Privacy Policy

Last Updated: January 12, 2026

We at [Insert Company Name] ("we," "us," or "our") take the protection of your personal data very seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our SaaS platform beamio (the "Service").

We process personal data in accordance with the General Data Protection Regulation (GDPR) and the German Federal Data Protection Act (BDSG).

1. Controller

Responsible for data processing within the meaning of the GDPR is:

[Insert Company Name]

[Insert Street Address]

[Insert City, Zip Code]

Germany

Email: [Insert Privacy Email]

2. Data We Collect

  • Account Data: Name, email address, password (encrypted), and profile settings.
  • Usage Data: Log files, IP addresses, device information, and interaction data within the app.
  • Content Data: LinkedIn posts, drafts, and media you create or upload.
  • AI Knowledge Data: Information you provide to our "Knowledge Agent" to build your content persona (stored pseudonymized linked to your User ID).
  • LinkedIn Data: OAuth tokens (to publish posts on your behalf), profile name, and picture.
  • Payment Data: Credit card information (processed directly by Stripe; we do not store full card numbers).

3. Purposes and Legal Basis

We process your data for the following purposes:

  • To provide the Service (Art. 6(1)(b) GDPR): Creating accounts, scheduling posts, generating content.
  • Payment Processing (Art. 6(1)(b) GDPR): Managing subscriptions via Stripe.
  • Security & Improvements (Art. 6(1)(f) GDPR): Detecting fraud, fixing bugs, and improving platform stability.
  • AI Content Generation (Art. 6(1)(b) GDPR): Using your inputs to generate requested LinkedIn posts.

4. Hosting and Data Security

We prioritize EU-based hosting to ensure maximum data protection:

  • Database & Backend: Hosted by Supabase in Frankfurt (Germany).
  • AI Workflows: Hosted by n8n on Hetzner Cloud in Germany.
  • AI Models: Provided by Azure OpenAI in Sweden Central (EU).

We use industry-standard encryption (SSL/TLS) for data transmission and secure storage for sensitive data like tokens.

5. Service Providers (Processors)

We share data with selected third-party providers to operate our Service. We have concluded Data Processing Agreements (DPA/AVV) with these providers:

ProviderServiceLocationSafeguard
SupabaseDatabase & AuthGermany (EU)DPA
HetznerHosting (n8n)Germany (EU)DPA
Microsoft AzureAI ModelsSweden (EU)DPA
StripePaymentsUSA/GlobalDPA + SCCs
Late.devLinkedIn APIGlobalDPA
MailgunEmail DeliveryUSA/EUDPA

6. AI Features (Knowledge Agent)

Our "Knowledge Agent" uses artificial intelligence to help you write content. Input data is processed by workflows hosted on Hetzner (DE) and sent to Azure OpenAI (Sweden). We do not use your data to train public AI models (like ChatGPT). Your data remains isolated within our infrastructure.

7. International Data Transfers

While our core infrastructure is in the EU, some services (like Stripe or Mailgun) may process data in the USA. In these cases, we rely on the EU-US Data Privacy Framework (DPF) or Standard Contractual Clauses (SCCs) to ensure an adequate level of data protection.

8. Cookies and Local Storage

We only use essential technologies necessary for the operation of the website:

  • Supabase Auth: To keep you logged in (`sb-access-token`).
  • Stripe: For fraud detection and payment security.

We do not use third-party tracking cookies (like Google Analytics) without your explicit consent.

9. Your Rights

Under the GDPR, you have the right to Access, Correct, Delete ("Right to be forgotten"), Restrict processing, Data Portability, and Object to processing.

To exercise these rights, please contact us at the email provided in Section 1.