Last updated: January 2026
This Privacy Policy explains how the Beacon Platform (“we”, “us”, or “our”) collects, uses, and protects information when you use our services.
1. Data Controller
Affective Technologies LLC [Contact Email]
For privacy-related inquiries, contact: [privacy@example.com]
Note: Replace bracketed email placeholders with your organization’s details before publishing.
2. What We Collect
2.1 Data You Provide
| Data Type | Purpose | Retention |
|---|---|---|
| WhatsApp chat exports | Generate community health summaries | Raw exports: 30 days; derived data: indefinite |
| Community metadata | Organize and label data sources | Until deleted by admin |
2.2 Automatically Collected Data
| Data Type | Purpose | Retention |
|---|---|---|
| Request logs (User-Agent, IP) | Security and debugging | Per Cloudflare defaults |
| AI usage metrics | Quota management | Indefinite |
3. How We Process Your Data
3.1 Privacy-by-Design
We apply multiple layers of privacy protection:
- Input redaction - Phone numbers, emails, and URLs are removed before AI processing
- AI guardrails - Models are instructed to never include names, quotes, or timestamps
- Output validation - All AI outputs are checked for PII patterns before storage
- Data separation - Raw data remains private; only aggregated weekly summaries are public
3.2 What We Never Show Publicly
- Names or phone numbers
- Direct message quotes
- Specific timestamps
- Group names or identifiers
- Any information that could identify individuals
3.3 What We Do Show Publicly
- Weekly aggregate summaries
- Sentiment scores and themes
- Message and participant counts (totals only)
- Date ranges (week-level only)
4. Lawful Basis
We process data based on:
- Legitimate interest - Providing community analytics services
- Consent - Where required for specific processing activities
Note: Confirm your lawful basis with legal counsel.
5. Data Sharing and Transfers
5.1 Subprocessors
| Subprocessor | Purpose | Location |
|---|---|---|
| Cloudflare | Hosting, CDN, Workers, D1, R2, AI | Global (US-based company) |
| Google Fonts | UI typography | Global |
5.2 International Transfers
Data may be processed in countries outside your jurisdiction. We rely on:
- Cloudflare’s Data Processing Addendum (DPA)
- Standard Contractual Clauses (SCCs) where applicable
6. Data Retention
| Data Category | Retention Period |
|---|---|
| Raw chat exports (R2) | 30 days or until manually deleted |
| Message hashes | Indefinite (for deduplication) |
| Daily digests | Indefinite |
| Weekly summaries | Indefinite |
Admins can delete data at any time via the /clear endpoint or admin dashboard.
7. Your Rights
Under GDPR and similar regulations, you have the right to:
| Right | How to Exercise |
|---|---|
| Access | Request a copy of your data |
| Rectification | Request correction of inaccurate data |
| Erasure | Request deletion of your data |
| Portability | Request your data in a portable format |
| Object | Object to processing based on legitimate interest |
| Complaint | Lodge a complaint with your supervisory authority |
To exercise these rights, contact: [privacy@example.com]
Note: DSAR (Data Subject Access Request) endpoints are planned. See the remediation plan for implementation status.
8. Security
We implement security measures including:
- Encryption at rest (R2, D1)
- Admin authentication via Cloudflare Access or API tokens
- Input validation and sanitization
- Regular security audits
For details, see our Security Model.
9. Children’s Data
This service is not directed at children under 13 (or 16 in the EU). We do not knowingly collect data from children. If you believe we have collected such data, contact us immediately.
10. Changes to This Policy
We may update this policy periodically. Material changes will be communicated via:
- Update to the “Last updated” date
- Notice on the platform (where appropriate)
11. Contact Us
For questions about this Privacy Policy:
[ORGANIZATION NAME] Email: [privacy@example.com] Address: [Your Address]
Legal Review Required: This is a draft template. Have legal counsel review before publishing.