Privacy Policy

Beakwise Corporation ("Beakwise," "we," "us," or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you visit our website www.beakwise.com, use our enterprise software solutions and services, interact with us in connection with our B2B relationships, apply for employment opportunities, or engage with our sales, support, or professional services teams.

We are committed to transparency in our data practices and giving you control over your personal information. As a B2B FinTech/InsurTech provider, we handle enterprise data and job applicant information with the highest standards of security and compliance.

This policy ensures comprehensive compliance with global data protection regulations including: General Data Protection Regulation (EU) 2016/679 (GDPR), EU Digital Services Act (DSA), EU Digital Markets Act (DMA), EU AI Act (Regulation 2024/1689), EU Data Act, Turkish Personal Data Protection Law No. 6698 (KVKK), Uzbekistan Law No. ZRU-547 on Personal Data, California Consumer Privacy Act (CCPA), UK Data Protection Act 2018, Lei Geral de Proteção de Dados (LGPD), Equal Employment Opportunity (EEO) laws, and other applicable privacy and data protection laws. We maintain SOC 2 Type II and ISO 27001 certifications and comply with sector-specific regulations including GLBA, PCI DSS, and SOX.

We collect information through direct interactions, automated technologies, third-party sources, and job application processes to provide our enterprise services and manage recruitment.

Information You Provide Directly

• Full name and professional title
• Business and personal email addresses
• Company name, size, and industry sector
• Business and personal phone numbers
• Job title, department, and role within organization

Information Collected Automatically

• IP address and approximate geographic location
• Browser type, version, and language settings
• Device type, operating system, and unique identifiers
• Pages visited, features used, click patterns, and session duration

We use collected information for the following business purposes:

• Communications: Service updates and security alerts, marketing communications (with consent), newsletters and thought leadership, event invitations, recruitment communications
• Service Delivery: Providing access to our platform, customer onboarding, technical support, service customization and configuration
• Service Improvement: Analyzing usage patterns to enhance user experience, optimizing platform performance, and developing new features
• Marketing & Sales: Lead generation and qualification, account-based marketing, customer relationship management, market analysis and segmentation
• Legal Compliance: Meeting regulatory requirements, responding to legal requests, and protecting our rights and interests

We share information only as described below and with appropriate safeguards:

• Service Providers: Cloud infrastructure (AWS, Google Cloud, Azure), analytics providers, communication tools, payment processors, recruitment platforms and ATS systems, background check providers - all bound by strict confidentiality agreements
• Legal Requirements: Court orders or subpoenas, government or regulatory requests, law enforcement investigations, employment verification requests, protection of rights and safety
• Business Transfers: Mergers, acquisitions, or asset sales (with notice to affected users), bankruptcy or reorganization proceedings
• With Consent: Specific third parties you authorize, integrated services you enable, public testimonials or case studies (with permission), employment references (with authorization)

We implement comprehensive technical and organizational security measures to protect your personal data:

Encryption: TLS 1.3 for data in transit, AES-256 encryption for data at rest. Access Controls: Role-based access control (RBAC), multi-factor authentication (MFA), principle of least privilege, regular access reviews. Infrastructure: Next-generation firewalls, intrusion detection/prevention systems, DDoS protection, secure data centers with physical security. Monitoring: 24/7 security operations center, continuous audit logging, anomaly detection, vulnerability scanning and penetration testing.

While we implement industry-leading security measures, no method of transmission over the internet or electronic storage is 100% secure. We cannot guarantee absolute security but commit to promptly addressing any incidents.

We use cookies and similar technologies to enhance your experience, analyze usage, and support marketing efforts. You can manage your preferences through our consent banner or browser settings.

Essential Cookies

Required for website functionality, security, fraud prevention, and job application systems. These cannot be disabled without losing core functionality.

Performance & Analytics Cookies

Help us understand website usage, measure performance, improve user experience, and optimize recruitment processes. Includes Google Analytics and custom analytics tools.

Marketing & Advertising Cookies

Used to deliver relevant advertisements, measure campaign effectiveness, track job board performance, and limit ad frequency. Includes LinkedIn Insights, Google Ads, and retargeting pixels.

You can manage cookie preferences through our consent banner, browser settings, or by visiting Cookie Policy

When you grant analytics consent, we use persistent visitor identification to provide more accurate analytics and improve your experience across sessions.

This persistent tracking allows us to:

• Accurately count unique visitors to our website
• Understand which marketing channels effectively reach our audience
• Analyze customer journeys across multiple visits
• Improve website performance and user experience over time

Data Stored

• Session Identifier: A randomly generated UUID in the format sess_xxxxx
• Advertising Click IDs: Parameters from advertising platforms (gclid, gbraid, wbraid for Google Ads; li_fat_id for LinkedIn Ads). These identifiers are captured immediately when you arrive from an advertisement and initially stored in temporary browser memory (sessionStorage) to enable conversion tracking based on legitimate interest. If you grant analytics consent, they are moved to persistent storage (localStorage) for improved attribution accuracy.
• Storage Location: Browser localStorage (persists until you revoke consent or clear browser data)

Consent-Based Storage

• With Analytics Consent: Your session identifier and click IDs are stored in localStorage and persist across browser sessions.
• Without Analytics Consent: Data is stored only in sessionStorage and is automatically deleted when you close your browser.
• If you grant consent mid-session, your existing session data is migrated from temporary to persistent storage.
• If you revoke consent, all persistent tracking data is immediately deleted from localStorage, and a new temporary session identifier is created.

Legal Basis

We process this data based on your explicit consent (GDPR Article 6(1)(a)). You have the right to revoke your consent at any time through our consent management interface.

Data Retention

• With consent: Up to 13 months of inactivity (automatically deleted by server after 395 days)
• Without consent: Session duration only (deleted when browser is closed)
• Upon consent revocation: Immediate deletion from both client-side storage and server databases

Your Rights

• View your current session identifier on this page (see Analytics Session ID section below)
• Revoke analytics consent at any time to stop persistent tracking
• Clear your browser's localStorage to remove all stored identifiers
• Contact us to request deletion of any analytics data associated with your session

We use server-side conversion tracking to measure the effectiveness of our advertising campaigns. When you submit a form, request a demo, or take other qualifying actions on our website, we may send conversion data to our advertising partners to understand which advertisements drove your action and optimize our marketing spend.

Data Collected

We collect two tiers of conversion data:

Tier 1: Basic Conversion Data (Always Tracked)

• Conversion value (if applicable)

Tier 2: Enhanced Conversion Data (Only with Marketing Consent)

• Phone number (SHA-256 hashed before transmission)

Advertising Partners

Conversion data is sent to:

• Google Ads: For measuring Google advertising campaign effectiveness and ROI
• LinkedIn Ads: For measuring LinkedIn campaign performance and business audience targeting

Legal Basis for Processing

Legitimate Interest (Tier 1 Data)

We track basic conversion metrics based on legitimate interest (GDPR Article 6(1)(f)) to measure advertising ROI, optimize ad spend, understand customer journey, and prevent fraud. This processing is necessary for our business operations and does not override your fundamental rights.

Marketing Consent (Tier 2 Data)

We only include personally identifiable information (PII) in conversion events when you have explicitly consented to marketing communications. This enhanced data improves ad targeting accuracy and match rates with advertising platforms. You can grant or withdraw consent at any time through our consent management interface.

Data Security and Privacy

• Server-Side Processing: All conversion tracking is performed server-side through our Backend-for-Frontend (BFF) service, eliminating the need for third-party cookies on your device.
• SHA-256 Hashing: All personally identifiable information (email, phone, name) is hashed using SHA-256 cryptographic algorithm before transmission to advertising platforms. The original plaintext data is never sent.
• Ephemeral Processing: PII is hashed in-memory during request processing and immediately discarded. We do not store conversion PII in databases or logs.
• IP Anonymization: IP addresses are automatically anonymized before any processing (IPv4: last octet zeroed; IPv6: last 80 bits zeroed).

Your Rights and Control

• Opt-Out: You can opt out of enhanced conversion tracking (Tier 2) by declining marketing consent in our consent banner.
• Basic Tracking: Even if you decline marketing consent, we will continue to track basic conversion metrics (Tier 1) based on legitimate interest. This data contains no PII and cannot identify you personally.
• Data Access: Since conversion data is processed ephemerally and not stored, we cannot provide access to historical conversion data. However, you can review your current consent status and manage preferences at any time.
• CCPA Opt-Out: California residents can opt out of the "sale" or "sharing" of personal information (as defined by CCPA) by declining marketing consent. Click IDs and basic conversion data (Tier 1) do not constitute "sale" under CCPA.

Data Retention

Conversion data retention by our advertising partners:

• Google Ads: Conversion data is retained for up to 18 months for campaign optimization, then automatically deleted or anonymized.
• LinkedIn Ads: Conversion data is retained for up to 12 months for reporting and analytics purposes.
• Beakwise: We do not retain conversion data beyond the ephemeral processing period (milliseconds). All PII is discarded immediately after hashing and transmission.

How Conversion Tracking Works

Advertising platforms use hashed PII to match conversions to their user profiles, enabling accurate attribution and campaign optimization. Typical match rates:

• Tier 1 Only (Click IDs): ~60-70% match rate
• Tier 2 Enhanced (PII + Click IDs): ~85-95% match rate

Higher match rates mean more accurate ROI measurement and better ad targeting, but require your explicit marketing consent.

You have important rights regarding your personal data. The specific rights available depend on your location and your relationship with us (customer, job applicant, etc.):

GDPR Rights (EU/UK/EEA Residents)

• Right to Access: Request a copy of your personal data we hold
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data ("right to be forgotten")
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to certain processing activities
• Right to Withdraw Consent: Withdraw consent at any time where processing is based on consent

CCPA Rights (California Residents)

• Right to Know: What personal information we collect, use, share, and sell
• Right to Delete: Request deletion of personal information
• Right to Opt-Out: We do not sell personal information, but you may opt-out of certain sharing
• Right to Non-Discrimination: Equal service and employment consideration regardless of exercising privacy rights

We believe in keeping your data only as long as necessary. Our backend implements automated GDPR-compliant data deletion via scheduled database jobs, ensuring your information doesn't outlive its purpose.

Analytics Data We Collect

What We Don't Store

• Your full IP address — we anonymize it before any storage
• Cookies for privacy-focused analytics — Plausible is completely cookieless
• Any personally identifiable information in analytics data

Third-Party Analytics Providers

Automatic Deletion Schedule

We run automated deletion jobs to ensure data doesn't outlive its purpose:

• Weekly (Sundays): Consent records and user analytics history older than 13 months are permanently deleted
• Daily: Analytics events older than 90 days are permanently deleted
• Daily: Failed/dead letter events older than 30 days are permanently deleted

All deletions are logged to an internal audit trail for compliance verification.

Your Rights Under GDPR

Right to Erasure (Article 17)

Request deletion of your data before the retention period expires by contacting our Data Protection Officer.

Right to Object (Article 21)

Withdraw consent anytime via the cookie banner. GA4 tracking stops immediately. Plausible continues under legitimate interest as it's cookieless and collects no personal data.

Right to Access (Article 15)

Request a copy of data we hold about you through a Data Subject Access Request (DSAR).

Legal Basis for Processing

Contact for Data Requests

When submitting a data deletion or access request, please reference your analytics session identifier below. This helps us locate and process your data efficiently.

For privacy-related questions, concerns, or to exercise your rights, please contact us: