Privacy Policy

Last updated: March 30, 2026

The short version

🛡

Your data stays yours

The data you submit belongs to you. We don't use it to train AI models. We don't sell it.

🔒

Encrypted in transit

All data is encrypted in transit using industry-standard protocols (TLS), with access controls and least-privilege handling.

👁

No tracking for ads

We use only strictly necessary cookies. We don't use tracking or advertising cookies, and we don't sell your data.

🗑

You can delete your data

Request deletion anytime. Customer Data and Output Data are deleted within 30 days of account deletion.

🌍

GDPR and CCPA aware

We respect privacy laws in the EU, California, and Israel, and honor your rights under them.

🏢

Israeli company, global standards

Beam is incorporated in Israel and operates under Israeli and international privacy law.

Contents

1. Definitions 2. Information We Collect 3. How We Use Your Information 4. How We Share Your Information 5. Data Retention 6. Data Security 7. International Data Transfers 8. Your Rights 9. Cookies and Tracking Technologies 10. Children's Privacy 11. Changes to This Policy 12. Contact Us 13. Supervisory Authority 14. Legal Basis for Processing (GDPR) 15. California Privacy Rights (CCPA) 16. Sub-Processors

This Privacy Policy ("Policy") describes how Beam Strategic Execution Ltd., an Israeli company ("Beam," "Company," "we," "us," or "our"), collects, uses, discloses, and protects information in connection with the Beam platform (the "Platform") and our website at https://beam.builders/ (the "Website"). Beam Strategic Execution Ltd. is a subsidiary of Beam Strategic Execution LLC, a Delaware limited liability company.

By accessing or using the Platform or Website, you ("you" or "User") acknowledge that you have read and understood this Policy. If you are using the Platform on behalf of an organization, you represent that you have the authority to bind that organization to this Policy.

1. Definitions

1.1. "Applicable Law" means the Israeli Privacy Protection Law, 5741-1981 and the regulations promulgated thereunder (including the Privacy Protection Regulations (Data Security), 5777-2017), as amended by Amendment 13; the General Data Protection Regulation (EU) 2016/679 ("GDPR") where applicable; the California Consumer Privacy Act ("CCPA") where applicable; and any other data protection legislation applicable to the Processing of Personal Data in connection with the Platform.

1.2. "Customer Data" means any information, content, data, or materials that a User submits to or generates through the Platform in the course of using the Platform, including seed ideas, conversation inputs, organizational context documents, and any other content provided by the User.

1.3. "Output Data" means any reports, product graphs, plans, analyses, structured questions, and other output that the Platform generates and provides or makes available to the User.

1.4. "Personal Data" means any information relating to an identified individual or an individual who is reasonably identifiable, including through means of an identifier such as a name, ID number, biometric identifier, location data, an online identifier, or one or more factors relating to the physical, health, economic, social, or cultural identity of such individual.

1.5. "Processing" (and its derivatives, including "Process") means the collection, access, retention, modification, use, disclosure, and transfer of Personal Data.

2. Information We Collect

2.1. Information You Provide Directly

  • Account Information. When you create an account, we collect your name, email address, and authentication credentials (managed through our third-party authentication provider, Clerk).
  • Customer Data. Content you submit to the Platform during planning sessions, including seed ideas, answers to structured and free-form questions, organizational context documents, and any other inputs.
  • Communications. Information you provide when you contact us for support, provide feedback, or otherwise communicate with us.

2.2. Information Collected Automatically

  • Usage Data. Information about how you interact with the Platform, including pages visited, features used, session duration, timestamps, and interaction patterns.
  • Device and Connection Data. Device type, operating system, browser type and version, and IP address. IP addresses are anonymized prior to long-term storage.
  • Log Data. Server logs that record requests made to the Platform, including request timestamps, endpoints accessed, response codes, and anonymized IP addresses.

2.3. Information from Third-Party Services

  • Authentication Provider. We receive basic profile information (name, email address) from Clerk when you authenticate.
  • Analytics. We may use third-party analytics services that collect anonymized usage data to help us understand how the Platform is used.

3. How We Use Your Information

We Process your information for the following purposes:

3.1. Providing the Platform. To operate, maintain, and deliver the Platform and its features, including AI-powered planning sessions, structured question flows, knowledge retrieval, and product graph generation.

3.2. AI Processing. Customer Data is transmitted to third-party AI model providers (currently Google Gemini via Vertex AI) to generate Output Data. Customer Data is used as input for generating AI responses within your sessions. Customer Data is not used to train, fine-tune, or improve third-party AI models. Our AI providers process Customer Data solely to generate responses and do not retain it for model training purposes.

3.3. Service Improvement. We may use aggregated, de-identified data derived from usage of the Platform to analyze, improve, support, and operate the Platform and for internal product development purposes. Such aggregated data does not identify you or any individual User.

3.4. Domain Knowledge. The Platform incorporates a curated library of product management knowledge (published books, publicly available podcast transcripts, and articles). This content is maintained by Beam and is not derived from Customer Data.

3.5. Communications. To respond to your inquiries, provide support, and send you service-related notices.

3.6. Security and Compliance. To detect, prevent, and address technical issues, fraud, and security incidents, and to comply with Applicable Law.

3.7. Legal Obligations. To comply with legal obligations, enforce our Terms of Use, and protect our rights, privacy, safety, or property.

4. How We Share Your Information

We do not sell your Personal Data. We may share your information in the following circumstances:

4.1. AI Service Providers. Customer Data is transmitted to Google (Gemini via Vertex AI) for AI processing as described in Section 3.2. Google processes this data under contractual terms that prohibit use of Customer Data for model training.

4.2. Infrastructure and Service Providers. We use third-party service providers for hosting (Railway), authentication (Clerk), vector search (Pinecone), and other infrastructure necessary to operate the Platform. These providers Process Personal Data only as necessary to perform their services and are bound by contractual obligations consistent with this Policy and Applicable Law.

4.3. Within Our Corporate Group. We may share information between Beam Strategic Execution Ltd. (Israel) and Beam Strategic Execution LLC (United States) for the purposes described in this Policy. Both entities are bound by equivalent data protection obligations.

4.4. Legal Requirements. We may disclose information where required by Applicable Law, regulation, legal process, or governmental request. Where permitted by law, we will provide notice before such disclosure.

4.5. Business Transfers. In the event of a merger, acquisition, reorganization, or sale of all or substantially all of our assets, your information may be transferred as part of such transaction. We will notify you of any such change and any choices you may have regarding your information.

4.6. With Your Consent. We may share your information for any other purpose with your explicit consent.

5. Data Retention

5.1. We retain your Personal Data only as long as necessary to fulfill the purposes for which it was collected, including to provide the Platform, comply with legal obligations, resolve disputes, and enforce our agreements.

5.2. Account Data is retained for the duration of your account and for a reasonable period thereafter to comply with legal obligations.

5.3. Customer Data and Output Data are retained for as long as your account is active. Upon account deletion or termination of the Agreement, Customer Data and Output Data are deleted within thirty (30) days, except as required by Applicable Law.

5.4. Usage and Log Data are retained in anonymized form for up to ninety (90) days for operational and security purposes.

5.5. Aggregated Data. We may retain aggregated, de-identified data indefinitely for analytical and product improvement purposes. Such data cannot be used to identify any individual.

6. Data Security

6.1. We implement appropriate technical and organizational measures to protect Personal Data against unauthorized access, alteration, disclosure, or destruction. These measures include encryption of data in transit (TLS), access controls, logical separation of Customer Data from other systems, regular security updates, and monitoring of access to systems containing Personal Data.

6.2. We manage access rights to Personal Data on a least-privilege, need-to-know basis.

6.3. No method of transmission over the Internet or method of electronic storage is completely secure. While we strive to use commercially reasonable means to protect your Personal Data, we cannot guarantee its absolute security.

7. International Data Transfers

7.1. Beam Strategic Execution Ltd. is based in Israel, which is recognized by the European Commission as providing an adequate level of data protection.

7.2. Your information may be transferred to and processed in jurisdictions outside of Israel, including the United States (where our parent company, Beam Strategic Execution LLC, is incorporated) and other jurisdictions where our service providers operate. Such transfers are conducted in compliance with Applicable Law, including the Israeli Protection of Privacy Regulations (Transfer of Information to Databases Outside of Israel), 5761-2001.

7.3. Where required, we implement appropriate safeguards for cross-border transfers, including contractual protections consistent with Applicable Law.

8. Your Rights

Subject to Applicable Law, you may have the following rights with respect to your Personal Data:

8.1. Right of Access. You may request a copy of the Personal Data we hold about you.

8.2. Right to Rectification. You may request correction of inaccurate or incomplete Personal Data.

8.3. Right to Deletion. You may request deletion of your Personal Data, subject to our legal obligations and legitimate interests.

8.4. Right to Restriction. You may request restriction of Processing of your Personal Data under certain circumstances.

8.5. Right to Data Portability. Where technically feasible and required by Applicable Law, you may request your Personal Data in a structured, commonly used, machine-readable format.

8.6. Right to Object. You may object to Processing of your Personal Data where Processing is based on our legitimate interests.

8.7. Right to Withdraw Consent. Where Processing is based on your consent, you may withdraw consent at any time without affecting the lawfulness of Processing based on consent before its withdrawal.

To exercise any of these rights, please contact us at the address provided in Section 12. We will respond to your request within the timeframe required by Applicable Law. We may request verification of your identity before fulfilling your request.

9. Cookies and Tracking Technologies

9.1. We use strictly necessary cookies to operate the Platform (authentication tokens, session identifiers). These cookies are essential for the Platform to function and cannot be disabled.

9.2. We do not use tracking or advertising cookies. If we introduce analytics cookies in the future, we will update this Policy and provide an opt-in mechanism prior to their deployment.

10. Children's Privacy

The Platform is not directed to individuals under the age of eighteen (18). We do not knowingly collect Personal Data from individuals under 18. If we become aware that we have collected Personal Data from an individual under 18, we will take steps to delete such data promptly.

11. Changes to This Policy

We may update this Policy from time to time. We will notify you of material changes by posting the updated Policy on the Website with a revised "Last Updated" date and, where required by Applicable Law, by providing additional notice (such as email notification). Your continued use of the Platform after such changes constitutes acceptance of the updated Policy.

12. Contact Us

If you have questions about this Policy, wish to exercise your privacy rights, or have concerns about our data practices, please contact us at:

Beam Strategic Execution Ltd.
Email: privacy@beam.builders

For matters relating to our US operations:

Beam Strategic Execution LLC
Email: privacy@beam.builders

13. Supervisory Authority

If you are located in Israel, you have the right to lodge a complaint with the Israeli Privacy Protection Authority. If you are located in the European Economic Area, you have the right to lodge a complaint with the relevant supervisory authority in your jurisdiction.

14. Legal Basis for Processing (GDPR)

Where the GDPR applies, we Process Personal Data on the following legal bases:

14.1. Performance of a Contract. Processing necessary to perform our obligations under the Terms of Use and provide the Platform (Sections 3.1, 3.2, 3.5).

14.2. Legitimate Interests. Processing necessary for our legitimate interests, including service improvement, security, and fraud prevention (Sections 3.3, 3.6), where such interests are not overridden by your rights and freedoms.

14.3. Legal Obligation. Processing necessary to comply with legal obligations to which we are subject (Section 3.7).

14.4. Consent. Where none of the above bases apply, we Process Personal Data based on your consent, which may be withdrawn at any time.

15. California Privacy Rights (CCPA)

If you are a California resident, you may have the following additional rights under the CCPA:

15.1. Right to Know. You may request disclosure of the categories and specific pieces of Personal Data we have collected about you.

15.2. Right to Delete. You may request deletion of Personal Data we have collected from you.

15.3. Right to Non-Discrimination. We will not discriminate against you for exercising your CCPA rights.

15.4. No Sale of Personal Data. We do not sell Personal Data as defined by the CCPA.

To exercise your CCPA rights, contact us as described in Section 12.

16. Sub-Processors

We maintain a list of sub-processors that Process Personal Data on our behalf. The current sub-processors are:

Sub-Processor Purpose Location
Google Cloud (Vertex AI) AI model inference United States / Global
Clerk Authentication and user management United States
Pinecone Vector search and retrieval United States
Railway Application hosting United States

We will provide thirty (30) days' prior notice before engaging new sub-processors. Customers may subscribe to sub-processor change notifications by emailing privacy@beam.builders with the subject line "Subscribe to Sub-Processor Updates."