Privacy Policy

Last updated: May 26, 2026

Ineffable Technologies Inc. ("we", "us", "our") operates the Beambox Lock platform, which includes the Beambox Lock mobile application (iOS and Android), the web-based administration dashboard at app.beamboxlock.com, and the website at beamboxlock.com (collectively, the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect your personal information when you use our Service.

1. Information We Collect

1.1 Account Information

When you create an account or are invited by an organization, we collect:

• Email address
• Name (if provided)
• Phone number (if provided for package delivery notifications)
• Organization/employer name and role
• Authentication credentials (managed securely via AWS Cognito)

1.2 Device and Usage Information

When you use the mobile app, we may collect:

• Device type, operating system, and version
• NFC interaction logs (lock UID, timestamp, access result)
• GPS location (only when you explicitly search for nearby lockers; not tracked in the background)
• Push notification tokens (for delivery and rental notifications)

1.3 Payment Information

For locker rental and other paid features, payment processing is handled entirely by Stripe, Inc. We do not store credit card numbers, bank account details, or other payment credentials on our servers. Stripe may collect payment information in accordance with their own Privacy Policy.

1.4 Lock Access and Audit Data

Every lock interaction (open, close, provision, unbind) is logged for security and compliance purposes. These audit records include:

• Timestamp of the event
• Lock identifier (UID)
• User identifier
• Action performed
• Cryptographic hash for chain-of-custody integrity

1.5 Contact Form Information

When you submit a demo request through our website, we collect your name, email address, company name, and area of interest.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Authenticate your identity and authorize access to locks and cubbies
• Process locker rental payments and send receipts
• Send notifications about package deliveries, rental status, and account activity
• Maintain tamper-proof audit trails for security and legal compliance
• Respond to your inquiries and demo requests
• Detect, prevent, and investigate security incidents and fraud
• Comply with legal obligations

3. How We Share Your Information

We do not sell your personal information. We may share information with:

• Your Organization: If your account is associated with an employer or customer organization, administrators of that organization may view your access logs, role, and activity within the platform.
• Service Providers: We use third-party services to operate the platform, including:
  • Amazon Web Services (AWS) for cloud infrastructure, data storage, authentication, and email delivery
  • Stripe for payment processing
  • Apple (APNs) and Google (FCM) for push notifications
• Law Enforcement: We may disclose information if required by law, subpoena, court order, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

4. Data Security

We implement industry-standard security measures to protect your information, including:

• AES-256 encryption for sensitive data at rest
• TLS/HTTPS encryption for all data in transit
• Rolling encrypted keys for NFC lock communication (patent pending)
• Server-side authorization for every lock access request
• Blockchain-style cryptographic hash chains for audit trail integrity
• Multi-factor authentication support
• 30-minute session timeouts for administrative access
• Role-based access control with hierarchical permissions

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service. Audit logs are retained for the duration required by applicable law or your organization's retention policies. You may request deletion of your account and associated data by contacting us at the email below.

6. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal information we hold about you
• Request correction of inaccurate information
• Request deletion of your personal information
• Opt out of marketing communications
• Request a portable copy of your data
• Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at privacy@beamboxlock.com.

7. Children's Privacy

The Service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will take steps to delete it promptly.

8. International Data Transfers

Your information may be transferred to and processed in the United States, where our cloud infrastructure is located. By using the Service, you consent to this transfer. We ensure appropriate safeguards are in place in accordance with applicable data protection laws.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

10. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@beamboxlock.com
• Company: Ineffable Technologies Inc.
• Website: beamboxlock.com