Privacy Policy

1. Introduction

Welcome to Beams Media, operated by StrataFi Digital LLC ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, retain, and protect information when you access or use our social media management platform, including the website at beamsmedia.com and all related services, applications, and tools (collectively, the "Platform").

By accessing or using the Platform, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree to this Privacy Policy, you must not access or use the Platform.

2. Information We Collect

The types of information we collect depend on how you use the Platform. We collect information in the following categories:

2.1 Information You Provide Directly

• Account Information: Email address, display name, and password (managed through Firebase Authentication) when you create an account.
• Organization & Workspace Data: Workspace names, team member details, roles (owner, admin, member, viewer), and team invitations.
• Content You Create: Posts, captions, media files (images, videos, carousels, reels, stories), scheduled content, drafts, and any content you compose using our Platform.
• Brand Kit Settings: Brand voice and tone preferences, visual identity settings, and content rules you configure.
• AI Interactions: Prompts, instructions, and inputs you provide to our AI-powered features (caption generation, content analysis, copilot chat, video analysis).
• Communications: Messages, feedback, support requests, and any other communications you send to us.

2.2 Information Collected Through Third-Party Platform Connections

When you connect social media accounts or third-party services to the Platform, we collect:

• Social Media OAuth Tokens: Encrypted access tokens and refresh tokens for Meta (Facebook and Instagram), TikTok, Twitter/X, Reddit, YouTube, and Google Business Profile. These tokens are encrypted at rest before storage.
• Social Media Account Information: Account IDs, page IDs, profile names, and profile metadata necessary to publish content and retrieve analytics on your behalf.
• Analytics Data: Engagement metrics, follower counts, post performance data (likes, comments, shares, impressions, reach), audience demographics, and growth metrics retrieved from connected platforms.
• Competitor Data: Publicly available metrics and content data for competitor accounts you choose to track.

2.3 Information Collected Automatically

• Device & Browser Information: IP address, browser type and version, operating system, device type, screen resolution, and language preferences.
• Usage Data: Pages visited, features used, actions taken within the Platform, timestamps, referring URLs, and session duration.
• Cookies and Similar Technologies: We use cookies, local storage, and similar tracking technologies to maintain sessions, remember preferences, and analyze usage patterns. See Section 9 (Cookies) for details.
• Log Data: Server logs that record requests made to the Platform, including IP addresses, timestamps, request URLs, and response codes.

2.4 Information from Third-Party Services

• Payment Information: When you subscribe to a paid plan, payment processing is handled entirely by Stripe, Inc. We receive subscription status, plan tier, billing cycle information, and transaction confirmations from Stripe. We do not store your credit card numbers, bank account details, or full payment credentials on our servers.
• Authentication Providers: If you authenticate through third-party providers, we receive the information authorized by those providers (typically email address and display name).

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Platform

• Creating and managing your account and workspace.
• Publishing, scheduling, and managing content across your connected social media platforms.
• Retrieving and displaying analytics, insights, and performance metrics.
• Processing AI-assisted content generation, analysis, and recommendations.
• Managing social listening, keyword monitoring, and sentiment analysis features.
• Processing and fulfilling subscription payments and billing.
• Sending transactional emails (account verification, password resets, billing notifications, scheduled post confirmations).

3.2 Improving and Developing the Platform

• Analyzing usage patterns to improve existing features and develop new ones.
• Monitoring Platform performance, stability, and uptime.
• Identifying and fixing bugs, errors, and technical issues.
• Conducting internal analytics and research to enhance user experience.

3.3 Safety and Security

• Detecting, preventing, and responding to fraud, unauthorized access, and other malicious activity.
• Enforcing our Terms and Conditions and other applicable policies.
• Protecting the rights, property, and safety of our users and the public.
• Implementing and maintaining security measures including encryption, access controls, and audit logging.

3.4 Communications

• Responding to your support requests and inquiries.
• Sending service-related announcements (e.g., maintenance windows, feature updates, policy changes).
• With your consent, sending marketing or promotional communications. You may opt out of marketing communications at any time.

3.5 Legal and Compliance

• Complying with applicable laws, regulations, legal processes, and government requests.
• Establishing, exercising, or defending legal claims.
• Enforcing our agreements and resolving disputes.

4. How We Share Your Information

We do not sell your personal information. We share information only in the following circumstances:

4.1 Third-Party Service Providers

We share information with third-party service providers who perform services on our behalf, subject to contractual obligations to protect your information:

4.2 AI Service Providers — Special Notice

When you use AI-powered features (caption generation, content analysis, copilot chat, video analysis), your inputs are transmitted to third-party AI providers (currently OpenAI and Google Gemini). While we take steps to minimize personally identifiable information in AI requests, content you submit for AI processing may contain information you have chosen to include. You should not include sensitive personal information, credentials, or confidential data in AI prompts or content submitted for AI analysis.

AI service providers may process your data according to their own privacy policies, which we encourage you to review:

• OpenAI: https://openai.com/privacy
• Google: https://policies.google.com/privacy

4.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to: comply with legal obligations or valid legal process; protect and defend our rights or property; prevent fraud or protect against security threats; or protect the personal safety of users or the public.

4.4 Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, asset sale, or similar business transaction, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on the Platform of any change in ownership or uses of your information, as well as any choices you may have regarding your information.

4.5 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

5. Data Security

We implement technical, administrative, and organizational security measures designed to protect your information, including:

• Encryption at Rest: Social media OAuth tokens are encrypted using industry-standard cryptographic methods before storage.
• Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS/HTTPS.
• Access Controls: Role-based access controls within workspaces, with administrative custom claims and Firestore security rules.
• Infrastructure Security: Hosted on Google Cloud Platform with security headers (Content Security Policy, HSTS), and infrastructure managed through Terraform.
• Secret Management: API keys and sensitive credentials are stored in Google Secret Manager, not in application code or databases.

6. Data Retention

We retain your information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specifically:

• Account Information: Retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations and resolve disputes.
• Content and Posts: Retained for the duration of your account. Deleted content may persist in backups for up to 30 days.
• Analytics Data: Retained for the duration of your account. Historical analytics may be aggregated and anonymized for internal analysis.
• Payment Records: Retained as required by applicable tax and financial regulations (typically 7 years).
• Log Data: Retained for up to 12 months for security and troubleshooting purposes.
• Social Media Tokens: Retained while your social media accounts remain connected. Tokens are deleted upon disconnection or account deletion.

When you delete your account, we will delete or anonymize your personal information within 90 days, except as required by law or as described above.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

7.1 Access and Portability

You have the right to request a copy of the personal information we hold about you in a structured, commonly used, and machine-readable format.

7.2 Correction

You have the right to request correction of inaccurate or incomplete personal information.

7.3 Deletion

You have the right to request deletion of your personal information, subject to certain legal exceptions (e.g., compliance with legal obligations, exercising legal claims).

7.4 Restriction and Objection

You may request that we restrict processing of your personal information or object to processing based on legitimate interests.

7.5 Withdraw Consent

Where processing is based on consent, you may withdraw your consent at any time without affecting the lawfulness of processing conducted prior to withdrawal.

7.6 Account Controls

Within the Platform, you can:

• Update your account and profile information.
• Connect or disconnect social media accounts (which revokes stored tokens).
• Manage workspace members and permissions.
• Delete your account.

7.7 How to Exercise Your Rights

To exercise any of these rights, please contact us at the email address provided in Section 13 (Contact Us). We will respond to your request within 30 days, or as required by applicable law. We may need to verify your identity before processing your request.

8. Children's Privacy

The Platform is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

9. Cookies and Tracking Technologies

We use cookies and similar technologies for the following purposes:

• Essential Cookies: Required for the Platform to function (e.g., authentication session cookies, security tokens). These cannot be disabled.
• Functional Cookies: Remember your preferences and settings (e.g., selected workspace, display preferences).
• Analytics Cookies: Help us understand how the Platform is used, which features are popular, and where users encounter issues.

You can manage cookie preferences through your browser settings. Note that disabling certain cookies may impair Platform functionality.

10. International Data Transfers

The Platform is hosted on Google Cloud Platform infrastructure. Your information may be transferred to and processed in jurisdictions outside your country of residence, including the United States. By using the Platform, you consent to the transfer of your information to these jurisdictions, which may have data protection laws that differ from those of your country.

11. Third-Party Links and Services

The Platform may contain links to third-party websites, applications, or services. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through or in connection with the Platform. We are not responsible for the privacy practices or content of third-party services.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. The "Last Updated" date at the top of this policy indicates when the most recent revisions were made. Material changes will be communicated via email to the address associated with your account or through a prominent notice on the Platform. Your continued use of the Platform after the effective date of any updated Privacy Policy constitutes your acceptance of the changes. Given that the Platform is under continuous active development, we strongly recommend reviewing this Privacy Policy periodically.

13. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

StrataFi Digital LLC (d/b/a Beams Media)
Email: info@stratafidigital.com

14. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including:

• The right to know what personal information we collect, use, disclose, and sell.
• The right to request deletion of your personal information.
• The right to opt out of the sale or sharing of your personal information. We do not sell personal information.
• The right to non-discrimination for exercising your privacy rights.

To exercise these rights, contact us using the information in Section 13.

15. European Economic Area, United Kingdom, and Switzerland (GDPR)

If you are located in the EEA, UK, or Switzerland, we process your personal information on the following legal bases:

• Performance of a Contract: Processing necessary to provide the Platform and fulfill our obligations under the Terms and Conditions.
• Legitimate Interests: Processing for our legitimate business interests (e.g., improving the Platform, ensuring security) where those interests are not overridden by your rights.
• Consent: Processing based on your explicit consent (e.g., marketing communications, optional analytics).
• Legal Obligation: Processing necessary to comply with applicable law.

You have additional rights under the GDPR, including the right to lodge a complaint with your local data protection authority.