Beamaroo

Privacy Policy

Effective 5 July 2026 · v1, under legal review · Beamaroo, Brisbane, Australia

Beamaroo transfers files directly between two devices. It is engineered so that we handle as little of your information as possible — this policy describes the small amount we do handle, honestly. We apply the Australian Privacy Principles in the Privacy Act 1988 (Cth) to everything we do.

1. Your files — we never have them

In short: your files travel encrypted from one device to the other. They are never uploaded to us, stored by us, or readable by us.

Transfers run over WebRTC with DTLS end-to-end encryption. The encryption keys exist only on the two participating devices. When a direct connection isn't possible, an encrypted relay (Cloudflare's TURN service) forwards the traffic — it carries scrambled bytes it cannot decrypt. At no point can Beamaroo or its providers read file contents or file names.

2. What our servers do see

In short: the minimum needed to introduce two devices to each other, held only for the seconds it takes.

3. What we don't do

4. When paid accounts launch

In short: if you subscribe, we'll hold your email and subscription status; card details go to the payment provider, not us.

When subscriptions become available, senders who subscribe will provide an email address (used to sign in and for service messages — not marketing without consent). Payments will be processed by Stripe; we will see subscription status and receipts but never your full card number. Receivers will still need no account. This section takes effect only when subscriptions launch.

5. Who processes data for us

We use Cloudflare, Inc. (USA) to run our infrastructure — page hosting, device introduction, the encrypted relay, and transient operational logs — and, once subscriptions launch, Stripe (USA) for payments. Page fonts are loaded from Google Fonts, which means Google receives the standard web request (including IP address) when the page loads. These providers receive information overseas (primarily the United States); we choose providers with strong security practices and take reasonable steps consistent with APP 8.

6. Security

All connections use TLS; transfers additionally use end-to-end DTLS encryption; pairing codes are single-use and verified cryptographically, with one guess allowed before a channel is destroyed. Because your files never reach us, the most privacy-critical data never exists on our side at all.

7. Access, correction and complaints

We hold almost nothing about you, but you can ask what we hold, ask us to correct it, or complain about our handling of your information by contacting privacy@beamaroo.com. We'll respond within 30 days. If you're unsatisfied, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).

8. Data breaches

If a data breach occurs that is likely to result in serious harm, we will notify affected people and the OAIC in accordance with the Notifiable Data Breaches scheme.

9. Changes

We'll post any changes to this policy on this page with a new effective date. Material changes will be highlighted on the site.