Privacy Policy

Last updated: May 17, 2026

1. Who we are

Beacon is built by Rachel Gubin Affiliate Consulting, Inc., doing business as Beacon Helps, a company based in the United States. If you have questions about this policy or your data, write to support@beaconhelps.com.

In this document, “Beacon,” “we,” “us,” and “our” mean Beacon Helps. “You” means the person using Beacon — typically a college student.

2. What we collect

Information you give us when you sign up

• Email address — to create your account and send you magic-link sign-in emails.
• First name — to personalize the app (“Welcome, Sarah”) and outgoing emails.
• Phone number — optional, only collected if you opt in to SMS notifications.
• School name — to know which Canvas instance you’re connecting to.
• Time zone — so notifications fire at the right time of day for you.

If you sign in with Google, we receive your Google account ID and email address from Google.

Information you give us in settings

• Communication style — direct, warm, or playful — so notifications sound like something you’d want to read.
• Support level — how much help you want from Beacon (aware, active, guided, or full co-pilot).
• Quiet hours — when you don’t want to be pinged.
• Push and SMS preferences — whether you want each kind of notification.
• Accommodations text — any disability accommodations you want to keep handy when you email professors. This is sensitive information and we treat it that way (see Section 7).
• Testing center contact — the email or phone for your school’s testing center, so Beacon can prompt you to book exam slots.
• Exam booking lead time — how many days of warning you need before exams.

Information we collect from your school’s systems

When you connect Beacon to your school’s learning management system (Canvas), we pull in:

• Your courses, course codes, and instructor names + emails
• Your assignments — titles, descriptions, due dates, lock dates, submission status, scores, and grades
• Syllabus content (when accessible) — text, grading policies, late penalties, attendance rules, office hours, academic integrity language
• Class schedule (if you upload a photo of it or enter it manually) — meeting days, times, locations

We store these in our database so Beacon can show you a coherent view of your work even when Canvas is slow or down.

Information about how you use Beacon

• Engagement timestamps — when you last opened the app, when you last reacted to a notification.
• Setup progress — which onboarding steps you’ve completed.
• Attestation records — when you marked an assignment as complete (without submitting via Canvas).
• Exam booking states — which exams you’ve booked, skipped, or are still pending.
• Push notification tokens — to deliver notifications to your specific device.

Records we keep for legal compliance

• SMS consent records — if you opt in to SMS, we record the exact opt-in language, the time, your IP address, and your browser/device string. This is required by SMS carrier compliance (A2P 10DLC) and we keep it even after you delete your account, in anonymized form (see Section 8).

Error and performance data

When something breaks, our error monitoring (Sentry) captures details about the error so we can fix it. We strip out sensitive fields — emails, phone numbers, names, accommodations text, passwords, and access tokens — before that data leaves Beacon’s servers. What’s left is technical: which line of code failed, what kind of error, what request triggered it.

3. What we don’t collect

To be explicit about what we don’t do:

• We don’t collect your location (GPS or otherwise).
• We don’t read your other apps, browser history, or social media.
• We don’t track you across other websites.
• We don’t use cookies or trackers for advertising — we don’t have advertising.
• We don’t sell your data to anyone for any purpose.

4. How we use what we collect

We use your information to:

• Show you your deadlines — pulled from Canvas, sorted by what’s urgent, shown in a way that’s easy to scan when your brain is overwhelmed.
• Send you notifications — push notifications about closing deadlines (at 72 hours, 24 hours, 6 hours, 2 hours, 30 minutes, and post-lock), SMS nudges if you opted in, magic-link emails for sign-in, and the occasional system notification (broken Canvas connection, new semester starting).
• Generate recommendations — using Anthropic’s Claude AI to pick what to surface based on your available time, what’s overdue, and what’s coming up.
• Extract syllabus details — using Claude to pull grading policies, late penalties, attendance rules, and other landmines from your syllabi.
• Parse your class schedule — if you upload a photo, Claude Vision reads the rows for you so you don’t have to type them.
• Help you act on what you see — by composing emails to professors about accommodations, generating mailto links to testing centers, and surfacing booking deadlines.
• Improve Beacon — using anonymized aggregate signals (e.g., what features get used, what assignments get skipped) to make decisions about future development. We do not use your individual data to train AI models.

5. Service providers we share data with

To deliver Beacon, we share data with a small number of service providers. Each provider gets only what they need for their specific job.

We do not share your data with advertisers, data brokers, analytics companies, or any other third party. There is no analytics SDK on Beacon. There are no advertising cookies on Beacon’s website or in the app.

6. AI-generated content — what to know

Beacon uses AI (Anthropic’s Claude) to read your syllabi, generate recommendations, and extract data from your schedule. A few things you should know:

• AI makes mistakes. Beacon’s recommendations are smart suggestions, not gospel. We always show you the underlying data (the actual assignment, the actual due date) so you can verify. Treat Beacon’s “do this now” suggestion as a thoughtful nudge, not as a substitute for checking Canvas yourself.
• AI doesn’t see your name, email, or phone. When we send your data to Claude for recommendations, we don’t include your personal identifiers in the prompt. Claude sees a class schedule, a list of assignments, your available time, and your communication preferences — but not “Sarah” or “sarah@email.com.”
• Schedule photos go to Claude Vision. If you upload a photo of your class schedule, we send the image to Claude to extract the meeting times. If your name or photo of you is visible in the image, it’s included. The image is not retained by Anthropic after processing.
• Syllabi sometimes contain professor names and personal information. When we send syllabus text to Claude, that personal information may be included if it’s in the syllabus. Anthropic does not retain it for training.

7. Disability information and accommodations

If you tell Beacon about your accommodations — extended time on exams, reduced-distraction testing, etc. — that information is treated as a special category.

• It is encrypted at rest in our database.
• It is used only for the features you’d expect it to be used for: helping you compose accommodation emails to your professors, and remembering it so you don’t have to retype it.
• It is never sent to AI providers as part of recommendation prompts, syllabus analysis, or any other automated processing.
• It is never shared with your school, your professors, or anyone else. When you compose an email to a professor about accommodations, you write or edit the email yourself and send it from your own email account. Beacon doesn’t send those emails for you.

Beacon as a product is designed for students with ADHD and executive dysfunction. If you’re using Beacon at all, that fact alone may suggest something about you. We don’t track or label you based on inferred disability status. We don’t sell, share, or analyze inferred disability data.

8. SMS consent records and why we keep them

Mobile carriers (the actual phone networks) require Beacon to keep records of when and how you opted in to SMS messages. This is part of the A2P 10DLC compliance framework that protects consumers from SMS spam.

If you opt in to SMS, we record:

• The phone number you provided
• The exact text of the consent you agreed to
• The time you consented
• Your IP address and browser/device at the time

When you delete your account, we anonymize these records (remove the phone, IP, and browser data, detach the record from your user account) but we don’t delete them entirely. The remaining row is required by carrier compliance and contains no information that can be tied back to you.

9. Data retention

While your account is active: We retain your data while your account is active so we can keep showing you your coursework. Old courses are archived when the term ends (we keep them so you can look back at past grades) but they remain in your account.

When you delete your account:

• You request deletion in the app’s settings.
• We enter a 30-day grace period during which you can change your mind by signing back in.
• After 30 days, your data is permanently erased from our databases. This includes: account info, profile data, courses, assignments, syllabi, schedules, notifications, device tokens, exam booking records, setup state, and recommendation cache.
• SMS consent records (if any) are anonymized but retained as described in Section 8.
• Error monitoring data captured by Sentry is subject to Sentry’s own retention policies, which Beacon does not control directly. Beacon scrubs personal identifiers before that data leaves our servers (see Section 2).

Backup retention: Our database backups may contain data for up to 30 days after your account is deleted, after which the backups are rotated out.

10. How we protect your data

• Encryption in transit: All connections between you and Beacon use HTTPS/TLS.
• Encryption at rest: Our database is hosted by Railway with encryption at rest. Sensitive fields (your Canvas access token, Canvas calendar URL, Gmail OAuth token if you connect one, and your accommodations text) are additionally encrypted at the application layer using Fernet symmetric encryption.
• Access controls: Production data is accessible only to the small Beacon team. Beacon currently has one developer. All access is logged at the infrastructure level.
• Authentication: We use short-lived bearer tokens (JWT) for app authentication. Sign-in is via magic link (a one-time link sent to your email) or Google Sign-In.
• No admin dashboard: Beacon does not currently have an admin interface for browsing user data. Access to your data happens only through direct database queries by the Beacon developer for support or debugging.

If we ever discover a data breach affecting your personal information, we will notify you by email within 72 hours of discovery, in compliance with applicable law.

11. Gmail integration (future feature)

Beacon is building a feature to watch your school email for class announcements — room changes, deadline updates, and important professor messages. This feature is not currently active. The OAuth scaffolding exists in the app, but no Gmail content is being read at this time.

When this feature launches, you will be asked to grant Beacon read-only access to your Gmail via Google OAuth. Here is exactly what Beacon will do — and won’t do — with Gmail data:

What Gmail data Beacon will access

• Email metadata: sender, recipient, subject, date, and the headers needed to identify which emails come from your school’s domain.
• Message content: the body text of recent emails (typically the last 30 days) from senders within your school’s domain or other domains you explicitly allow.
• Only school-related emails: Beacon filters by sender domain before reading content. Emails from your personal contacts, marketing lists, or other non-school senders are not read.

How Beacon will use Gmail data

• Classify academic relevance: an AI model (Anthropic’s Claude) reads the email and determines whether it contains academically relevant information (e.g., a class location change, a deadline update, an office hours announcement).
• Generate notifications: if an email is classified as academically relevant, Beacon may generate a push notification summarizing the change.
• Surface in the app: relevant items appear in your Beacon notifications inbox.

What Beacon will not do with Gmail data

Beacon’s use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements. Specifically, Beacon will not:

• Use Gmail data for advertising. Beacon does not serve advertising of any kind. We will not use Gmail data for retargeting, personalized advertising, interest-based advertising, or any advertising-related purpose.
• Train AI models on Gmail data. Beacon uses Anthropic’s Claude API to classify emails. Anthropic’s API terms prohibit using API inputs to train Anthropic’s models without explicit consent, and Beacon does not grant such consent. Gmail content will not be used to train Anthropic’s models, Beacon’s models, or any third party’s models.
• Sell or transfer Gmail data. Beacon will not sell Gmail data, transfer it to data brokers, or share it with third parties beyond the service providers strictly necessary to operate the feature (currently: Anthropic for classification).
• Allow humans to read your Gmail. Beacon’s employees and contractors do not read your Gmail content. The only exceptions are: (a) with your explicit consent (e.g., if you ask us to debug a specific issue), (b) for security purposes (investigating abuse of the service), (c) to comply with applicable law, or (d) for internal operations against anonymized, aggregated data.

Data retention

• Email contents are not stored. Beacon reads emails through the Gmail API and produces classification + notification output. The raw email content is not written to Beacon’s database.
• Notification logs are retained as described in Section 9 (data retention).
• Your Gmail OAuth refresh token is encrypted at rest and stored only to enable Beacon to check for new emails on a recurring schedule. You can disconnect Gmail at any time from Beacon’s settings, which immediately deletes the token.

Until the feature launches

Beacon is not currently reading any Gmail data. The only Google OAuth scope in use today is the standard userinfo scope, which provides your Google account email address and basic profile information to support Sign in with Google. No gmail.readonly access is being requested or used at this time.

When the Gmail integration launches, you will be prompted to grant access in the Beacon app, and this section of the Privacy Policy will be reviewed against the actual implementation to ensure all disclosures remain accurate.

12. Your rights

Depending on where you live, you may have specific rights over your data. Beacon honors the following requests regardless of where you live:

• Access: Ask us what data we have about you. We’ll send you a copy.
• Correction: Ask us to fix incorrect data.
• Deletion: Ask us to delete your account and data (see Section 9).
• Portability: Ask us to export your data in a machine-readable format (JSON).
• Objection: Tell us to stop processing your data for any non-essential purpose.
• Withdraw consent: If you opted in to SMS, you can text STOP to opt out. You can also disable individual notification types in app settings.

To exercise any of these rights, email support@beaconhelps.com. We respond within 30 days.

For California residents

You have the rights described above under the California Consumer Privacy Act (CCPA). You also have the right to know what categories of personal information we have collected, the categories of sources, and the business purposes for collection. Sections 2, 4, and 5 of this policy describe these in detail. We do not sell your personal information, and we have not done so in the preceding 12 months.

For residents of the European Economic Area, United Kingdom, and Switzerland

You have the rights described above under GDPR. The legal bases on which we process your data are:

• Performance of a contract (you signed up to use Beacon)
• Consent (for SMS and for any optional features you explicitly opted into)
• Legitimate interest (for product improvement, security, and fraud prevention)

You have the right to lodge a complaint with your local data protection authority.

13. Children

Beacon is intended for college students aged 18 and older. We do not knowingly collect data from children under 13 (COPPA in the US). If you are between 13 and 17, you should only use Beacon with the involvement of a parent or guardian. If we learn that a child under 13 has provided us with personal information, we will delete it promptly.

14. FERPA

Beacon currently operates as a direct-to-student tool. Your school is not Beacon’s customer — you are. When you connect Beacon to Canvas, you are personally authorizing Beacon to receive your educational records via your own access. Beacon does not act as a “school official” under FERPA in this model.

If Beacon enters into contracts with educational institutions in the future, FERPA-compliant data processing agreements will govern that data, and this policy will be updated to describe how institutional data is handled.

15. International data transfers

Beacon’s servers are in the United States. If you are outside the United States, your data will be transferred to and processed in the US. By using Beacon, you consent to this transfer. We rely on Standard Contractual Clauses (SCCs) where applicable for transfers from the EU/UK to the US.

16. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email and via an in-app notification before the change takes effect. The “Last updated” date at the top of this page tells you when the current version was published.

17. Contact

For privacy questions, data requests, or any other concern about how Beacon handles your information:

support@beaconhelps.com

We respond within 30 days, usually much faster.

Beacon Helps · 21 Joyce Lane · Woodbury, NY 11797 · support@beaconhelps.com

© 2026 Rachel Gubin Affiliate Consulting, Inc. d/b/a Beacon Helps. All rights reserved.