Privacy Policy

Effective 2026-06-09

1. What this document is

This page tells you exactly what beam485 — operated by Defensible Logic, Inc. — records about you and your sessions, what it doesn't, who controls it, and for how long. It's intentionally short and concrete. For the formal terms of use, see our Terms of Service.

2. We record your sessions — read this first

beam485 relays serial ports over the internet. By default, every live session is recorded: the full bidirectional byte stream (what the device sends and what drivers type back), plus arbitration and participant events and microsecond timestamps. This recording is the core of the product — it's what makes a session replayable and analyzable later.

  • A visible "recording" indicator is shown to everyone in a session, so no participant is recorded without notice.
  • The device owner controls it: recording can be turned off per device (its sessions then aren't recorded), and the owner can permanently delete any recording of a device they own.
  • If you connect a serial port (as a "source"), you are responsible for having the right to relay and record that device's traffic — see the Terms.

3. What we store

If you register an account, we keep:

  • your email address (used for the magic-link sign-in and transactional notices);
  • if you set an optional password, a bcrypt hash of it — we never see or store the password itself;
  • your organization membership and role;
  • the drive links and per-device source secrets you mint, stored as salted hashes of the secret (the raw value is shown once, at creation).

For devices and sessions, we keep:

  • the device name/key, which org (if any) owns it, and session timestamps + stats;
  • the session recording itself (section 2), stored on our server's disk as a lossless byte-exact log.

For every page you view on the web app, our first-party analytics records:

  • the URL path, status code, and response time, plus the referrer if your browser sends one;
  • your user-agent and coarse geolocation (country/region, if a MaxMind database is configured); we do not store your IP address — it is mixed with your user-agent, the date, and a secret salt into a daily-rotating hash, then discarded;
  • no third-party cookies, no Google/ad-network telemetry.

Your client IP is used transiently for abuse handling and rate limiting and is mixed into the analytics hash, but it is not stored in raw form.

4. What we don't store

We don't sell data to anyone, run third-party trackers, or store raw IP addresses. We don't take payment details (beam485 has no paid plans at this time). Outside of the session recording described in section 2 — which is the explicit purpose of the service and is owner-controlled — we don't inspect, index, or mine your data for any other purpose.

5. How long we keep it

  • Recordings of a claimed device (one owned by an org): kept as part of that org's corpus until the owner deletes them or the device is removed.
  • Recordings of an unclaimed device: held in a quarantine, not shown to any other tenant, and automatically deleted after 7 days (configurable) unless someone claims the device first — in which case they become the owner's, and the owner can delete them.
  • Page-view analytics: 90 days, then permanently deleted.
  • Account data: kept as long as your account exists. To delete your account and associated data, email us (section 8).

6. Who we share it with

  • SMTP provider — handles outgoing mail (magic links, notices). Your email passes through their servers as the envelope destination.
  • MaxMind — geolocation is resolved locally against a downloaded database; no requests leave our infrastructure.
  • Nobody else. No advertising networks, no cross-site trackers, no resale.

We may disclose information if compelled by valid legal process or to protect the rights, property, or safety of users or the service.

7. Cookies

We set one first-party cookie — _beam485_key — which holds your signed login session. It's HTTP-only, SameSite=Lax, and cleared on logout. We do not set third-party cookies.

8. Your controls & rights

  • change your email and password on your settings page;
  • on a device you own, turn recording off, rotate or revoke its share links, and permanently delete any of its recordings — all from that device's page;
  • email privacy@defensiblelogic.com to delete your account, request a copy of what we hold on you, or ask anything else.

9. Children

beam485 is not directed at children under 13 and we don't knowingly collect data from them.

10. Changes

Material changes will be announced by email to registered users at least 30 days before they take effect. The effective date at the top of this page always reflects the current version.

11. Contact

Privacy questions: privacy@defensiblelogic.com.