beam.page — Privacy Policy
Effective date: 5 April 2026 Last updated: 5 April 2026
1. Who we are
beam.page is operated by:
Lola Squared Ltd Company number: 15911333 Registered address: 483 Green Lanes, London, England, N13 4BS Contact: privacy@beam.page
For the purposes of UK data protection law (UK GDPR and the Data Protection Act 2018), Lola Squared Ltd is the data controller for the personal data described in this policy.
2. What personal data we collect
2.1 Guest users
When you use beam.page as a guest, we create: - An auto-generated email address (e.g. guest_3f8a2b1c@guest.local) - An auto-generated display name - A unique tenant identifier (tenant_id)
This data is automatically deleted after 2 hours along with all associated content.
2.2 Google login users
When you sign in with Google, we receive and store: - Your name - Your email address - Your Google account identifier
We also generate and store: - A unique tenant identifier (tenant_id)
This data is retained for the lifetime of your account.
2.3 All users
For all users, we store: - Content you upload or create (HTML files, images, PDFs, metadata, and other assets) - Authentication tokens issued by AWS Cognito
2.4 Site visitor form submissions
When a visitor to a beam.page site submits data through a built-in action (e.g. a contact form), we process and store their submitted data (e.g. name, email address, message) in order to deliver it to the site owner. This data is retained until the site owner deletes it or closes their account.
2.5 Cookies
The authentication page at auth.beam.page uses a strictly necessary session cookie for authentication. No consent banner is required for this cookie.
We do not place any cookies on user-created hosted sites. If a site owner adds their own cookies (e.g. analytics), that is their responsibility under their own privacy obligations.
3. How we use your data
We use your personal data for the following purposes:
- Providing the Service — creating and maintaining your account, hosting your sites, serving your content
- Authentication — verifying your identity when you access the Service
- Relaying form submissions — processing visitor-submitted data to deliver it to the site owner via email
- Security and abuse prevention — protecting the Service from misuse
We do not use your data for marketing, profiling, or automated decision-making.
4. Lawful basis for processing
Under UK GDPR Article 6, we process your personal data on the following bases:
| Purpose | Lawful basis |
|---|---|
| Account creation and hosting services | Performance of a contract (Art. 6(1)(b)) |
| Authentication | Performance of a contract (Art. 6(1)(b)) |
| Guest account creation | Legitimate interest (Art. 6(1)(f)) — providing a trial experience |
| Form submission processing and storage | Legitimate interest (Art. 6(1)(f)) — enabling contact between site visitors and site owners |
| Security and abuse prevention | Legitimate interest (Art. 6(1)(f)) — protecting the Service and its users |
5. Who we share your data with
We share personal data with the following third parties, solely for the purpose of operating the Service:
- Amazon Web Services (AWS) — cloud infrastructure and authentication (AWS Cognito). AWS acts as a data processor on our behalf under a Data Processing Addendum.
- Google — authentication via Google OAuth. Google acts as an independent data controller for the authentication process.
We do not sell your personal data to anyone. We do not share your data with any other third parties unless required by law.
6. International data transfers
Your data may be processed in the United Kingdom, the European Economic Area, or the United States through our use of AWS infrastructure.
Where data is transferred outside the UK, we rely on appropriate safeguards including: - The UK International Data Transfer Agreement (UK IDTA) - The UK Addendum to the EU Standard Contractual Clauses (SCCs)
AWS maintains appropriate data processing agreements and transfer mechanisms as required by UK data protection law.
7. How long we keep your data
| Data type | Retention period |
|---|---|
| Guest account data and content | Automatically deleted after 2 hours |
| Registered account data | Retained until you delete your account |
| Uploaded content | Retained until you delete it or close your account |
| Form submission data | Retained until the site owner deletes it or closes their account |
| Authentication tokens | Valid for the duration of the session; expired tokens are not retained |
Upon account deletion, all associated personal data and content is permanently removed, subject to any legal retention requirements.
8. Your rights
Under UK GDPR, you have the following rights:
- Right of access — you can request a copy of the personal data we hold about you
- Right to rectification — you can ask us to correct inaccurate personal data
- Right to erasure — you can ask us to delete your personal data
- Right to restriction — you can ask us to restrict the processing of your personal data
- Right to data portability — you can request your personal data in a machine-readable format
- Right to object — you can object to processing based on legitimate interest
To exercise any of these rights, contact us at privacy@beam.page. We will respond within one month.
If you are not satisfied with how we handle your request, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):
Information Commissioner's Office Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF Website: https://ico.org.uk Helpline: 0303 123 1113
9. Site owners and visitor data
If you create a site on beam.page, you may collect personal data from your site visitors (e.g. through built-in actions or through third-party tools you embed).
In this case, you are an independent data controller for the data you collect from your visitors. You are responsible for: - Providing your own privacy notice to your visitors - Ensuring you have a lawful basis to collect and process their data - Complying with UK GDPR and any other applicable data protection law
beam.page acts as a data processor when relaying form submissions on your behalf.
10. Children
beam.page is not directed at children under the age of 13. We do not knowingly collect personal data from children under 13. If we become aware that we have collected personal data from a child under 13, we will take steps to delete it promptly.
11. Changes to this policy
We may update this Privacy Policy from time to time. We will post the updated version on beam.page/privacy with a revised "last updated" date.
For significant changes, we will make reasonable efforts to notify registered users via email.
12. Contact us
For any questions or concerns about this Privacy Policy or our data practices, contact us at:
Lola Squared Ltd 483 Green Lanes, London, England, N13 4BS privacy@beam.page