beep

Privacy Policy

Last updated: April 13, 2026

What Beep is

Beep (“we”, “us”, “our”) is a webhook-to-push-notification service operated by Rajat Vaghani. Our website is https://trybeep.app.

Data we collect

We collect only what’s needed to deliver the service:

  • Account info — email address, display name, and an optional avatar URL pulled from Google or GitHub when you sign in with OAuth. We never ask for or store your OAuth access tokens beyond the initial profile fetch.
  • Device push tokens — the Expo Push Token (mobile) or Web Push subscription endpoint (desktop) your device gives us when you grant notification permission. These are used exclusively to deliver push notifications to your devices.
  • Webhook payloads — when a third-party service (Stripe, GitHub, Vercel, etc.) sends a webhook to your Beep URL, we receive the payload, extract a title and body for the notification, and store a summary in your notification history. We do not store the full raw payload after processing.
  • Payment info — handled entirely by our payment processor, Dodo Payments. We store your Dodo customer ID and subscription ID so we can look up your plan status. We never see or store your card number, billing address, or other payment details.

How we use your data

  • Deliver push notifications to your registered devices
  • Show your notification history in the dashboard inbox
  • Manage your subscription and billing status
  • Send transactional emails (password reset, welcome, purchase confirmation)
  • Improve the service (aggregate, anonymized usage stats only)

We do not sell, rent, or share your personal data with third parties for marketing or advertising purposes. Ever.

Third-party services

Beep uses the following third-party services that process your data:

  • Expo (expo.dev) — push notification delivery for iOS and Android
  • Vercel (vercel.com) — web hosting and serverless functions
  • Neon (neon.tech) — PostgreSQL database hosting
  • Dodo Payments (dodopayments.com) — payment processing and subscription billing
  • AutoSend (autosend.dev) — transactional email delivery
  • Google & GitHub OAuth — optional social sign-in (only the data you authorize is shared)

Data retention

Notification history is retained for 30 days by default. Account data is retained as long as your account exists. When you delete your account, all associated data (devices, webhooks, notifications, templates, custom rules) is permanently deleted via cascade.

Cookies

We use a single httpOnly session cookie (beep_session) to keep you signed in. We do not use tracking cookies, analytics cookies, or any third-party cookies. No cookie banners needed.

Your rights

You can at any time:

  • Export your data — email us and we’ll send you a full export within 48 hours
  • Delete your account — available in Settings (or email us). Permanent and irreversible.
  • Revoke OAuth access — remove Beep from your Google or GitHub authorized apps at any time
  • Unregister devices — remove individual devices from Settings > Devices

Security

Passwords are hashed with bcrypt. Sessions use random 48-character tokens stored in the database. All traffic is encrypted via HTTPS. Webhook signatures are verified before processing. We follow OWASP top-10 best practices.

Children

Beep is not intended for children under 13. We do not knowingly collect personal data from children.

Changes to this policy

We may update this policy from time to time. Material changes will be communicated via email to the address on your account. The “last updated” date at the top reflects the most recent revision.

Contact

Questions about this policy? Email rajat@trybeep.app.