Legal

Privacy Policy

Last updated: 2 June 2026 · Applies to the BEAM mobile application and the beam.app website · Version 1.0

This policy is written specifically for BEAM and the way it actually works — no copy-pasted boilerplate. We tried to keep it human; that's the same principle behind the product.

1. Who we are (Data Controller)

The controller of your personal data is Gel-Lab sp. z o.o., with its registered office at ul. Legionów Polskich 109/23, 41-300 Dąbrowa Górnicza, Poland, entered in the Register of Entrepreneurs of the National Court Register under KRS no. 0000596923, REGON 363525313, NIP 6292473782 ("we", "Gel-Lab").

For any privacy matter, contact us at privacy@beam.app or by post at the address above.

2. The data BEAM processes

BEAM is a relationship app, so most of the data relates to your contacts and how you stay in touch.

Account & profile data

When you sign in with Apple, Google or LinkedIn, we receive your name, email address and — where you allow it — profile details such as your photo, job title and company, used to build your BEAM profile. You may also add up to three expertise areas with self-assessed levels.

Contacts you choose to connect

If you enable a source, we import and merge contacts from your phone address book, Google and/or LinkedIn into a single, de-duplicated base. Connecting each source is optional, selected individually, and can be turned off at any time. We never modify or overwrite the data in your original address books.

Relationship data you add

Tags, notes, contact language preferences, and the Strong/Normal Beam level you assign to each relationship.

Calendar data

If you connect Google Calendar or Outlook, BEAM reads upcoming event details (time, location, type, hashtags) solely to recommend people from your network worth meeting. We do not store the full content of your calendar beyond what these recommendations require.

Messages & activity

Content you send through Beam Messenger (including attachments), the outreach you initiate via email or WhatsApp through BEAM, and endorsements you give and receive. BEAM does not track whether stateless invitation links were opened.

Technical data

Device type, operating system, app version, language, and basic diagnostic and usage data needed to keep BEAM secure and working.

3. Why we process it (purposes & legal bases)

PurposeExamplesLegal basis (GDPR)
Providing the core serviceMerging contacts; generating signals (birthdays, anniversaries, job changes); meeting recommendations; Beam network and MessengerArt. 6(1)(b) — contract
Optional data sourcesPhone contacts; calendar accessArt. 6(1)(a) — your consent, withdrawable at any time
Outreach you initiateDrafting suggested messages and opening your chosen messaging app with content you approveArt. 6(1)(b) — providing the feature you request
Security & improvementDiagnostics; aggregated, de-identified usage statisticsArt. 6(1)(f) — legitimate interest
Payments (Beam Pro)Subscription management via app storesArt. 6(1)(b) — contract; Art. 6(1)(c) — legal obligations
Legal complianceAccounting; responding to lawful requestsArt. 6(1)(c) — legal obligation

A note on other people's data. Your contact list contains other people's details. We process them only to provide the relationship-management features you request, never to build advertising profiles of non-users, market to them ourselves, or disclose them for unrelated purposes. Invitation recipients see only the inviter identity included in the invitation and the invitation itself.

4. AI-generated message suggestions

When you ask BEAM to suggest a message, limited context (such as the occasion type and your contact's preferred language) may be processed by an AI model to generate a draft. Suggestions are optional — you can always write your own message or use saved templates. AI drafts are not used for advertising or to train profiles of you or your contacts, and you review and approve every message before anything is sent.

5. The 24-hour invitation link

Outreach sent through BEAM can include an encrypted and authenticated invitation payload containing the inviter's account identifier, name, initials and a 24-hour expiry time. The payload is verified before the inviter is displayed or a connection is created. BEAM does not store an invitation record or track whether the link was opened. The link cannot be verified or redeemed after expiry.

6. What we never do

  • We never sell your personal data.
  • We never show third-party advertising in BEAM or let advertisers target you.
  • We never send messages on your behalf without your explicit action.
  • We never expose your contact details to other users beyond what your own Strong/Normal Beam settings allow.
  • We never use your private messages to build advertising or marketing profiles.

7. Strong vs Normal Beam — your visibility controls

BEAM lets you decide what each connection sees about you. A Strong Beam may see fuller details (such as your phone, email, full expertise and change signals). A Normal Beam sees limited information (such as your name, title and expertise areas), with contact details hidden. You can change any relationship's level at any time, and the change takes effect immediately.

8. Sharing & processors

We share personal data only with providers who help us run BEAM: cloud hosting, authentication (Apple, Google, LinkedIn), AI drafting, analytics limited to service improvement, customer support tooling, and message delivery via your chosen channel (your email client or WhatsApp). Each acts on our documented instructions under a data-processing agreement. We may also disclose data where the law requires it.

We do not transfer your data to anyone for their own marketing purposes.

9. International transfers

Where a provider processes data outside the European Economic Area, we rely on appropriate safeguards — primarily the European Commission's Standard Contractual Clauses, supplemented where applicable by adequacy decisions (such as the EU–US Data Privacy Framework for certified providers).

10. How long we keep your data

  • Account and relationship data — for as long as your BEAM account is active.
  • After account deletion — deleted or irreversibly anonymised within 30 days, except limited records we must keep to meet legal obligations (e.g. billing records for the statutory period).
  • Invitation links — invitation payloads are stateless and are not stored as invitation records; ordinary security logs may temporarily contain request metadata under the diagnostics retention period.
  • Diagnostics — kept in identifiable form no longer than 12 months.

11. Your rights

Under the GDPR you have the right to: access your data, rectify it, erase it, restrict processing, data portability, object to processing based on legitimate interest, and withdraw consent at any time (without affecting prior processing). Most of these can be exercised directly in the app (Profile → Privacy), or by writing to privacy@beam.app.

You also have the right to lodge a complaint with the supervisory authority — in Poland, the President of the Personal Data Protection Office (Prezes UODO, ul. Stawki 2, 00-193 Warszawa, uodo.gov.pl).

12. Children

BEAM is not directed to children under 16, and we do not knowingly process their personal data. If you believe a child has created an account, contact us and we will remove it.

13. Website & cookies

The beam.app website uses only the cookies strictly necessary for it to function and privacy-respecting, aggregate analytics. We do not use advertising or cross-site tracking cookies. Where non-essential cookies are introduced, we will ask for your consent first.

14. Changes to this policy

We may update this policy as BEAM evolves. For material changes we will notify you in the app before they take effect. The "last updated" date at the top always reflects the current version, and previous versions are available on request.

15. Contact

Gel-Lab sp. z o.o.
ul. Legionów Polskich 109/23
41-300 Dąbrowa Górnicza, Poland
Email: privacy@beam.app