Privacy Policy


About

Last updated 25.5.2018

The General Data Protection Regulation (GDPR) is European Union legislation to strengthen and unify data protection laws for all individuals within the European Union. The regulation becomes effective and enforceable on May 25, 2018.

As an EU business, founded and run by EU (German) citizens, but also as people who value privacy, we are fully committed to being compliant with GDPR. This page lays out our commitment to data protection and makes transparent what data we store about our users.

We're not in the business of selling your personal data. We believe that storing personal data is a liability and only store the minimum required to do our job.

This document will explain how info-beamer.com and other info-beamer related online properties (called 'service' in the following text) handle your data. If you have any questions, don't hesitate to contact us.

Unregistered users of our service

This section describes how our service collects data if you just visit our service as an unauthenticated users without an info-beamer account.

Information gathered by us

Our services my use cookies in order to provide a better service to you. Cookies are saved by your browser and allow us to assign a unique identification to that browser. Unless you want to log into our service, all of our service is functional without cookies. You may delete our cookie yourself through your browser's cookie manager.

  • We use our cookie to (for example) redirect you to the appropriate page after you log in.
  • We don't store any personal information directly in the browser cookie data nor the server side data.
  • If you log into our service, we have to store your user ID on the server side.
  • You can either delete our cookie yourself or wait until it expires on its own (usually after two weeks).

Access Log

If you visit our service, we store some information of the sort that web browsers and servers typically make available, such as the your IP address, browser type, referring site, and the date and time of each request.

  • We use this information to help debug problems or detect and prevent abuse.
  • We never sell, share or otherwise make this information available to any outside party. It's only used internally to improve our service.
  • We completely remove these log files after four weeks.

Other data processors we use

Google Analytics

We submit some web analytics data to Google Analytics in the background. Previously we included Google Analytics as a JavaScript snippet into our page directly but this prevented us from tightly controlling which data we want to share. Instead we now explicitly submit only the minimum required information to gain insight into what our website visitors are doing: The Url of the requested as well as the referring website, an anonymized client id and your IP request with the last octet replaced by a 0. The submitted information is stripped of all personally identifying information and still allows us do some web analytics without compromising your privacy.

  • We use this information to see how our service is found around the web and how it is used over time. This helps use find areas where we might optimize.
  • We don't share any personally identifying information with Google Analytics. Only anonymized data.

Cloudflare

Some of the content of our website is delivered with the help of the CloudFlare content delivery service. We use it to ensure that our service is as fast as possible, regardless from where your visiting our service. CloudFlare is only used for domains within our service that don't handle personal data. Right now that's mainly `cdn.infobeamer.com`, the domain that, for example, served you all the images on this web page.

  • We use this service to make our website faster.
  • We don't use CloudFlare for requests that contain any personally identifying information. We only use it to serve JavaScript, images and asset thumbnails.

FastMail

We use FastMail as our mail service provider. If you send us mail, it will be handled and stored on their servers.

  • We don't want to run our own mail server as that's a huge effort. So we chose FastMail.
  • We are legaly required to keep certain emails.

Users of the info-beamer hosted service

Information gathered by us

User information

If you sign up to our service, we collect your email address and password. The password is hashed with a strong hashing function (bcrypt) and never stored in plain text. We do not request any other personally identifying information.

All other information stored is easily visible on our service web site: We store the packages you've imported, all assets you uploaded, playlists and setups you created as well as devices you assigned to your account. You are in complete control and can delete this data at any time.

  • We might retain your information after you delete it in automated backups we create. These backups are stored encrypted for up to 90 days.
  • Right now there is no automated process to delete your user account. If you want to completely close your account, please get contact with support.
  • Similarly if you want to retrieve all data stored in your account, also contact our support.

Invoicing

Regardless of how you make a purchase on our service, we are legally required to store invoice information associated with your account. You can always see all stored invoices at https://info-beamer.com/shop/purchases.

  • We are legally required to store this information.
  • We share this information with our accountants and other official tax authorities.

Other data processors we use

Compute

We directly operate multiple servers for our service. They handle your uploaded data, run the database required for our services, served your this website and more. All of them are located in the EU. At the moment all of them are located in a data center in Amsterdam operated by DigitalOcean.

  • We follow best practices operating our servers to be as secure as possible.

Emails

We occasionally send you emails like the welcome email or a password recovery email. We use a third party for email delivery as this greatly improves the delivery rate compared to sending email directly from our servers. We use mailgun for that.

  • We need a reliable way to sent emails to you.
  • Sent emails and associated logs are deleted from their service after 2 days.
  • If there is a problem delivering an email, the address might be saved to prevent sending further emails to the same address in the future.

Learn more about mailgun and their privacy policy:

Data storage

If you upload data to our service, like images and videos, we store them for you. We're using two different service providers for that: Amazon S3 as the primary storage location as well as Google Storage for backups. All data sent and received from these services always uses encrypted connections. All data is stored in the EU.

  • We use this services to safely and reliably store your content and to deliver it to your devices.
  • We only store data you submit to us either by uploading content to the service or by applying a configuration to a setup you create.
  • If you delete the last remaining copy of a file or remove a setup it will be deleted from those services after approximately 7 days. Note that due to aggressive caching, it might be possible that some of the deleted content is accessible longer than that.
  • Data (e.g. images/videos/fonts) and configuration options are still cached on your devices if they have been previously used by them. They can't be automatically deleted remotely. You can learn more about device security and how that might relate to data privacy here.

Learn more about the used services and their privacy policies:

Payment processing

We use stripe.com for credit card payment processing. During checkout you are required to provide your credit card information. We never store or even receive your credit card information on our servers. Instead it is securely handled by stripe. If you make a payment, stripe.com receives your credit card information, your email address and the amount charged. Stripe can't see what you paid for, only the total amount.

  • Since we can't handle credit card payment on our own, we have to rely on a third party. We believe stripe.com is a trustworthy partner.
  • We only submit the minimum information required for a successful payment. No other information is shared.

Learn more about stripe and their privacy policy:

Changes and updates

We may update this privacy policy from time to time. If we modify the Policy, we will make it available through the Service, and indicate the date of the latest revision.

Summary

We believe that we're doing our best to provide you a great service without invading your privacy. Our business model doesn't involve collecting or selling your personal information so we try to keep only the information we need to provide our service. Your trust is important to use and we try to be as transparent as possible with how we handle your data.

If you want us to correct or remove your personal information or account, we'll of course assist you in that, just like we did before this policy got updated.

Please contact us if you have questions about the use of our service or your data.