Privacy Policy

Introduction

BetaSpotter ("we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use betaspotter.com.

By using BetaSpotter you agree to this policy. If you do not agree, please do not use our service.

Information We Collect

Account information

• Name and email address
• Username
• Password (bcrypt-hashed — we never see the plaintext)
• Optional profile data: bio, website, Twitter handle, avatar

Activity data

• Products you upvote, apply to, or submit
• Feedback you write for betas
• Applications you send or receive
• Notifications read/unread state

Technical data

• IP address (rate-limiting only, not stored long-term)
• Browser and device info
• Server logs retained for 30 days

How We Use Your Information

• Create and maintain your account
• Match Spotters with relevant beta products
• Send transactional emails: verification, application updates, feedback alerts
• Enforce rate limits and prevent abuse
• Improve the platform via aggregate usage patterns
• Respond to support requests

We do not sell your data or use it for advertising.

Information Sharing

• Founders see your username, bio, and expertise when you apply to their beta
• Your founder profile (name, username, avatar, bio) is visible to Spotters on listed betas
• Service providers: Resend (email), Railway and Vercel (hosting) — under data processing agreements
• Legal obligations: when required by law or to protect safety

Data Retention

Data is retained while your account is active. On deletion:

• Profile data deleted immediately
• Submitted feedback anonymised (not deleted — founders rely on it)
• Server logs purged within 30 days

Cookies & Storage

• We use localStorage (not cookies) to store your JWT refresh token — cleared on logout
• No third-party tracking or advertising cookies
• No Google Analytics or similar cookie-based tools

Security

• Passwords hashed with bcrypt (cost factor 12)
• All traffic encrypted via TLS
• Access tokens expire in 15 minutes; refresh tokens rotate on each use
• Database not publicly exposed

Found a vulnerability? Email security@betaspotter.com.

Your Rights

You may have the right to access, correct, delete, or export your data. Most corrections can be made in Settings. For other requests, email hello@betaspotter.com with subject "Privacy Request" — we respond within 30 days.

Children's Privacy

BetaSpotter is not intended for anyone under 13. If you believe we have collected data from a child, contact us and we will delete it promptly.

Changes

We may update this policy. Significant changes will be emailed and the "Last updated" date will change. Continued use after changes constitutes acceptance.