1. Who we are (Data Controller)
The controller of your personal data is Gel-Lab sp. z o.o., with its registered office at ul. Legionów Polskich 109/23, 41-300 Dąbrowa Górnicza, Poland, entered in the Register of Entrepreneurs of the National Court Register under KRS no. 0000596923, REGON 363525313, NIP 6292473782 ("we", "Gel-Lab").
For any privacy matter, contact us at privacy@beam.app or by post at the address above.
2. The data BEAM processes
BEAM is a relationship app, so most of the data relates to your contacts and how you stay in touch.
Account & profile data
When you sign in with Apple, Google or LinkedIn, we receive your name, email address and — where you allow it — profile details such as your photo, job title and company, used to build your BEAM profile. You may also add up to three expertise areas with self-assessed levels.
Contacts you choose to connect
If you enable a source, we import and merge contacts from your phone address book, Google and/or LinkedIn into a single, de-duplicated base. Connecting each source is optional, selected individually, and can be turned off at any time. We never modify or overwrite the data in your original address books.
Relationship data you add
Tags, notes, contact language preferences, and the Strong/Normal Beam level you assign to each relationship.
Calendar data
If you connect Google Calendar or Outlook, BEAM reads upcoming event details (time, location, type, hashtags) solely to recommend people from your network worth meeting. We do not store the full content of your calendar beyond what these recommendations require.
Messages & activity
Content you send through Beam Messenger (including attachments), the outreach you initiate via email or WhatsApp through BEAM, and endorsements you give and receive. BEAM does not track whether stateless invitation links were opened.
Technical data
Device type, operating system, app version, language, and basic diagnostic and usage data needed to keep BEAM secure and working.
3. Why we process it (purposes & legal bases)
| Purpose | Examples | Legal basis (GDPR) |
|---|---|---|
| Providing the core service | Merging contacts; generating signals (birthdays, anniversaries, job changes); meeting recommendations; Beam network and Messenger | Art. 6(1)(b) — contract |
| Optional data sources | Phone contacts; calendar access | Art. 6(1)(a) — your consent, withdrawable at any time |
| Outreach you initiate | Drafting suggested messages and opening your chosen messaging app with content you approve | Art. 6(1)(b) — providing the feature you request |
| Security & improvement | Diagnostics; aggregated, de-identified usage statistics | Art. 6(1)(f) — legitimate interest |
| Payments (Beam Pro) | Subscription management via app stores | Art. 6(1)(b) — contract; Art. 6(1)(c) — legal obligations |
| Legal compliance | Accounting; responding to lawful requests | Art. 6(1)(c) — legal obligation |
A note on other people's data. Your contact list contains other people's details. We process them only to provide the relationship-management features you request, never to build advertising profiles of non-users, market to them ourselves, or disclose them for unrelated purposes. Invitation recipients see only the inviter identity included in the invitation and the invitation itself.
4. AI-generated message suggestions
When you ask BEAM to suggest a message, limited context (such as the occasion type and your contact's preferred language) may be processed by an AI model to generate a draft. Suggestions are optional — you can always write your own message or use saved templates. AI drafts are not used for advertising or to train profiles of you or your contacts, and you review and approve every message before anything is sent.
5. The 24-hour invitation link
Outreach sent through BEAM can include an encrypted and authenticated invitation payload containing the inviter's account identifier, name, initials and a 24-hour expiry time. The payload is verified before the inviter is displayed or a connection is created. BEAM does not store an invitation record or track whether the link was opened. The link cannot be verified or redeemed after expiry.
6. What we never do
- We never sell your personal data.
- We never show third-party advertising in BEAM or let advertisers target you.
- We never send messages on your behalf without your explicit action.
- We never expose your contact details to other users beyond what your own Strong/Normal Beam settings allow.
- We never use your private messages to build advertising or marketing profiles.
7. Strong vs Normal Beam — your visibility controls
BEAM lets you decide what each connection sees about you. A Strong Beam may see fuller details (such as your phone, email, full expertise and change signals). A Normal Beam sees limited information (such as your name, title and expertise areas), with contact details hidden. You can change any relationship's level at any time, and the change takes effect immediately.
9. International transfers
Where a provider processes data outside the European Economic Area, we rely on appropriate safeguards — primarily the European Commission's Standard Contractual Clauses, supplemented where applicable by adequacy decisions (such as the EU–US Data Privacy Framework for certified providers).
10. How long we keep your data
- Account and relationship data — for as long as your BEAM account is active.
- After account deletion — deleted or irreversibly anonymised within 30 days, except limited records we must keep to meet legal obligations (e.g. billing records for the statutory period).
- Invitation links — invitation payloads are stateless and are not stored as invitation records; ordinary security logs may temporarily contain request metadata under the diagnostics retention period.
- Diagnostics — kept in identifiable form no longer than 12 months.
11. Your rights
Under the GDPR you have the right to: access your data, rectify it, erase it, restrict processing, data portability, object to processing based on legitimate interest, and withdraw consent at any time (without affecting prior processing). Most of these can be exercised directly in the app (Profile → Privacy), or by writing to privacy@beam.app.
You also have the right to lodge a complaint with the supervisory authority — in Poland, the President of the Personal Data Protection Office (Prezes UODO, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl).
12. Children
BEAM is not directed to children under 16, and we do not knowingly process their personal data. If you believe a child has created an account, contact us and we will remove it.
14. Changes to this policy
We may update this policy as BEAM evolves. For material changes we will notify you in the app before they take effect. The "last updated" date at the top always reflects the current version, and previous versions are available on request.
15. Contact
Gel-Lab sp. z o.o.
ul. Legionów Polskich 109/23
41-300 Dąbrowa Górnicza, Poland
Email: privacy@beam.app