Back

Privacy Policy

Last updated: March 2026

1. Information We Collect

We collect the following information when you use BeyondMe:

  • Account information: Email address, full name, and password (hashed).
  • Encrypted assets: Data you store in the vault is encrypted client-side before reaching our servers. We cannot read or decrypt this data.
  • Recipient information: Email addresses of your designated recipients.
  • Usage data: Heartbeat check-in timestamps and check-in interval settings.

2. How We Use Your Information

  • To provide and maintain the service.
  • To monitor your heartbeat status and send notifications when inactivity is detected.
  • To send transactional emails (verification, password reset, asset release notifications).
  • To improve the service and fix issues.

3. Encryption & Zero-Knowledge Architecture

BeyondMe uses a zero-knowledge encryption model. Your sensitive data is encrypted using AES-256-GCM with PBKDF2 key derivation (100,000 iterations) entirely in your browser before being sent to our servers. Your master password never leaves your device.

This means we cannot access, read, or recover your encrypted data. If you lose your master password, your encrypted data cannot be recovered by anyone, including us.

4. Data Sharing

We do not sell, trade, or share your personal information with third parties, except:

  • Recipient notifications: When your heartbeat expires, we send notification emails to your designated recipients.
  • Service providers: We use Supabase for authentication and database, Brevo for email delivery, and Cloudflare for hosting.
  • Legal requirements: If required by law or to protect our rights.

5. Data Retention

Your data is retained as long as your account is active. When you delete your account, all associated data (profile, assets, heartbeat records) is permanently deleted. Released asset notifications that have already been sent cannot be recalled.

6. Data Security

We implement industry-standard security measures including encrypted data transmission (TLS), row-level security policies in our database, JWT-based authentication, and client-side encryption for all sensitive data.

7. Your Rights

You have the right to:

  • Access your personal information.
  • Update or correct your information.
  • Delete your account and all associated data.
  • Export your data (unencrypted data only, with master password).

8. Cookies

We use essential cookies for authentication session management. We do not use tracking cookies or third-party analytics cookies.

9. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of significant changes via email or in-app notification.

10. Contact

For privacy-related questions, please contact us at privacy@beyondme.app.