Privacy Policy

How BeachViber collects, uses, and protects your data. Last updated: February 19, 2026.

Overview

Privacy by design

BeachViber is built around end-to-end encryption. The relay server cannot read your code, prompts, or session content. This privacy policy explains what limited data we do collect and how we use it.

1

Information We Collect

Account information: When you sign up, we collect your email address. If you sign up via GitHub OAuth, we also receive your GitHub username and GitHub user ID. Passwords for email-based accounts are securely hashed and never stored in plaintext. We do not collect or store passwords for OAuth users.

Device information: When you pair a desktop, we store a device identifier and device token to authenticate WebSocket connections. We do not collect hardware specifications, IP addresses, or location data beyond what is needed for the connection.

Usage metadata: We store minimal connection metadata such as connection timestamps, pairing status, and session identifiers. This is used solely for managing active sessions and is not used for analytics, advertising, or profiling.

2

Information We Cannot Access

Due to end-to-end encryption, the BeachViber relay server cannot access:

• Your code or source files
• Prompts you send to Claude Code
• Claude Code responses
• Tool execution details (commands, file edits)
• Your approval or denial decisions
• Session transcripts or conversation history

The relay sees only opaque encrypted blobs, message types, sender/receiver identifiers, timestamps, and message sizes. See our encryption documentation for technical details.

3

How We Use Your Information

We use the information we collect to:

• Authenticate you and manage your account
• Route encrypted messages between your devices
• Manage device pairing and session state
• Send you important service notifications (security alerts, downtime)

We do not use your data for advertising, sell it to third parties, or build user profiles for any purpose beyond operating the service.

Data Storage

How we store and protect your data

🔒 Data at Rest

  • Account data stored with encryption at rest
  • Pairing codes and verification codes auto-expire — no stale data persists
  • No session transcripts, prompts, or code content stored on our servers
  • Encryption keys are generated and stored only on your devices — never on the relay

🔐 Data in Transit

  • All connections use TLS encryption (HTTPS / WSS)
  • Message payloads are end-to-end encrypted before TLS
  • The relay cannot decrypt message content even with full server access
  • No plaintext sensitive data in server logs

🕒 Data Retention

  • Account data retained while your account is active
  • Pairing codes expire automatically within minutes
  • Session metadata cleaned up when sessions end
  • Deleted accounts are permanently removed from our systems

🌐 Third-Party Services

  • GitHub OAuth: Optional authentication method — we receive your username, ID, and email
  • Google reCAPTCHA: Used during registration to prevent abuse — subject to Google's Privacy Policy
  • AWS: Infrastructure hosting — subject to AWS's Privacy Policy
  • Google Analytics: Used on www.beachviber.com and app.beachviber.com to understand traffic and usage patterns — subject to Google's Privacy Policy. No advertising features are enabled. You can opt out using the Google Analytics Opt-out Browser Add-on
Client-Side Storage

What's stored on your devices

📱 Mobile App (Browser)

  • IndexedDB: Non-extractable encryption keys (Web Crypto API CryptoKey objects)
  • localStorage: Authentication tokens and session state
  • No cookies are used for tracking or analytics
  • All local data can be cleared by clearing browser/app data

💻 BeachViber Agent

  • OS Keychain: Encryption keys stored securely in the operating system keychain
  • Config files: Device tokens and pairing state stored in a local configuration directory with restricted, owner-only access permissions
  • All files are owner-read/write only — no other system users can access them
  • Uninstalling the agent removes all local data
Your Rights

Control over your data

🔍

Access

You can request a copy of the personal data we hold about you at any time by emailing us.

🗑

Deletion

You can delete your account at any time. This permanently removes all account data, device registrations, and session metadata from our servers.

📝

Correction

You can update your account information through the app settings or by contacting us.

📨

Portability

You can request an export of your account data in a machine-readable format.

Additional Information

Other important details

Children's Privacy

BeachViber is not intended for use by anyone under the age of 13. We do not knowingly collect personal information from children under 13. If we learn that we have collected data from a child under 13, we will delete it promptly.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify users of material changes by posting a notice on our website. Continued use of BeachViber after changes constitutes acceptance of the updated policy.

Contact Us

If you have questions about this Privacy Policy or your data, contact us at support@beachviber.com.