts our deletion process as described below), or contact info@getbeacon.uk to request erasure. We do not store your Google or Apple password.

• Chat

  Messages you send, assistant replies, and metadata (e.g. which official sources were used). The app is structured so you work in one ongoing dialogue at a time — there is no conversation list, swipe-to-browse past chats, or in-app delete-chat control (navigation between chat and map uses horizontal paging only). Each dialogue is subject to a fixed maximum length (currently 30 messages per conversation in the app configuration); when that limit is reached you are prompted to start a new chat for a fresh thread. Where you use longer-running research or deep-search style flows, we process the inputs and outputs of those tasks like other chat content. We also keep operational trace records (for example response type, safety/policy codes, timing metrics, and tool/retrieval telemetry) for reliability monitoring, quality assurance, and abuse prevention.

• Profile information

  If you use the profile feature: your situation summary (bio), Case Vault notes by topic, and app settings (e.g. which GOV.UK document types to search). This is used to personalise answers and show your profile in the app. If you edit your bio manually, we use that text until you switch back to automatic bio generation in the app. You can turn off using profile context in chat in app settings; when it is off, Beacon does not use your situation summary or Case Vault topic context to personalise chat responses (one control turns both off for chat).

• Saved messages, notes, and deep-search reports

  If you use Saved messages: we store the assistant message content you choose to save, any labels or structure the feature needs, and reminders you attach (similar to Case Vault reminders). If you add a manual note in the Saved messages area, we store that text and any reminder you set. Lists in the app are capped for performance (for example a recent view of up to 30 saved items and up to 30 deep-search reports). If you use Deep search reports in Profile, we store those reports and any reminder you set from a report. This lets us show your saved items and reports and deliver scheduled notifications you request. We do not use these items for marketing push messages.

• Images and documents

  The app does not include a user-facing library for stored attachments, photos, links, or documents beyond what is needed for individual chat turns (for example images you attach to a message). Those files are stored in our cloud infrastructure on DigitalOcean and used only to provide the service (including so AI tools can read them when processing your question). We may keep a short text description or extracted text for context. We aim to remove such attachments within 30 days of upload unless they remain needed for an active chat or you delete your account — see also How long we keep your data.

  For document scanning, Beacon may keep scanned page images temporarily on your device in the app cache so the current scan pile can be restored. When you tap Ask Beacon from a scan, Beacon reads text on your device and sends the recognised text to our chat service as part of that chat request; the scanned image itself is not uploaded for that Ask Beacon handoff unless you separately attach or import it as a file.

  If you use optional on-device text analysis (beta) after a scan (for example overview, key facts, deadlines, or action steps), you must be signed in to download a compact language model file to your iPhone (about 1 GB). Beacon reads text from the scan on your device and generates the result you chose on your iPhone. We do not send that recognised text or the generated analysis to our servers or to OpenAI for that feature. You can remove the downloaded model with Clear caches in Profile.

  Optional on-device scene understanding (beta) for Photo and Video capture modes (for example describe a scene, identify a subject, or read visible text) uses a separate compact vision model downloaded to your iPhone. Results are generated on your device; we do not send photos or video clips to our servers for that feature unless you separately use cloud chat or attach files there.

• Push notifications and reminders

  If you enable notifications we store a device push token so we can deliver reminders you set (for example from Case Vault, Saved messages, notes, or Deep search reports in Profile) and optional alerts for long-running tasks you start in the app (for example when a background research job completes), where the app asks for notification permission for that flow. To reduce misuse and protect reliability, we may apply limits on reminders or notification-related behaviour. We do not use push for marketing.

• Feedback

  If you rate a message (for example thumbs-up / thumbs-down where the app offers it) or send optional written feedback, we store that to improve the service. Feedback records may be retained separately from a specific chat thread.

• Map and local exploration

  For map-based exploration of Police UK street-level crime open data (published for England, Wales and Northern Ireland — see data.police.uk), when you are signed in the app sends coordinates for the centre point you choose on the map so we can return archive data for that area. You choose the calendar month for the analysis (within the range available in our archive), or latest available. Street-level incidents are counted within a fixed on-map analysis circle (150-metre radius from that centre). Population-normalised rate-style figures use ONS mid-year 2024 population stored in our database for the matched LSOA in England or Wales (Wales uses the same ONS tables as England). Crime locations can appear in Northern Ireland; population-linked area rates (ONS) are not applied there in the app — they are shown where we match a small area in England or Wales. We use this only for each request — not to track your movements over time. Colours and in-app bands are illustrative — they are not a personal safety assessment. Where there are no archive rows in the circle for your window, the app may show neutral styling that does not indicate a tier on the activity scale. The same kind of neutral presentation may apply when incidents are still plotted but we do not apply population-normalised tiers or rates for that map centre (for example Northern Ireland, or where open-data points exist without an England-and-Wales ONS match). Open data may be incomplete, delayed, aggregated, anonymised at source, or revised after publication; it is not real-time and may not reflect every incident. This feature is not intended to inform decisions about personal safety, relocation, childcare routes, travel, real-time situations, or other matters where harm could follow from error — do not use or rely on it for those purposes.

• Website (getbeacon.uk)

  Our public site hosts the marketing page and legal documents. We do not use analytics or advertising cookies on the site as it is built today (static pages, no third-party tracking scripts). When you load a page, our hosting provider may process standard technical data (such as IP address, time, and requested URL) to deliver the page and protect the service — see also Technical and logs below.

• Technical and logs

  Our infrastructure and hosting providers may generate technical logs for security, abuse prevention, and reliability (for example request timestamps, endpoints, and network identifiers such as IP address). We do not use this information for advertising or cross-site tracking. We access logs only as needed to operate and secure the service. We do not sell or rent this data.

• Local cache on your device

  The app may store local cache on your device (for example downloaded images, temporary scan files, or a downloaded on-device model used for scan overview) to improve performance. You can clear local caches from Profile using Clear caches.

3. How we use your data

We use your data to:

• Provide and run the Beacon app (chat, profile, saved messages and notes, reminders and optional task alerts, map exploration, and optional on-device scan overview).
• Personalise answers using your profile and conversation context when you leave profile personalisation enabled (one setting controls use of your situation summary and Case Vault topic context in chat).
• Operate and safeguard the service (including reliability, abuse prevention, and fixing issues). We do not use your chats or uploads to train our own machine-learning models — see AI model training below.
• Comply with legal obligations and protect our rights and users’ safety.

We do not use your data for advertising or selling to third parties.

4. Who we share data with

We work with trusted providers who process data on our behalf or as part of their own service:

• OpenAI — We use OpenAI’s API services for chat (configured to minimise retention and prevent training where available). OpenAI acts as a processor when we send your prompts and conversation context to generate replies; if the product allows image or PDF attachments in your flow, those files or text derived from them may be sent to OpenAI so the model can answer your question. On-device scan overview does not use OpenAI — see Images and documents above. OpenAI may retain and process data for a limited period for safety and abuse monitoring in accordance with their policies. Please review OpenAI’s policies for the latest detail.
• GOV.UK — For chat, we use only official GOV.UK pages as document sources for answers. We query the GOV.UK search and content APIs and may use our own index of that same GOV.UK material on Beacon servers to rank or retrieve passages; we do not supplement chat with document content from other publishers or general web sources. Retrieved pages are what answers are meant to cite. We do not send your name or email to GOV.UK.
• Police UK (data.police.uk) — Street crime layers are built from Police UK open data (Open Government Licence v3.0). Map lookups are processed on Beacon servers; your map coordinates are not sent to Police UK by us for those requests. Police UK does not receive your name or email from us for map features. We attribute where appropriate.
• Google / Apple — When you sign in, they process your sign-in. We only receive what they send us (typically an identifier; an email may or may not be included, depending on the provider and your choices).
• DigitalOcean — We host application servers, databases, and user file storage in DigitalOcean’s UK (London) region for Beacon.
• Push delivery — To send reminders and optional task-completion alerts we use the relevant push service (e.g. Apple Push Notification service).

We do not sell or rent your personal data. We may disclose data if required by law or to protect our or others’ rights and safety.

What we do not use: The Beacon iOS app does not integrate in-app advertising, AdMob, or third-party analytics / attribution SDKs such as Firebase Analytics, Google Analytics, or similar cross-app tracking tools. Sign-in uses Google and Apple only for authentication (see above), not for ads or behavioural ad tracking. The public website does not load comparable third-party analytics or ad scripts as currently built.

5. AI model training

We do not use your chat content or uploaded files to train our AI models. We do not allow OpenAI to train on your content where such controls are available in our configuration and OpenAI’s applicable terms. On-device scan overview runs locally on your iPhone; we do not receive the scan text or overview output for that feature.

If we ever introduce an optional programme to improve Beacon using user data in a way that involves model training or similar processing beyond ordinary service delivery, we will ask for explicit opt-in consent before we do so.

6. Automated processing

Beacon uses automated processing (including large language models) to draft responses to your questions. This is not the same as an automated decision that refuses or grants you a legal right or similar significant outcome (for example a benefits or immigration decision) without human involvement — Beacon does not operate in that way within the meaning of UK data protection law.

7. Legal basis (UK GDPR)

We process your data on the following bases:

• Contract — To provide the app (chat, account, profile, saved messages and notes, reminders).
• Legitimate interests — To keep the service secure, fix issues, and understand aggregate usage — without using your chats to train our own models (see above).
• Consent — Where we explicitly ask for it (e.g. optional features or marketing, if we introduce them later).

8. How long we keep your data

While your account is active, we keep chat and related data so the app can work — there is no automatic “delete every message after N days” for active accounts in the current product. Under UK GDPR, retention must be justified and proportionate; you can request erasure and we describe how we honour that below.

• Access tokens — After sign-in, the app receives a session token valid for a limited time (default server setting: 90 days; we may change this duration via server configuration). When it expires, protected features may return errors until you sign in again.
• After you delete your account — We mark the account closed and stop access to it. Self-service restoration is not available. Account-linked content may be retained for up to 90 days for safety, abuse prevention, and legal compliance, then deleted or irreversibly anonymised unless a longer retention period is required by law.
• Chat threads — The app does not offer per-chat deletion. Conversations may still be retained on our systems while your account is active (subject to the message limit per dialogue — see above). Account deletion below applies to closing your account.
• Attachments — Where uploads are available, retained as long as needed to provide the service, then deleted within 30 days unless your account is deleted sooner.
• Feedback linked to deleted chats or accounts — Feedback and related quality or safety records may be retained for up to 90 days after deletion events, then deleted or irreversibly anonymised unless legal obligations require longer retention.
• Logs — Typically up to about 30 days, depending on hosting configuration, then removed or aggregated.

We maintain retention periods by data category and review them periodically so they remain necessary and proportionate. Deleting your account closes access and cannot be undone in the app. To exercise erasure or other rights, contact us using the details below; where needed to protect against fraud or misuse, we may ask you to verify your identity before fulfilling certain requests.

9. Your rights

Under UK data protection law you have the right to: Access, Rectification, Erasure, Restrict processing, Object, and Data portability.

To exercise these rights, contact us at info@getbeacon.uk. We will respond within one month. You can also complain to the Information Commissioner’s Office (ICO) (ico.org.uk) if you are unhappy with how we handle your data.

10. Security

We use appropriate technical and organisational measures (e.g. encryption, access controls, secure storage) to protect your data. No system is completely secure; we will notify you and the ICO of serious breaches where we are required to do so.

11. International transfers

Our infrastructure is hosted on DigitalOcean in the United Kingdom (London region) where we configure it that way for Beacon.

Some providers (such as OpenAI) may process data outside the UK. Where this happens, we rely on adequacy regulations or appropriate safeguards such as Standard Contractual Clauses with the UK Addendum, as applicable to the processing.

12. Children

Beacon is for users aged 13 and over. We do not knowingly collect data from children under 13. If you believe we have done so, please contact us and we will delete it.

13. Changes to this policy

We may update this Privacy Policy from time to time. We will post the new version with an updated “Last updated” date and, for significant changes, we will notify you in the app or by email where appropriate. Beacon is free today. If we later introduce paid features or subscriptions, we will update this Policy to describe any new processing, point you to the updated documents (for example before you pay), and notify you as above — so you can review what changed.