Privacy Policy

Last updated: January 1, 2026

BeaconMetric is built on a simple principle: you can measure what matters without tracking who visits. This privacy policy explains what data we collect, how we use it, and your rights.

What data we collect

When a visitor loads a page with the BeaconMetric script, we collect the following non-personal, aggregated data:

• Page URL and referrer URL
• Browser name and version (derived from the User-Agent header)
• Device type (desktop, mobile, tablet)
• Country-level geolocation (derived from the IP address, which is discarded immediately after lookup)
• Core Web Vitals metrics (LCP, CLS, INP, TTFB, FCP)
• Custom events sent via the BeaconMetric SDK (event name and properties only)

What we do NOT collect

• Cookies of any kind
• IP addresses (discarded after country lookup, never stored)
• Browser fingerprints
• Personal identifiers (names, emails, user IDs)
• Cross-site tracking data

How we use this data

The aggregated, non-personal data is used solely to generate website analytics reports for our customers. We do not sell, share, or transfer this data to third parties. We do not use this data for advertising, profiling, or any purpose other than providing the BeaconMetric service.

GDPR compliance

Because BeaconMetric does not collect personal data or use cookies, no consent banner is required under GDPR. However, we fully support the rights of EU residents:

• Right to access: You may request a copy of any data associated with your visit. Because we don't collect personal identifiers, this data is anonymous and cannot be linked to you.
• Right to erasure: You may request deletion of data. Contact us at [email protected].
• Right to portability: You may request your data in a machine-readable format.

CCPA compliance

BeaconMetric does not sell personal information. California residents may contact us at [email protected] for any data-related requests.

Data retention

Aggregated analytics data is retained according to your plan's data retention period (7 days for Free, 90 days for Pro, 1 year for Business). After expiration, data is permanently deleted.

Data security

All data is transmitted over HTTPS. Our servers are hosted in SOC 2 compliant data centers. Access to production systems is restricted to authorized personnel with multi-factor authentication.

Changes to this policy

We may update this policy from time to time. Material changes will be announced on our blog and via email to registered customers. Continued use of the service after changes constitutes acceptance.

Contact

For privacy-related inquiries, contact us at [email protected].