Privacy Policy

Last updated: 12 May 2026 · Effective date: 12 May 2026

This Privacy Policy explains how Daily Review Beacon ("we", "us", "our") collects, uses, stores, and shares your personal data when you use our service at dailyreviewbeacon.com. Please read it carefully. By using our service, you confirm that you have read and understood this policy.

1. Who We Are

Daily Review Beacon is the data controller for the personal data of its registered users and website visitors. For the purposes of UK data protection law (the UK General Data Protection Regulation and the Data Protection Act 2018), we are established in the United Kingdom.

Contact: legal@dailyreviewbeacon.com

2. Data Controller vs Data Processor

Daily Review Beacon acts in two distinct capacities:

Data controller — for personal data relating to our registered business users (name, email address, billing information, account activity, and usage data). We determine the purposes and means of processing this data.
Data processor — for the personal data of your customers (names, telephone numbers, email addresses) that you upload or enter into the Service to send review requests. You are the data controller for your customers' data and are responsible for ensuring you have a lawful basis to process and contact those individuals. Our processing of your customers' data is governed by our Terms of Service and your instructions as data controller.

This Privacy Policy primarily addresses our role as data controller for our registered users. If you have questions about how we process your customers' data as a processor, please contact us at the address above.

3. Information We Collect

3.1 Account and Profile Data

First and last name;
Email address;
Password (stored as a cryptographic hash — we never store your password in readable form);
Business name and location details, including Google Place IDs.

3.2 Billing and Payment Data

We collect limited billing data including your subscription plan, billing currency, and invoice history. Payment card details are processed and stored by Stripe, Inc. We do not store your full card number, CVV, or equivalent sensitive payment data on our servers. See Section 7 (Stripe) for more detail.

3.3 Usage and Service Data

Review requests sent (contact names, phone numbers or email addresses, channel, timestamp, status);
Link click events and review request status (sent, clicked, feedback received);
Private feedback submitted by your customers via the feedback form;
Settings and preferences (e.g. theme, notification preferences).

3.4 Technical and Log Data

IP address;
Browser type and version;
Device type and operating system;
Pages visited and actions taken within the Service;
Dates and times of access;
Referring URLs.

3.5 Communications Data

If you contact us by email or another channel, we will retain the content of that communication and your contact details.

4. How We Use Your Information

Purpose	Data used	Lawful basis (UK GDPR Art. 6)
Providing and operating the Service, including sending review request emails and SMS on your behalf	Account data, contact data you upload, usage data	Performance of a contract (Art. 6(1)(b))
Processing subscription payments and managing billing	Account data, billing data	Performance of a contract (Art. 6(1)(b))
Sending transactional emails (account verification, password reset, billing receipts, security alerts)	Name, email address	Performance of a contract (Art. 6(1)(b))
Sending weekly summary reports (where enabled)	Name, email address, usage data	Legitimate interests (Art. 6(1)(f)) — keeping you informed about your account activity
Analytics — understanding how the Service is used and improving it	Technical and log data, usage data (via Google Analytics)	Legitimate interests (Art. 6(1)(f)) — improving the Service; consent where required by PECR
Security — detecting and preventing fraud, abuse, and unauthorised access	IP address, log data, account data	Legitimate interests (Art. 6(1)(f)) — protecting our systems and users
Complying with legal obligations	As required	Legal obligation (Art. 6(1)(c))

5. Google Analytics

We use Google Analytics, a web analytics service provided by Google LLC ("Google"), to understand how visitors use our website. Google Analytics uses cookies and similar tracking technologies to collect information about your use of the site, including your IP address (which is anonymised before being stored by Google), browser type, pages visited, and time spent on pages.

This data is transmitted to and stored on Google's servers, which may be located in the United States or other countries outside the UK and European Economic Area. Google's use of this data is governed by the Google Privacy Policy.

Google Analytics cookies are non-essential. Where required by law, we obtain your consent before setting them. You can opt out of Google Analytics tracking at any time by using the Google Analytics opt-out browser add-on, or by adjusting your cookie preferences when prompted on our site.

We have enabled IP anonymisation in Google Analytics so that your full IP address is not stored by Google in connection with your analytics data.

6. Cookies

We use the following types of cookies on our website and within the Service:

Cookie type	Purpose	Essential?
Authentication cookies	Maintain your logged-in session (tc_access, tc_refresh). These are HttpOnly, Secure, and SameSite=Strict cookies that cannot be accessed by JavaScript and are essential for the Service to function.	Yes
Analytics cookies	Google Analytics (_ga, _gid, _gat and related cookies) — track page views and user behaviour to help us improve the Service.	No — consent required

Essential cookies are set on the basis of our legitimate interest in providing a functional and secure service. Non-essential cookies (analytics) are set only with your consent where required by the UK Privacy and Electronic Communications Regulations 2003 (PECR).

You can control cookies through your browser settings. Blocking essential cookies will prevent the Service from functioning correctly. Blocking analytics cookies will not affect your ability to use the Service.

7. Stripe (Payment Processor)

We use Stripe, Inc. to process subscription payments. When you enter payment details, that information is transmitted directly to Stripe and is subject to Stripe's Privacy Policy. Stripe is certified as a PCI DSS Level 1 Service Provider.

We share with Stripe only the information necessary to process your payment (your email address and subscription details). Stripe may store your payment method details for future billing purposes in accordance with its own privacy policy.

Stripe may transfer your data internationally. Stripe's transfers are subject to appropriate safeguards including standard contractual clauses.

8. SMS Delivery (Telnyx)

When you use the Service to send SMS review requests, the telephone numbers you provide and the message content are transmitted to Telnyx, Inc., our SMS infrastructure provider. Telnyx processes this data solely to deliver messages on your behalf and is subject to Telnyx's Privacy Policy. Telnyx does not use your customers' phone numbers for any purpose other than message delivery.

9. Sharing Your Information

We do not sell, rent, or trade your personal data to third parties. We share your information only in the following circumstances:

Service providers: We share data with trusted third-party providers who assist us in operating the Service, including Stripe (payments), Telnyx (SMS), Google (analytics and review platform), and our email infrastructure provider. These providers are bound by data processing agreements and are authorised to use your data only as necessary to provide their services to us.
Legal requirements: We may disclose your information if required to do so by law, regulation, court order, or government authority, or where we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
Business transfers: In the event of a merger, acquisition, or sale of all or substantially all of our assets, your data may be transferred to the acquiring entity. We will notify you by email before your data becomes subject to a different privacy policy.

10. International Data Transfers

Some of our third-party providers (including Google and Stripe) may transfer and process personal data outside the United Kingdom. Where such transfers occur, we ensure that appropriate safeguards are in place, such as the UK International Data Transfer Agreement or the UK Addendum to the EU Standard Contractual Clauses, in accordance with the UK GDPR and guidance from the Information Commissioner's Office (ICO).

11. Data Retention

We retain your personal data for as long as your account is active and for a reasonable period thereafter, or as required by law. Specifically:

Account data: Retained for the duration of your account and deleted within 90 days of account closure, unless we are required by law to retain it for longer.
Billing records: Retained for 7 years from the date of the relevant transaction in accordance with UK tax and accounting requirements.
Review request and contact data: Retained while your account is active and deleted within 90 days of account closure.
Communications: Retained for up to 3 years from the date of last communication, or as necessary for legal purposes.
Technical logs: Retained for up to 12 months.

12. Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, loss, alteration, or disclosure. These measures include:

AES-256-GCM encryption for sensitive data at rest;
TLS encryption for all data in transit;
Bcrypt hashing of passwords;
HttpOnly, Secure, SameSite session cookies;
Role-based access controls;
Two-factor authentication (optional) for user accounts.

No method of electronic transmission or storage is completely secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. If you believe your account has been compromised, please contact us immediately at legal@dailyreviewbeacon.com.

13. Your Rights Under UK GDPR

As a data subject under UK GDPR, you have the following rights in relation to your personal data:

Right of access: You can request a copy of the personal data we hold about you.
Right to rectification: You can ask us to correct inaccurate or incomplete data.
Right to erasure ("right to be forgotten"): You can request that we delete your personal data where there is no compelling reason for us to continue processing it.
Right to restriction of processing: You can ask us to restrict how we process your data in certain circumstances.
Right to data portability: You can request a copy of your data in a structured, machine-readable format.
Right to object: You can object to processing based on our legitimate interests. We will stop processing unless we can demonstrate compelling legitimate grounds.
Rights in relation to automated decision-making: We do not make decisions about you solely by automated means that have a significant legal or similarly significant effect.
Right to withdraw consent: Where we rely on your consent as the lawful basis for processing, you may withdraw that consent at any time. Withdrawal will not affect the lawfulness of processing carried out before withdrawal.

To exercise any of these rights, please contact us at legal@dailyreviewbeacon.com. We will respond within one calendar month. We may ask you to verify your identity before processing your request. Exercising your rights is free of charge, except where requests are manifestly unfounded or excessive.

14. Complaints

If you are dissatisfied with how we have handled your personal data, you have the right to lodge a complaint with the Information Commissioner's Office (ICO), the supervisory authority for data protection in the United Kingdom:

Website: ico.org.uk
Telephone: 0303 123 1113

We would appreciate the opportunity to address your concerns before you approach the ICO. Please contact us first at legal@dailyreviewbeacon.com.

15. Children's Privacy

The Service is intended for use by businesses and is not directed at, nor intended for use by, individuals under the age of 18. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a child, please contact us immediately and we will take steps to delete the information.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, legal requirements, or the Service. We will notify you of material changes by email at least 14 days before the changes take effect. The "Last updated" date at the top of this page indicates when the policy was most recently revised. Continued use of the Service after the effective date of any changes constitutes your acknowledgement of the revised policy.

17. Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or our data practices, please contact our data protection contact at:

Daily Review Beacon
United Kingdom
Email: legal@dailyreviewbeacon.com