How does Beam work and what does it do with the data?

This document will explain how Beam works, and what it does with the various data it collects. It is important to note that there are two sources of data:

Beam users Visitor data to websites run by Beam users. We start first by looking at how Beam stays GDPR compliant with how it manages visitor data to websites run by Beam users.

1. HTML Script on your site

You create an account with us because you’re interested in analytics about your users, but want to stay GDPR compliant.

After logging in, you’re taken to the landing page where you’re asked to embed a script onto your web page. The script looks like:

<script src="https://beamanalytics.b-cdn.net/beam.min.js" data-token="abc" async></script>

where the data-token is unique for each user.

This JavaScript embed script is loaded from Bunny.net, our global content delivery network (CDN). Bunny.net is a Slovenian owned company based in Slovenia.

2. Page view request

Our technology doesn't use cookies, so you won't need an annoying cookie consent banner taking up half of your page.

Instead of using cookies, once the script is loaded, a pageview request is sent to Hertzner, our EU-owned and located data processing server. It doesn’t matter if the visitor is in the EU or outside the EU - all visitor data is processed on EU-owned and located servers.

This request will contain details about the page your user is on and the website that referred them. The browser will also send our servers your user’s IP Address and User-Agent (which contains details about the browser they’re using and device type).

3. Hashing your user PII data

Using the Hertzner servers, we process the data. Specifically, we hash it to anonymize it.

hash(pepper(salt(ip address + user agent data))) = anonymized hashed data

This basically says we first salt the raw IP address and user agent data. Then we pepper it. Then we put it through a one way hashing function. From this, the user data is transformed into unique, but untraceable, anonymized hash data. This hashing process also allows us to establish if your user is a new daily visitor.

We also rely on Hertnzer for DNS and load balancing.

4. Storing the anonymized hash data

We build our product using Tinybird’s managed service for Clickhouse. Tinybird is a Spanish owned company. Tinybird uses AWS to store this data. AWS is owned by Amazon, a US-owned company, though we have chosen EU located AWS servers. In short, this means the anonymized hash data is ultimately stored on AWS servers in the EU, but AWS is a US owned company.

5. Beam user data

We use Vercel for the frontend development and Supabase for the backend development.

Beam users give us information like their email address. We store this data on Supabase, an open source Firebase alternative. Supabase is based in Singapore and we use Supabase servers that are EU-located. No visitor data to websites run by Beam users is stored on Supabase.

No data is stored with Vercel.

Summary: What data does Beam collect?

Data Point Example
Page URL www.stackoverflow.com
Page referrer www.twitter.com
Browser Chrome
Operating system macOS 12.5
Device type Desktop
Continent, country, city Europe, France, Paris
Title Beam - Google Analytics alternative that is GDPR compliant

Who are Beam's data sub-processors?

Business User Data

Sub-processor Processing Location* Description
Supabase EU Managed database used to store Beam’s business user data
Vercel Worldwide Hosts the Beam website
Stripe Worldwide Payment processing SaaS
Crisp Worldwide Helpdesk / messaging platform
Google Workspace Worldwide Email, File Storage, Calendar, Authentication
Bunny Slovenia Content Delivery Network
GraphJSON Worldwide Log data about how business users interact with Beam

End User Data

Sub-processor Processing Location* Description
Herztner Germany Used to hash and salt end user data to produce an anonymized hash
Tinybird EU Managed service for Clickhouse. All anonymized end user data is logged here.
Render EU Payment processing SaaS

If you are a customer and would like to sign our Data Processing Agreement(DPA), you can send it back to hi@beamanalytics.io.