Privacy Policy
Last updated: 2026-05-09
Effective: May 9, 2026
This Privacy Policy describes how Beeping LLC ("Beeping," "we," "us," or "our") collects, uses, shares, and protects personal information when you use our website (beeping.io), the Beepbox cloud API, our open source SDKs, and related services (collectively, the "Services").
Beeping LLC is a Florida limited liability company headquartered in Miami-Dade County, Florida, USA. This Policy is governed by the laws of the State of Florida and the United States, including the Florida Digital Bill of Rights ("FDBR"), the Florida Information Protection Act ("FIPA"), the California Consumer Privacy Act as amended by the CPRA ("CCPA"), the Children's Online Privacy Protection Act ("COPPA"), Section 5 of the Federal Trade Commission Act, and the CAN-SPAM Act.
1. Who We Are
Beeping LLC Jurisdiction: State of Florida, USA (Miami-Dade County) Privacy contact: hello@beeping.io Website: https://beeping.io
For all privacy questions, data requests, or to exercise any of the rights described in this Policy, write to hello@beeping.io with the subject line "Privacy Request."
2. Personal Information We Collect
2.1 Account Information
When you create an account, we collect:
- Name
- Email address
- Password (hashed with bcrypt; never stored in plaintext)
- Organization name (optional)
- Billing information (processed by Stripe; we do not store full payment card numbers)
2.2 Usage Analytics (First-Party Only)
We collect usage data through our own first-party analytics infrastructure. We do not use third-party tracking services, advertising networks, or cross-site trackers. Usage data includes:
- API request counts, endpoints called, and response codes
- Feature usage patterns (aggregated)
- SDK version and platform information
- Session duration and frequency
2.3 Crash Reports and Error Tracking
We use Sentry for error tracking. Crash reports may include:
- Device type, operating system, and version
- Application state at the time of the error
- Stack traces
- SDK version
All crash reports are subject to automatic PII redaction before transmission. We never include raw audio content, contact data, IP addresses, or device identifiers in crash reports.
2.4 Audio Metadata
When you use the Beepbox API, we may process:
- Audio encoding parameters (format, sample rate, duration)
- Transmission metadata (timestamps, success/failure status)
- Payload size and type indicators
We never collect, store, or process raw audio content. The Beeping protocol encodes data into sound; we process the encoded data parameters, not the sound itself.
2.5 Technical Data
Automatically collected when you interact with our Services:
- IP address (truncated and anonymized after 24 hours)
- Browser type and version (for web interactions)
- Referring URL
- Pages visited on beeping.io
- Timestamps
2.6 Communications
When you contact us, we retain:
- Email correspondence
- Support ticket content
- Feedback submissions
3. Sources of Information
We collect personal information directly from you (when you sign up, contact us, or interact with the Services), automatically (through your use of the Services), and from our service providers (sub-processors who help us operate, secure, and bill the Services).
4. How We Use Personal Information
We use personal information to:
- Provide, maintain, and improve the Services
- Process transactions and send billing notifications
- Authenticate users and enforce account security
- Monitor API usage and enforce rate limits
- Detect, prevent, and respond to security incidents and fraud
- Analyze aggregate usage patterns to improve the platform
- Send transactional communications (account notifications, security alerts, service announcements)
- Send marketing communications (only with your consent, and you may opt out at any time per CAN-SPAM)
- Comply with legal obligations under applicable US federal, Florida state, and other applicable laws
- Respond to your inquiries and support requests
- Defend against, investigate, and respond to legal claims
We do not use personal information for automated decision-making or profiling that produces legal or similarly significant effects on you.
5. Data Sharing and Disclosure
We do not sell your personal information. We do not share personal information for cross-context behavioral advertising. We share personal information only in the following circumstances:
5.1 Sub-Processors
We use a limited number of vendors ("sub-processors") to operate the Services. The complete current list, with location and purpose, is published at /sub-processors and updated whenever our vendor list changes. Each sub-processor is bound by a written data processing agreement that requires confidentiality, security, and use limitations consistent with this Policy.
5.2 Legal and Safety Disclosures
We may disclose personal information if required by US federal or Florida state law, by valid legal process (subpoena, court order, search warrant), or by a governmental request, or where we believe in good faith that disclosure is necessary to:
- Protect the rights, property, or safety of Beeping, our users, or the public
- Investigate or prevent fraud, security incidents, or unauthorized use
- Enforce our Terms of Service
5.3 Business Transfers
In connection with a merger, acquisition, financing, sale of assets, bankruptcy, or other change of control, personal information may be transferred to the successor entity. The successor will be bound by this Privacy Policy or will provide notice and choice before any materially different use.
6. Data Retention
We retain personal information for the periods set out below. After the retention period, data is securely deleted or irreversibly anonymized.
| Data Category | Retention Period |
|---|---|
| Account information | Until account deletion, plus 30 days for backup purge |
| API usage logs | 90 days |
| Error/crash reports | 90 days |
| Billing records | 7 years (US/IRS tax retention) |
| IP addresses (full form) | 24 hours, then truncated/anonymized |
| Marketing consent records | Duration of consent plus 3 years |
| Support correspondence | 2 years after resolution |
| Anonymized analytics | Indefinite (no personal information) |
7. International Data Transfers
Our Services are operated from the United States. Our primary infrastructure is hosted on Google Cloud Platform in US regions. If you access the Services from outside the US, you understand that your personal information will be transferred to, stored, and processed in the United States.
For users in the European Economic Area, the United Kingdom, or Switzerland: where personal information is transferred from your jurisdiction to the US, we rely on the Standard Contractual Clauses approved by the European Commission (Decision 2021/914) and equivalent UK/Swiss safeguards, supplemented by encryption in transit (TLS 1.3) and at rest (AES-256). To request a copy of the applicable transfer mechanisms, write to hello@beeping.io.
8. Your Rights
Depending on where you live, you may have the rights described below. To exercise any right, write to hello@beeping.io with the subject "Privacy Request." We will verify your identity (typically by confirming control of the email on file) and respond within 45 days, with one 45-day extension where reasonably necessary.
8.1 Florida Residents (FDBR)
Where the Florida Digital Bill of Rights applies, you have the right to:
- Confirm whether we process your personal information and access that information
- Correct inaccurate personal information
- Delete personal information we have collected about you
- Obtain a portable copy of your personal information in a structured, commonly used, machine-readable format
- Opt out of (a) the sale of personal information, (b) targeted advertising, and (c) profiling in furtherance of decisions producing legal or similarly significant effects. We do not engage in any of these activities.
- Cure — before pursuing any FDBR enforcement action, you must give us 30 days to cure the alleged violation. Send the notice to hello@beeping.io.
8.2 California Residents (CCPA / CPRA)
- Right to Know — request the categories and specific pieces of personal information we have collected, the sources, the business or commercial purposes, and the third parties to whom we disclose it
- Right to Delete — request deletion of personal information we collected from you
- Right to Correct — request correction of inaccurate personal information
- Right to Portability — receive a copy of your personal information
- Right to Opt-Out of Sale or Sharing — we do not sell or share personal information, so no opt-out is necessary
- Right to Limit Use of Sensitive Personal Information — we do not use sensitive personal information beyond the limited purposes permitted under the CCPA
- Right to Non-Discrimination — we will not discriminate against you for exercising your CCPA rights
You may designate an authorized agent to make a request on your behalf. We will require written authorization and will verify the agent's identity.
8.3 Other US States
We honor equivalent rights for residents of any US state with a comprehensive privacy law that grants them (including Virginia, Colorado, Connecticut, Utah, Oregon, Texas, Montana, Tennessee, Iowa, and Delaware), to the extent the law applies to us.
8.4 Visitors From Outside the United States
If you are in the European Economic Area, the United Kingdom, or Switzerland, you have the rights granted to you under the GDPR or applicable local law: access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. You also have the right to lodge a complaint with your local supervisory authority.
8.5 Right to Lodge a Complaint
- Florida residents: you may file a complaint with the Florida Attorney General, Consumer Protection Division, at https://myfloridalegal.com/consumer-protection.
- All US residents: you may file a complaint with the Federal Trade Commission at https://www.ftc.gov.
9. Data Security
We implement reasonable administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, and destruction, including:
- Encryption at rest (AES-256) and in transit (TLS 1.3)
- Access controls with principle of least privilege
- Audit logging of access to personal information
- Automatic PII redaction in application logs
- Regular security assessments
- Incident response procedures consistent with FIPA breach notification requirements
For details about our security program, see our Security Policy. To report a security vulnerability, write to hello@beeping.io.
Breach notification. If a breach of security affects unencrypted personal information of Florida residents, we will notify affected individuals and (where required) the Florida Department of Legal Affairs within the time frame required by FIPA. We will provide equivalent notice to residents of other states under their applicable breach notification laws.
10. Children's Privacy
The Services are not directed to children under 13 years of age, and we do not knowingly collect personal information from children under 13 in violation of COPPA. The Services are not intended for users under 16. If we become aware that we have collected personal information from a child under 13, we will delete it promptly. If you believe a child has provided us with personal information, please write to hello@beeping.io.
11. Cookies and Tracking Technologies
We use a minimal set of first-party cookies for authentication, session management, and preference storage. We do not use third-party advertising cookies, cross-site trackers, or fingerprinting. Where required by law, we display a cookie notice and obtain consent before setting non-essential cookies.
12. Marketing Communications
We send marketing emails only with your consent. Every marketing email includes an unsubscribe link, consistent with the CAN-SPAM Act. To unsubscribe, click the link in any marketing email or write to hello@beeping.io. Transactional and security communications cannot be unsubscribed because they relate to the operation of your account.
13. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. We will notify you of material changes at least 30 days before they take effect, by email to your account email address or by posting a prominent notice on the Services. Your continued use of the Services after the effective date constitutes acceptance of the updated Policy.
14. Governing Law and Venue
This Privacy Policy is governed by the laws of the State of Florida, without regard to conflict-of-laws principles, except where a state, federal, or international law grants you non-waivable rights. Any dispute arising out of or relating to this Policy shall be brought exclusively in the state or federal courts located in Miami-Dade County, Florida, except where you have non-waivable rights to bring a claim elsewhere under applicable law.
15. Contact
For all privacy questions, data requests, or to exercise any of the rights described in this Policy:
- Email: hello@beeping.io (subject: "Privacy Request")
- Mail: Beeping LLC, Privacy Officer, Miami-Dade County, Florida, USA
- Website: https://beeping.io
Last updated: May 9, 2026