Privacy Policy

Beacon Blocker collects minimal information necessary to provide our service:

Data Stored in Our Database: Login credentials (email, securely hashed password), your AI prompts and preset names (encrypted at rest), blocking preferences (categories, allow/block lists), accountability contact details (name and email, encrypted with AES-256-GCM), email preferences, engagement events (e.g. pause/unpause activity), and bug reports you submit (optional).

Data Sent to Our Servers for AI Analysis: URLs you visit, page titles, metadata, and brief page descriptions. This data is encrypted in your browser (AES-256-GCM) before being sent to our server, where it is decrypted only for AI analysis. It is processed in real-time and immediately discarded — it is never stored on our servers. To protect your financial privacy, Beacon Blocker does not inject into or analyze content from banking and payment sites (e.g., Stripe, Chase, Bank of America, Wells Fargo, American Express). This is enforced at the extension level — no page data from these domains is ever sent to our servers.

Payment Information: Subscription and billing data is handled entirely by Stripe. We do not store credit card numbers or bank details. We only store your Stripe customer ID and subscription status.

Promo Code Redemptions: If you redeem a promotional code, we store the redemption record (code used and timestamp) for fraud prevention and audit purposes.

Anonymous Analytics: We collect anonymous usage data to improve the service. This includes: conversion events (e.g. signup, checkout) stored with a one-way hash of your user ID that cannot be reversed; aggregate token usage and estimated AI costs per request; blocking decisions by category (domain only, not full URLs); and response times. We also log failed login and signup attempts using one-way hashes of email addresses and IP addresses to detect abuse patterns — neither the original email nor the IP address is stored.

Weekly Usage Reports: If you opt in (enabled by default, opt-out available), we aggregate your blocking activity into weekly statistics including blocks by category, top blocked domains, and estimated time saved. This data is used to generate your personalized weekly email report and is deleted after aggregation. You can disable this from your dashboard settings.

Stored Locally Only (Never Sent to Servers): Your block history, extension settings and theme preferences, and authentication tokens.

We do NOT collect: Your complete browsing history, form data or passwords you enter on websites, or any data for advertising or tracking purposes. We do not use any third-party analytics or tracking services (such as Google Analytics, Mixpanel, or similar). All analytics are handled by our own infrastructure.

AI Analysis: When you visit a webpage, the extension encrypts the page's URL, title, and description using AES-256-GCM before sending it to our server. The data is decrypted only for AI analysis to determine if the page matches your blocking criteria. The decision is returned immediately and the page data is immediately discarded — it is never stored.

Your Prompts & Settings: Your custom AI prompts and blocking preferences are encrypted and stored in our database, allowing you to sync settings across devices.

Block History: Your history of blocked pages is stored locally on your device only. This data never leaves your browser and you can clear it at any time.

Accountability Contacts: If you use the accountability feature, your contact's name and email are encrypted with AES-256-GCM (keyed per user) before storage. Contacts receive email notifications related to unlock requests and may approve or deny them.

Anonymous Analytics Processing: Usage data is anonymized using a one-way hash before storage — your user ID is replaced with a 16-character hash that cannot be reversed. We aggregate this data monthly to understand service costs and usage patterns in aggregate. Conversion events (signup, checkout completion) are tracked to help us identify where users encounter problems in the sign-up flow. Auth failure logs use separate one-way hashes of email addresses and IP addresses to detect patterns such as brute-force attempts, without storing the original values. Requests to infrastructure and system domains (e.g., payment processors, hosting services) are excluded from analytics tracking entirely.

Email Communications: We may send transactional emails related to accountability features, weekly usage reports (if opted in), and account-related notifications. Weekly reports include your blocking statistics, top blocked domains, estimated time saved, and how your usage compares to other users (percentile rank). You can manage email preferences from your dashboard.

Caching: AI decisions are cached locally until you change your rules or settings, reducing server requests significantly.

We implement industry-standard security measures:

Encryption in Transit: All data sent to our servers uses HTTPS encryption.

Encryption at Rest: Your prompts, settings, and accountability contact details are encrypted in our database. Accountability contacts use AES-256-GCM encryption keyed per user via PBKDF2.

Secure Authentication: We use Supabase for authentication with industry-standard practices.

Payment Security: All payment processing is handled by Stripe, a PCI-DSS Level 1 certified provider. We never access or store your full payment details.

Minimal Data Retention: Page data sent for AI analysis is processed immediately and not stored.

Secure Infrastructure: Our backend runs on secure cloud infrastructure (Render, Supabase).

Third-Party Services: Google Gemini AI (for content analysis - no user data stored by Google), Supabase (database and authentication), Stripe (payment processing), Resend (transactional emails). No advertising or tracking services.

You have complete control over your data:

Access: View your stored prompts and settings in the dashboard

Deletion: Delete your account and all associated data at any time from Settings. This permanently removes all server-side data including your email, subscription, accountability contacts, unlock requests, weekly stats, email preferences, engagement events, and referral history. A one-way hash of your email (not the email itself) is retained solely to prevent free trial abuse (see Data Retention).

Local Data: Clear your local block history anytime from the extension

Export: Your settings can be copied as presets

Email Preferences: Manage your email communication preferences from the dashboard

Note: This service is not currently GDPR compliant.

Server Data: Account data retained while your account is active. Prompts and settings retained until you delete them or your account. Page data for AI analysis is NOT retained (processed in real-time only).

Local Data: Block history retained until you clear it or uninstall the extension. Cached decisions persist until you change your rules.

Usage Analytics: Anonymized per-request usage data (with one-way hashed identifiers) is automatically deleted after 90 days. Monthly cost aggregations (also anonymous) are retained indefinitely for business planning. Conversion funnel events (anonymous) are automatically deleted after 180 days. Auth failure logs are automatically deleted after 30 days. None of this data can be linked back to your account.

Weekly Report Data: Blocking activity used for weekly reports is aggregated into weekly statistics and then deleted. The aggregated statistics (blocks by category, top domains, time saved) are retained to power your weekly emails and dashboard insights.

Account Deletion: When you delete your account, all personally identifiable server-side data is permanently removed, including your subscription, contacts, unlock requests, stats, preferences, and engagement history. Anonymous analytics data (which cannot be linked to you) may persist until its scheduled deletion.

Trial Abuse Prevention: To prevent abuse of our free trial system, we retain a one-way cryptographic hash (SHA-256) of your email address after account deletion. This hash cannot be reversed to recover your email. It is used solely to determine trial eligibility if you create a new account and is not used for marketing, shared with third parties, or linked to any other data.

If you have any questions about this Privacy Policy or our data practices, please contact us:

Email: support@beaconblocker.com

Response Time: We aim to respond to all privacy-related inquiries within 48 hours.

Updates to This Policy:

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last Updated" date.