Legal
Privacy Policy
Last updated 23 May 2026.
Heads up: this policy is a clear, friendly first draft. If you operate in the EU/UK and need GDPR-compliant language, or in California and need CCPA language, get this reviewed by a lawyer before relying on it.
The short version
- We collect the bare minimum we need to run the service.
- We never sell your data. Ever.
- We use a small handful of trusted third parties (Stripe, GitHub, Anthropic, OpenAI, Postmark, Honeybadger) to make the product work. They each have their own privacy policies.
- You can export or delete your data at any time. Just ask.
Who we are
BeepBoop is operated by John Chambers (sole proprietor). For privacy questions, write to hello@beepboop.work.
What we collect
When you sign up and use BeepBoop, we keep:
- Account info — your email address and a hashed password (we never see your real password).
- Workspace + project content — the tasks, briefs, chats, and notes you create inside the product.
- GitHub OAuth token — if you connect a GitHub account, so we can read your repos and push branches on your behalf.
- Stripe customer + subscription IDs — to keep your billing in good standing. We never see or store your card number; that lives at Stripe.
- Usage metadata — agent runs, LLM cost breakdowns, page views (server logs only — we don't use a marketing analytics tracker).
Why we collect it
- To run the service you signed up for.
- To bill you fairly and let you bill your own clients.
- To improve reliability (e.g. error reports to Honeybadger).
- To send the occasional transactional email (sign-up confirmation, invitation, billing receipt). We don't send marketing emails — yet — and if we do start, we'll only send to people who've opted in.
Where the data lives
BeepBoop runs on servers in the EU (DigitalOcean Frankfurt). Database backups are stored alongside the primary database. Some of our subprocessors operate globally — see the next section.
Subprocessors
We share data with these third parties only as needed to make the product work:
- Stripe — payments and subscription billing.
- GitHub — OAuth, repo reads, branch pushes, PR creation.
- Anthropic — Claude API calls for brainstorm chat (when you've opted in) and agent attempts.
- OpenAI — fallback model for chat when Anthropic is unavailable and your workspace has fallback enabled.
- Postmark — transactional email (sign-ups, invitations, password resets).
- Honeybadger — error monitoring (stack traces, request metadata — no message content).
- DigitalOcean / Hatchbox — hosting and infrastructure.
We sign a Data Processing Agreement with each of them where the law requires one.
Cookies and tracking
We use one strictly-necessary cookie (session_id) to keep you signed in. We don't use marketing cookies, advertising pixels, or third-party trackers. We don't run analytics scripts that follow you across the web.
Your rights
Depending on where you live, you may have the right to:
- Access a copy of the personal data we hold about you.
- Correct it if it's wrong.
- Delete it (subject to legal record-keeping requirements like tax law).
- Export it in a portable format.
- Object to certain kinds of processing.
- Lodge a complaint with your local data protection authority.
To exercise any of these, email hello@beepboop.work and we'll respond within 30 days.
How long we keep your data
As long as your account is active, plus 30 days after cancellation in case you change your mind. After that, we delete or anonymise it. Billing records may be kept longer where tax law requires.
Changes to this policy
We may update this policy from time to time. If we make a material change, we'll email you. Smaller changes go up here with a new "last updated" date at the top.
Talk to us
If you've got a privacy question or concern, please write to hello@beepboop.work. We read every message.