DockBeacon

Legal

DockBeacon privacy policy

This policy explains how DockBeacon handles account, workspace, team, operations, session, security, and support data.

Last updated: May 10, 2026

Information we collect

  • Account data such as name, email address, authentication method, role, and password hash when email login is used.
  • Workspace and team data such as company name, timezone, invite status, team roles, and user membership.
  • Operational data such as vans, equipment, supplies, readiness checks, issues, reminders, notes, overrides, and workspace export records.
  • Reports and feedback submitted through the product or support channels.
  • Lead magnet and resource request data such as work email, optional name, optional company name, requested resource, and optional marketing consent.
  • Proof photos and proof attachment metadata such as submitted filenames, mime type, file size, linked check/issue/restock record, uploaded-by user, upload time, retention status, technical details, and retained file contents for authorized workspace review.
  • Email, activity, and security logs such as verification, invite, password reset, login, logout, dispatch override, export, webhook, delivery, bounce, complaint, and security activity events.
  • Marketing preference records such as consent text, consent timestamp, and unsubscribe status for optional DockBeacon product-update emails.
  • Stripe billing identifiers and subscription state such as customer identifiers, subscription identifiers, price identifiers, plan, trial, renewal, cancellation, payment-required status, and webhook event summaries.
  • Cookies and session data used to keep users signed in, protect accounts, and operate the application.
  • First-party analytics events used to understand public page visits, resource requests, signup, onboarding, billing setup, product activation, invites, feedback, and plan-limit friction.

How we use information

  • To provide DockBeacon's van readiness, equipment, supply, issue, reminder, team, and export features.
  • To authenticate users, maintain sessions, prevent abuse, and investigate account or workspace security events.
  • To support Google sign-in by using the user's verified Google email, name, and Google account identifier for account creation, account linking, login, and invite matching.
  • To send transactional emails such as invites, verification messages, password resets, security notices, feedback receipts, and support responses through Resend or a configured email provider.
  • To send requested resources, such as the Morning Dispatch Kit, through Resend or a configured email provider when a person asks DockBeacon to send that resource.
  • To respect optional marketing consent, store unsubscribe preferences, and avoid adding people to product-update emails unless they opt in.
  • To improve reliability, troubleshoot errors, and understand how the product is used at an operational level.
  • To improve onboarding and the service using first-party analytics, including safe attribution for resource requests. This implementation does not use a third-party analytics vendor.

Google sign-in data

  • DockBeacon requests only the Google sign-in data needed to authenticate a user: basic profile information, verified email address, and Google account identifier.
  • DockBeacon uses Google sign-in data to create or connect the user's DockBeacon account, keep the account linked for future login, and confirm invite acceptance uses the invited email address.
  • DockBeacon does not access Gmail, Drive, Calendar, contacts, or other Google content.
  • DockBeacon does not sell Google user data or use it for advertising.

Payments

  • DockBeacon uses Stripe-hosted Checkout and the Stripe customer portal for subscription billing.
  • New workspaces start a 7-day no-card trial when the workspace is created.
  • 7-day trial. No charge during the trial.
  • DockBeacon plans include Starter at $39/month and Growth at $89/month.
  • Stripe handles payment details when an owner chooses a paid plan. DockBeacon does not store card details. Stripe may also handle invoices, receipts, and payment-method updates.
  • Stripe may collect billing address, business tax ID, and tax calculation details where required by Checkout, invoices, or Customer Portal settings.
  • DockBeacon stores only the billing identifiers and subscription status needed to operate the service and reconcile webhooks.
  • Payment details, passwords, and provider secrets are not stored in analytics events.

Cookies and tracking

  • DockBeacon uses essential first-party cookies for authentication, sessions, security, and basic application operation.
  • Public marketing analytics use first-party cookies or local storage only after site consent is accepted. They help DockBeacon understand page visits, attribution, signup intent, resource requests, and checkout returns.
  • Analytics events do not store raw IP addresses. If IP-derived analytics are enabled, DockBeacon stores only a salted hash.
  • Stripe-hosted Checkout and the Stripe customer portal may set their own cookies or collect device/payment signals while customers use Stripe-hosted billing pages.
  • Google may set or read cookies during the Google OAuth sign-in flow according to Google's own account and security practices.
  • Cloudflare Turnstile may load challenge scripts and use technical signals to protect signup from abuse when Turnstile is enabled.
  • DockBeacon does not add a third-party advertising pixel for the current public analytics implementation.

Subprocessors and service providers

  • DockBeacon may use subprocessors and service providers for hosting, database infrastructure, backups, email delivery, authentication, monitoring, support, analytics, fraud/abuse prevention, and payment processing.
  • Stripe is used for subscription Checkout, Customer Portal, payment methods, invoices, receipts, taxes where configured, and subscription lifecycle webhooks.
  • Google OAuth is used only for sign-in/account-linking when a user chooses Google sign-in.
  • Resend is used for transactional email delivery, requested resource delivery, optional marketing email delivery if added later, and delivery-status webhooks when email is enabled.
  • Cloudflare may be used for DNS, TLS, edge protection, and Turnstile signup protection depending on the production configuration.
  • DockBeacon's conversion tracking is first-party. Infrastructure providers may process limited operational telemetry for security, performance, and reliability.
  • We do not sell workspace operational data.
  • We do not sell lead, contact, or marketing preference data.
  • We may disclose information when required by law, to protect the service, or to respond to valid legal requests.

Data export and deletion

  • Workspace owners can export workspace data from settings where export tools are available.
  • Workspace owners can request deletion or assistance with export by contacting [email protected].
  • Deletion requests may require identity, ownership, or authorization checks before action is taken.
  • Some records may be retained where needed for security, billing, backup, abuse prevention, fraud prevention, dispute handling, support, or legal reasons.
  • Unsubscribe and suppression records may be retained so DockBeacon does not accidentally re-add a person to optional marketing outreach.
  • Workspace exports include operational records and safe supporting details, but do not include password hashes, auth secrets, provider secrets, raw proof file paths, or card details.

Security and retention

  • DockBeacon uses account authentication, role-based workspace controls, security logging, and production security headers to help protect the service.
  • No internet service can guarantee perfect security, and customers should use strong passwords and limit workspace access to authorized team members.
  • Analytics events do not store raw IP addresses. If IP-derived analytics are enabled, DockBeacon stores only a salted hash.
  • Requested resource emails are separate from optional marketing emails. Unsubscribing from optional marketing emails does not block account security, password reset, workspace invite, billing, support, or requested resource emails needed to operate the service.
  • Operational data is retained while a workspace is active unless exported, deleted, or otherwise handled through a support request.
  • Proof file views require authenticated access to the same workspace. Logged-out users and users from other workspaces cannot view proof files.
  • Proof photos are stored for the workspace retention period selected in DockBeacon proof settings, then deleted from active storage by retention cleanup.
  • Reports and history may keep proof metadata after the image file is deleted from active storage.
  • Proof photos, proof metadata, and retained files are workspace records and may remain in backups for a limited period after deletion, correction, or retention cleanup.
  • Database backups and proof-file backups are operational recovery tools with documented limitations. Proof files may require separate backup from database records, and restored backups may need follow-up handling for approved deletion requests.

Operational records

  • Reports summarize checks, blockers, restocks, proof attachments, overrides, and open follow-up for workspace review.
  • Reports are operational summaries, not legal, safety, insurance, medical, regulatory, or compliance certification.
  • Customers remain responsible for their own required records, workplace policies, customer obligations, and regulatory programs.

Contact

Privacy, export, and deletion requests can be sent through the contact page or emailed to [email protected]. Security requests can be emailed to [email protected]. General questions can be emailed to [email protected]. DockBeacon's public mailing address is PatchMedia, 3037 152 Street Suite 1019, Surrey, BC V4P 3K1, Canada.