Last updated 24.8.2023 (See changes)
The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation becomes effective and enforceable on May 25, 2018.
As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR. This page lays out our commitment to data protection and makes transparent what data we store about our users.
We're not in the business of selling your personal data. We believe that storing personal data is a liability and only store the minimum required to do our job.
This document will explain how info-beamer.com and other info-beamer related online properties (called 'service' in the following text) handle your data. If you have any questions, don't hesitate to contact us.
Unregistered users of our service
This section describes how our service collects data if you just visit our service as an unauthenticated users without an info-beamer account.
Information gathered by us
- We use our cookie to (for example) redirect you to the appropriate page after you log in.
- We don't store any personal information directly in the browser cookie data nor the server side data.
- If you log into our service, we have to store your user ID on the server side.
- You can either delete our cookie yourself or wait until it expires on its own (usually after two weeks).
If you visit our service, we store some information of the sort that web browsers and servers typically make available, such as the your IP address, browser type, referring site, and the date and time of each request.
- We use this information to help debug problems or detect and prevent abuse.
- We never sell, share or otherwise make this information available to any outside party. It's only used internally to improve our service.
- We completely remove these log files after four weeks.
Other data processors we use
Some of the content of our website is delivered with the help of the Cloudflare content delivery service. We use it to ensure that our service is as fast as possible, regardless from where your visiting our service. Cloudflare is only used for domains within our service that don't handle personal data. Right now that's mainly `cdn.infobeamer.com`, the domain that, for example, served you all the images on this web page.
- We use this service to make our website faster.
We use FastMail as our mail service provider. If you send us mail, it will be handled and stored on their servers.
- We don't want to run our own mail server as that's a huge effort. So we chose FastMail.
- We are legaly required to keep certain emails.
Users of the info-beamer hosted service
Information gathered by us
If you sign up to our service, we collect your email address and password. The password is hashed with a strong hashing function (bcrypt) and never stored in plain text. We do not request any other personally identifying information.
All other information stored is easily visible on our service web site: We store the packages you've imported, all assets you uploaded and setups you created as well as devices you assigned to your account. You are in complete control and can delete this data at any time.
- We might retain your information after you delete it in automated backups we create. These backups are stored encrypted for up to 90 days.
- Right now there is no automated process to delete your user account. If you want to completely close your account, please get contact with support.
- Similarly if you want to retrieve all data stored in your account, also contact our support.
Regardless of how you make a purchase on our service, we are legally required to store invoice information associated with your account. You can always see all stored invoices at https://info-beamer.com/shop/purchases.
- We are legally required to store this information.
- We share this information with our accountants and other official tax authorities.
- For address suggestions we use the Google Geolocation Service.
Learn more about the privacy policies here:
Other data processors we use
A device you operate needs to reach out to external service unless you explicitly provide your own configuration settings to overwrite these default services.
If no DNS service is provided by your local network and no manual DNS configuration exists, the DNS server 188.8.131.52, operated by Cloudflare is used.
Similarly if no NTP server is provided or configured, the server time.cloudflare.com, operated by Cloudflare is used.
We directly operate multiple servers for our service. They handle your uploaded data, run the database required for our services, served your this website and more. All of them are located in the EU. At the moment all of them are located in a data center in Amsterdam operated by DigitalOcean.
- We follow best practices operating our servers to be as secure as possible.
We occasionally send you emails like the welcome email or a password recovery email. We use a third party for email delivery as this greatly improves the delivery rate compared to sending email directly from our servers. We use mailgun for that.
- We need a reliable way to send emails to you.
- Sent emails and associated logs are deleted from their service after 2 days.
- If there is a problem delivering an email, the address might be saved to prevent sending further emails to the same address in the future.
If you upload data to our service, like images and videos, we store them for you. We're using two different service providers for that: Amazon S3 as the primary storage location as well as Google Storage for backups. All data sent and received from these services always uses encrypted connections. All data is stored in the EU.
- We use this services to safely and reliably store your content and to deliver it to your devices.
- We only store data you submit to us either by uploading content to the service or by applying a configuration to a setup you create.
- If you delete the last remaining copy of a file or remove a setup it will be deleted from those services after approximately 7 days. Note that due to aggressive caching, it might be possible that some of the deleted content is accessible longer than that.
- Data (e.g. images/videos/fonts) and configuration options are still cached on your devices if they have been previously used by them. They can't be automatically deleted remotely. You can learn more about device security and how that might relate to data privacy here.
Learn more about the used services and their privacy policies:
We handle payment processing depending on user location using one of Stripe or Paddle.
We use stripe.com for credit card payment processing. During checkout you are required to provide your credit card information. We never store or even receive your credit card information on our servers. Instead it is securely handled by stripe. If you make a payment, stripe.com receives your credit card information, your email address and the amount charged. Stripe can't see what you paid for, only the total amount.
- Since we can't handle credit card payment on our own, we have to rely on a third party. We believe stripe.com is a trustworthy partner.
- We only submit the minimum information required for a successful payment. No other information is shared.
Paddle.com Market Limited
We offer you to automatically locate your devices and show their location on a map. By default the shown device location is based on their public IP address. You can optionally query a "precise device location". In that case the device provides a list MAC addresses of nearby WiFi networks with all networks ending in _nomap removed. This list is then sent to the Google Geolocation Service to get a location.
The request to the geolocation API is made from our servers and doesn't include any information about the querying user account. If you remove the precise geolocation again using the provided "delete button" we remove the saved coordinates and show you the location based on the device IP.
The map on the device page itself is rendered using the tile servers from openstreetmap.org. Embedding such a map results in your browser querying their tile servers. Such queries don't contain any personal information, only your IP address.
- We cannot provide you a precise geolocation of your devices without using an external API.
- We can't provide our own tile servers and chose to use the Openstreetmap tile servers for that.
- This feature is opt-in. By default we don't query a geolocation and you explicitly have to request it on the device detail page for each device or through the API.
Learn more about the privacy policies here:
- Google Maps/Google Earth Additional Terms of Service
Changes and updates
We believe that we're doing our best to provide you a great service without invading your privacy. Our business model doesn't involve collecting or selling your personal information so we try to keep only the information we need to provide our service. Your trust is important to use and we try to be as transparent as possible with how we handle your data.
If you want us to correct or remove your personal information or account, we'll of course assist you in that, just like we did before this policy got updated.
Please contact us if you have questions about the use of our service or your data.
26.6.2018 - Added the "Device geolocation" section to make it transparent how new and opt-in device geolocation feature works and how we get a precise location.
14.6.2021 - Added Google location service usage for verifying invoice addresses.
09.8.2021 - Added Paddle.com as payment processor.
20.2.2023 - Added information about services potentially accessed by your devices.
24.8.2023 - Removed the use of server-side only Google Analytics click logging.