Privacy Policy

Effective Date: October 28, 2025

This Privacy Policy describes how BeatFrame ("we", "us", or "our") collects, uses, and protects information when you use our BeatFrame device and associated services (collectively, the "Service").

1. Information We Collect

1.1 Device Information

When you register and use your BeatFrame device, we collect:

• Device Identifier: A unique hardware identifier (MAC address) for your device
• Firmware Version: The version of software running on your device
• Network Information: WiFi network name (SSID) and connection status
• Usage Data: Device activity, settings preferences, and error logs

1.2 Spotify Integration

When you connect your Spotify account to BeatFrame:

• Spotify User ID: Your unique Spotify identifier
• Currently Playing Information: Track name, artist, album, and album artwork URL
• OAuth Tokens: Secure tokens used to access your Spotify data (stored encrypted)

Important: We only request permission to read your currently playing track. We do not access your playlists, listening history, or any other personal Spotify data.

1.3 Weather Information

If you enable weather display:

• Location Data: City name, country, and coordinates for weather retrieval
• Weather Preferences: Your chosen location for weather display

We use OpenWeatherMap API to retrieve weather data. Your location is used solely to display weather on your device.

1.4 Technical Information

• IP Address: Used for rate limiting and security purposes
• Browser Information: When accessing web interfaces (beatframe.io, beatframe.local)
• Timestamps: Date and time of device connections and requests

2. How We Use Your Information

We use the collected information for:

• Service Operation: To operate the BeatFrame device and display album artwork
• Authentication: To verify device ownership and Spotify account connections
• Feature Delivery: To provide weather information, display modes, and other features
• Troubleshooting: To diagnose technical issues and improve device performance
• Security: To protect against unauthorized access and abuse
• Service Improvement: To understand usage patterns and enhance the Service

3. Data Storage and Security

We implement industry-standard security measures to protect your information:

• Encryption: Spotify OAuth tokens are stored encrypted in our database
• Secure Communication: All web traffic uses HTTPS/TLS encryption
• Certificate Authentication: Devices use X.509 certificates for secure authentication
• Access Controls: Limited personnel access to user data on a need-to-know basis
• Regular Updates: We maintain and update security measures regularly

Data Retention: We retain your data while your device is active and paired. When you unpair your device or perform a factory reset, associated user data is removed from our systems within 30 days.

4. Data Sharing and Third Parties

We do not sell your personal information. We share data only in the following circumstances:

4.1 Service Providers

• Spotify: We access Spotify's API to retrieve your currently playing track information. See Spotify's Privacy Policy.
• OpenWeatherMap: We retrieve weather data for your selected location. See OpenWeatherMap's Privacy Policy.
• Infrastructure Providers: We use cloud hosting services to operate our servers.

4.2 Legal Requirements

We may disclose information if required by law, court order, or government request, or to protect our rights, property, or safety.

5. Your Rights and Choices

You have the following rights regarding your data:

5.1 Access and Control

• Unpair Device: Disconnect your Spotify account at any time via device settings
• Remove Weather: Delete weather location from device settings
• Factory Reset: Completely wipe all data from your device

5.2 Data Deletion

To request deletion of your data from our servers, contact us at hi@beatframe.io. We will process your request within 30 days.

5.3 Spotify Permissions

You can revoke BeatFrame's access to your Spotify account at any time through Spotify's Apps Settings.

6. Cookies and Tracking

Our website (beatframe.io) does not use tracking cookies or analytics. We use only essential session cookies for:

• Maintaining your pairing session during device setup
• Temporary authentication tokens for weather configuration

These cookies are deleted when you close your browser or after session expiration.

7. Children's Privacy

BeatFrame is not intended for use by children under 13 years of age. We do not knowingly collect personal information from children under 13. If you believe we have collected information from a child under 13, please contact us immediately.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have different data protection laws. By using our Service, you consent to such transfers.

9. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Updating the "Effective Date" at the top of this policy
• Posting a notice on our website
• Sending a notification to your device (for significant changes)

Your continued use of the Service after changes constitutes acceptance of the updated Privacy Policy.

10. Contact Us

11. Your Consent

By using BeatFrame's Service, you acknowledge that you have read this Privacy Policy and agree to its terms. If you do not agree with this Privacy Policy, please do not use our Service and contact us to arrange for data deletion.