Privacy Policy

Last updated: January 2025

1. Introduction

Beepaway ("we", "us", or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service at beepaway.com.

By using our Service, you agree to the collection and use of information in accordance with this policy.

2. Information We Collect

2.1 Account Information

When you create an account using email and password authentication, we collect and store:

  • Email Address: Required for account identification, communication, and login. Stored in our PostgreSQL database.
  • Name: Your full name or display name (required during registration)
  • Password: Stored in encrypted format using bcrypt hashing algorithm (never stored in plain text)
  • Unique User ID: A UUID (Universally Unique Identifier) assigned to your account
  • Membership Status: Tracks whether your account is "free" or "member" (all accounts start as "free")
  • Email Verification Status: Timestamp indicating when your email was verified (if applicable)
  • Membership Activation Date: Timestamp of when membership was activated (if applicable)
  • Account Creation Date: Timestamp of when your account was created
  • Last Updated Date: Timestamp of when your account information was last modified

Note: We currently use email/password authentication. OAuth providers (Google, Apple) are planned but not currently implemented.

2.2 Vehicle Information

When you create a configuration file for your vehicle, we collect and store:

  • Vehicle Make: Manufacturer name (e.g., Honda, Toyota, BMW) - required
  • Vehicle Model: Model name (e.g., Civic, Corolla, 3 Series) - required
  • Vehicle Year: Model year (e.g., 2024, 2025) - required
  • VIN (Vehicle Identification Number): 17-character alphanumeric code - required and stored in our database
  • Trim: Vehicle trim level or variant (optional, may be null)
  • System Type: ISA system type identifier for your specific vehicle (e.g., ISA, ISLA, RSA, TSR) - required
  • Vehicle ID: A UUID linking the vehicle to your user account
  • Vehicle Creation Date: Timestamp of when the vehicle record was created

Important: Your VIN is personally identifiable information that can be used to identify your specific vehicle. We store this securely in our database and associate it with your user account.

2.3 Configuration File Data

For each configuration file generated, we store:

  • Configuration File ID: A UUID identifying the configuration file
  • File Path: Storage path for the configuration file (e.g., /configs/[userId]/[vehicleId]/[filename])
  • File Name: Generated filename based on make, model, year, and system type
  • File Version: Version number of the configuration file (currently "1.0")
  • System Type: The ISA system type the configuration file targets
  • Active Status: Boolean flag indicating if the configuration file is active
  • Configuration Creation Date: Timestamp of when the configuration file was generated
  • Vehicle Association: Link to the vehicle record for which the configuration was created

2.4 User Configuration Status

We track the status of your configuration files:

  • Configuration Status: One of three states: "pending" (awaiting processing), "ready" (available for download), or "downloaded" (already downloaded)
  • User Config ID: A UUID linking your user account to a specific configuration file
  • Creation Timestamp: When the user configuration was created
  • Download Timestamp: When the configuration file was downloaded (if applicable)

2.5 Download Information

When you download configuration files, we collect and store:

  • Download ID: A UUID for each download transaction
  • Download Token: A unique, secure token used to authorize file downloads (stored securely, expires after a set time)
  • IP Address: Your IP address at the time of download (stored for security and fraud prevention)
  • Download Timestamp: Exact date and time when the file was downloaded
  • Token Expiration: Timestamp indicating when the download token expires
  • User Association: Link to your user account and the specific configuration file downloaded

Security Note: Download tokens are time-limited and single-use for security purposes. IP addresses are collected to prevent abuse and unauthorized access.

2.6 Model Requests

If you submit a request for a vehicle model not yet supported, we collect:

  • Request ID: A UUID identifying your request
  • Manufacturer Name: Vehicle manufacturer (required)
  • Model Name: Vehicle model name (required)
  • Year: Model year (optional, may be null)
  • Additional Information: Any additional details you provide (optional, stored as text)
  • Request Status: One of: "pending", "in_progress", "completed", or "rejected"
  • Admin Notes: Internal notes added by administrators (not visible to you)
  • Request Timestamps: Creation date and last update date
  • User Association: Link to your user account

2.7 Waitlist Information

If you join our waitlist (when enabled), we collect:

  • Email Address: Required for waitlist participation (must be unique)
  • Name: Optional name field
  • Waitlist Position: Your calculated position in the waitlist queue
  • Notification Status: Timestamp indicating when you were notified (if applicable)
  • Join Date: Timestamp of when you joined the waitlist
  • Waitlist Entry ID: A UUID for your waitlist entry

Note: The waitlist feature is admin-configurable and may be disabled. When disabled, this data is not collected.

2.8 Authentication Cookies

We use HTTP-only cookies for authentication:

  • Cookie Name: "auth-token"
  • Cookie Type: HTTP-only (not accessible via JavaScript for security)
  • Security: Secure flag enabled in production (HTTPS only)
  • Same-Site: Lax policy to prevent CSRF attacks
  • Duration: 7 days (expires after 7 days of inactivity)
  • Content: Base64-encoded session token containing your user ID and timestamp

Cookie Management: Cookies are automatically set when you log in and cleared when you log out. You can clear cookies through your browser settings, but this will log you out.

2.9 Automatically Collected Information

We automatically collect certain technical information when you use our Service:

  • Server Logs: Standard web server logs including IP addresses, request timestamps, and request paths
  • Error Reports: Error messages and stack traces when errors occur (may include technical details)
  • Analytics Data: We use Vercel Analytics to collect anonymous usage statistics including page views, session duration, and user interactions
  • Error Monitoring: We use Sentry (when configured) to monitor application errors and performance issues
  • Browser Information: User agent strings that may include browser type, version, and device information

Analytics: Vercel Analytics and Sentry are third-party services that help us understand how our Service is used and identify technical issues. These services may collect anonymized data about your usage patterns.

3. How We Use Your Information

We use the collected information for the following purposes:

  • Service Provision: To create and provide configuration files for your vehicles
  • Account Management: To create, maintain, and manage your account
  • Communication: To send you service-related emails, updates, and notifications
  • Security: To protect against fraud, unauthorized access, and security threats
  • Improvement: To improve our Service, analyze usage patterns, and develop new features
  • Support: To respond to your inquiries and provide customer support
  • Model Requests: To process and evaluate requests for new vehicle model support
  • Legal Compliance: To comply with applicable laws and regulations

4. Data Storage and Security

4.1 Data Storage

Your data is stored securely in databases hosted by our service providers. We use industry-standard security measures including:

  • Encrypted password storage using bcrypt hashing
  • Secure database connections (SSL/TLS)
  • Access controls and authentication
  • Regular security updates and monitoring

4.2 Data Retention

We retain your personal information according to the following schedule:

  • Account Data: Retained for as long as your account is active. After account deletion, we may retain certain data for up to 90 days for security and fraud prevention purposes.
  • Vehicle Information: Retained while your account is active. Deleted when you delete your account or remove the vehicle.
  • Configuration Files: Retained while your account is active. Associated files may be retained for up to 1 year after account deletion for backup purposes.
  • Download Records: Retained for up to 2 years for security and audit purposes, even after account deletion.
  • Model Requests: Retained indefinitely for product development purposes, but anonymized after account deletion.
  • Waitlist Entries: Retained until you are notified or the waitlist is disabled, then deleted within 30 days.
  • Server Logs: Retained for up to 90 days for security and debugging purposes.
  • IP Addresses: Retained in download records for up to 2 years for security purposes.

We may retain certain information after account deletion as required by law, for legitimate business purposes (such as fraud prevention), or to resolve disputes. You can request deletion of your data at any time, subject to legal retention requirements.

5. Data Sharing and Disclosure

We do not sell, trade, or rent your personal information to third parties. We may share your information only in the following circumstances:

5.1 Service Providers

We share information with trusted service providers who assist us in operating our Service:

  • Database Hosting (Neon PostgreSQL): Your account data, vehicle information, configuration files, downloads, model requests, and waitlist entries are stored in Neon's PostgreSQL database infrastructure.
  • Hosting Platform (Vercel): Our Service is hosted on Vercel, which processes requests and may have access to server logs, IP addresses, and request data.
  • Analytics (Vercel Analytics): We use Vercel Analytics to collect anonymous usage statistics. This service may receive anonymized data about page views and user interactions.
  • Error Monitoring (Sentry): When configured, Sentry receives error reports and performance data, which may include technical information about errors you encounter.
  • Email Service Providers: If we implement email notifications, we may use email service providers (such as Resend or SendGrid) to send emails. These providers would receive your email address and name for delivery purposes.

These providers are contractually obligated to protect your information and use it only for the purposes we specify. We do not authorize them to use your information for their own purposes.

5.2 File Storage

Configuration files may be stored on third-party file storage services (such as AWS S3 or Cloudflare R2) when implemented. These files are associated with your user ID and vehicle information but are stored securely with access controls.

5.3 Legal Requirements

We may disclose your information if required by law or in response to valid legal requests, such as:

  • Court orders or subpoenas
  • Law enforcement requests
  • Regulatory investigations
  • Legal proceedings where disclosure is required

We will attempt to notify you of such requests when legally permitted, unless doing so would compromise an investigation or violate a court order.

5.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our Service of any change in ownership or uses of your personal information.

5.5 Aggregated and Anonymized Data

We may share aggregated, anonymized data that does not identify you personally. This may include:

  • Statistics about vehicle models requested
  • Anonymized usage patterns
  • General trends in configuration file generation

This data cannot be used to identify you or your specific vehicles.

6. Your Rights and Choices

6.1 Access and Correction

You can access and update your account information at any time through your account settings. You can correct inaccurate information or request corrections.

6.2 Account Deletion

You can request deletion of your account at any time. Upon deletion, we will remove your personal information, subject to legal retention requirements. Configuration files and vehicle data associated with your account will also be deleted.

6.3 Email Communications

You can opt out of marketing emails by following the unsubscribe instructions in our emails. Service-related emails (such as account notifications) cannot be opted out of as they are essential for account management.

6.4 Data Portability

You can request a copy of your personal data in a structured, machine-readable format.

7. Cookies and Tracking Technologies

7.1 Authentication Cookies

We use HTTP-only cookies to maintain your authentication session. The "auth-token" cookie is essential for the Service to function and cannot be disabled without preventing login functionality.

  • Purpose: Maintain your logged-in session
  • Type: HTTP-only (not accessible via JavaScript)
  • Duration: 7 days
  • Security: Secure flag enabled in production, SameSite=Lax

7.2 Analytics and Monitoring

We use third-party services for analytics and error monitoring:

  • Vercel Analytics: Collects anonymous usage statistics (page views, session data)
  • Sentry: Error monitoring and performance tracking (when configured)

These services may use cookies or similar technologies. You can control cookies through your browser settings, though disabling cookies may affect Service functionality.

8. Children's Privacy

Our Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

9. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by updating the "Last updated" date at the top of this page. Your continued use of the Service after such changes constitutes acceptance of the updated policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

Email: support@beepaway.com

For data deletion requests or other privacy-related inquiries, please include "Privacy Request" in your subject line.