Privacy Policy
Beamaroo transfers files directly between two devices. It is engineered so that we handle as little of your information as possible — this policy describes the small amount we do handle, honestly. We apply the Australian Privacy Principles in the Privacy Act 1988 (Cth) to everything we do.
1. Your files — we never have them
Transfers run over WebRTC with DTLS end-to-end encryption. The encryption keys exist only on the two participating devices. When a direct connection isn't possible, an encrypted relay (Cloudflare's TURN service) forwards the traffic — it carries scrambled bytes it cannot decrypt. At no point can Beamaroo or its providers read file contents or file names.
2. What our servers do see
- Connection details. Like every website, our servers see your IP address and standard request information when you load the page or pair devices. Pairing messages (which carry device network addresses) are relayed between your two devices and are not retained after the session ends.
- Channel numbers. The numeric part of a pairing code. The word part of the code — the secret — never leaves your devices in readable form.
- Anonymous usage counts. We record events like "a transfer started" and approximate sizes, with no names, accounts, IP addresses, or identifiers attached, to understand load and cost.
3. What we don't do
- No advertising, no analytics trackers, no tracking cookies, no fingerprinting.
- No selling, renting, or sharing of information for marketing.
- No accounts or sign-ups are required to use the free service.
4. When paid accounts launch
When subscriptions become available, senders who subscribe will provide an email address (used to sign in and for service messages — not marketing without consent). Payments will be processed by Stripe; we will see subscription status and receipts but never your full card number. Receivers will still need no account. This section takes effect only when subscriptions launch.
5. Who processes data for us
We use Cloudflare, Inc. (USA) to run our infrastructure — page hosting, device introduction, the encrypted relay, and transient operational logs — and, once subscriptions launch, Stripe (USA) for payments. Page fonts are loaded from Google Fonts, which means Google receives the standard web request (including IP address) when the page loads. These providers receive information overseas (primarily the United States); we choose providers with strong security practices and take reasonable steps consistent with APP 8.
6. Security
All connections use TLS; transfers additionally use end-to-end DTLS encryption; pairing codes are single-use and verified cryptographically, with one guess allowed before a channel is destroyed. Because your files never reach us, the most privacy-critical data never exists on our side at all.
7. Access, correction and complaints
We hold almost nothing about you, but you can ask what we hold, ask us to correct it, or complain about our handling of your information by contacting privacy@beamaroo.com. We'll respond within 30 days. If you're unsatisfied, you can complain to the Office of the Australian Information Commissioner (oaic.gov.au).
8. Data breaches
If a data breach occurs that is likely to result in serious harm, we will notify affected people and the OAIC in accordance with the Notifiable Data Breaches scheme.
9. Changes
We'll post any changes to this policy on this page with a new effective date. Material changes will be highlighted on the site.