This policy explains which personal data BeepSweep processes, why, for how long, with whom we share it, and which rights you have. We write in plain English. A Dutch version is available at /privacy?lang=nl.
1. Who we are (data controller)
BeepSweep is a service of Basinc bv, a Dutch limited-liability company (besloten vennootschap) registered with the Dutch Chamber of Commerce (KvK). Registered office: Vaartweg 40, 5106ND Dongen, the Netherlands. VAT: NL858966694B01.
For all privacy questions and access, correction, or deletion requests: privacy@beepsweep.com. We respond within 30 days (GDPR art. 12(3)).
Data Protection Officer (DPO): Basinc bv is not legally required to appoint a DPO (GDPR art. 37) and has not done so. For privacy matters you can contact the management directly at the address above.
2. Who this policy applies to
BeepSweep processes data of two groups:
Users — entrepreneurs with a BeepSweep account who forward their business phone number to our line. We inform you via this policy (GDPR art. 13).
Callers — people who phone a BeepSweep user's number and either leave a voicemail or interact with our AI receptionist. We inform callers via this policy and via an audible disclosure at the start of the call (GDPR art. 14). See section 11 for callers' specific rights.
3. What data we process
3.1 Account & profile data (about the user)
Email address and (optional) first name.
Password — stored as a bcrypt hash; we cannot read it ourselves.
Preferred language (NL/EN/DE/FR/ES/PT) and country.
The phone number you forward to BeepSweep.
Notification preferences: the numbers on which you receive SMS / WhatsApp / push, or email address for notifications.
AI receptionist configuration: chosen voice, persona name, tone, language, FAQ text you wrote.
Login timestamps (no IP addresses kept longer than 2 hours — see 3.7).
3.2 Forwarded calls (about callers; managed inside your account)
Caller's phone number.
Audio recording of the voicemail or AI receptionist conversation (stored as compressed audio on our Fly volume in Amsterdam; briefly hosted by Twilio/Telnyx while we fetch it).
AI transcript of the conversation (text, encrypted at field level with AES-256).
AI summary (AES-256 encrypted).
AI draft reply (AES-256 encrypted).
AI-detected caller name, if provided in the conversation.
AI receptionist turn-by-turn conversation log (caller speech + AI speech) — deleted after 1 hour; the final audio file follows the standard 30-day retention.
3.3 Content you provide
Contacts: names and numbers you manually label or import via the browser Contact Picker. We store only the 'name' and 'phone' fields.
Tasks: text of follow-ups you create.
Greetings: text you type in BeepSweep that our TTS provider synthesises into audio. We do not store microphone audio recorded by you — the device microphone is blocked in our app (see section 13).
3.4 Integrations (optional, only after you explicitly connect them)
Microsoft Graph (Outlook calendar + To Do): OAuth refresh/access token, email address of the connected account.
Google Tasks: OAuth refresh/access token, Google email address.
Todoist: personal API token you paste in.
Outbound task webhooks: URL + secret you provide.
These tokens are not field-encrypted (the SQLite volume is encrypted at rest by Fly.io). On account deletion the tokens are erased from our database; you must revoke the corresponding connection on Microsoft's / Google's / Todoist's side from your account settings there. The deletion-confirmation email includes the relevant links.
3.5 Push notifications
When you enable push, we store the endpoint URL and the two browser-side encryption keys (p256dh, auth) that your browser provides. The actual push delivery platform (Apple Push Notification service, Google Firebase Cloud Messaging, or Mozilla autopush) is determined by your browser — we only send an encrypted payload to that endpoint.
3.6 Operational data
Event log: event type (email sent, SMS sent, WhatsApp sent, login failed, beta access requested, admin action, etc.), timestamp, and optional reference to the user or voicemail. No IP addresses, no User-Agent strings. Kept for security and forensic purposes (see section 8).
Rate-limit counters: temporarily registered per IP address to throttle abuse. Maximum 2 hours.
Password-reset tokens: only the SHA-256 hash; 7 days valid.
Mobile verification codes: only the hash; 24 hours valid.
When our server encounters an unexpected error we send a stack trace to Sentry (Functional Software Inc., USA). The error is tagged with an internal UUID — no email, no phone number. We use Sentry only for fixing bugs, not for product analytics or advertising.
3.8 Support mailbox
If you email support@beepsweep.com from your own email address, we mirror that message into our database via IMAP for handling. Retention: as long as needed to handle your question plus a reasonable follow-up window.
4. How we use AI
BeepSweep is an AI product. We are transparent about it.
AI receptionist: every conversation our AI takes opens with an announcement that the caller is speaking with an AI assistant and that the call is recorded and transcribed (per EU AI Act art. 50(1) and GDPR art. 14).
AI summaries: every summary, transcript, and draft reply is generated by language models and can contain errors. We label AI output in the interface as "AI". Important decisions (appointments, pricing, legal commitments) should always be verified by you before confirming them to the caller (per EU AI Act art. 50(2)).
Which AI providers and what data they receive — explicitly:
OpenAI (Whisper for transcription; GPT-4o-mini for the AI receptionist; GPT-4o for summary + draft reply; gpt-4o-mini-tts for optional synthesis; gpt-4o-search-preview for optional web lookup): receives voicemail audio, transcript text, caller phone number (only on web-lookup), and your first name as user (so the draft reply can be signed "— [first name]"). We do not send your last name, email or password to OpenAI. OpenAI is contractually prohibited from training models on our API data.
Cartesia (text-to-speech AND speech-to-text in the AI receptionist streaming flow): receives both the caller's speech (to convert to text) and the text the AI wants to speak (to convert to audio). No account information about you.
What we do not do: BeepSweep performs no speaker recognition, no voice biometrics (we do not identify people by their voice), no emotion analysis, and we do not train models on user or caller data. The GDPR "biometric data" category (art. 9) therefore does not apply to our routine processing.
Automated decision-making (GDPR art. 22): the AI urgency label ("urgent" / "spam") is an AI output to help organise your inbox; no decisions with legal or similarly significant effects are based on it. You can override any label manually.
We require our AI providers to provide the same or equal level of protection for your data as described in this policy, and contractually bind them to process data only for the services we request.
5. Purpose and legal basis
Purpose
Which data
Legal basis (GDPR art. 6)
Service delivery: receive calls, transcribe, summarise, send notifications
3.1 / 3.2 / 3.3 / 3.5
Performance of contract (1(b))
Processing of caller data (audio, transcript, number)
3.2
Legitimate interest (1(f)) — you want to know who called; callers have a reasonable expectation that a business line may be answered by voicemail or AI. We have documented this balancing test (LIA).
Optional integrations (MS Graph, Google Tasks, Todoist)
3.4
Consent (1(a)) — only after explicit OAuth connection, revocable via "Disconnect" in Settings
Account and billing administration
3.1
Performance of contract + legal obligation (1(b)/(c))
BeepSweep does not sell or rent personal data. We share data only with sub-processors that process on our behalf under a written data processing agreement (GDPR art. 28). Each sub-processor is contractually bound to provide at least the same level of protection as described in this policy.
Party
Function
Location
Transfer mechanism
Telnyx LLC
Production telephony (PSTN routing, bidirectional audio stream to the AI receptionist), SMS
USA (NL number pool, EU routing where possible)
Standard Contractual Clauses (SCCs)
Twilio Inc.
SMS, WhatsApp (sandbox), call-recording fetch in fallback
Microsoft Graph: Outlook calendar + To Do. Only active after your OAuth connection
USA (Microsoft EU Data Boundary applies)
EU-US Data Privacy Framework (certified) + Microsoft Online Services DPA
Google LLC (optional)
Google Tasks. Only active after your OAuth connection
USA
EU-US Data Privacy Framework (certified)
Doist Inc. (Todoist, optional)
Todoist tasks. Only active after you paste your personal API token
USA
SCCs
Functional Software Inc. (Sentry)
Error monitoring (stack traces tagged with UUID, no email/phone)
USA
EU-US Data Privacy Framework (certified)
Fly.io Inc.
App hosting; SQLite volume encrypted at rest; European region Amsterdam (AMS)
USA (operations) / NL (data location)
SCCs via Fly.io DPA
Hostinger UAB
Domain registration + DNS + IMAP/SMTP for support@beepsweep.com
Lithuania (EU)
Intra-EU, no additional mechanism required
Browser push services
Push notification delivery (Apple Push Notification service, Google FCM, or Mozilla autopush — depending on your browser)
USA / EU (browser-dependent)
End-to-end encrypted payload; sub-processor varies by browser
We do not share data with any third party for marketing, advertising, or profiling. We do not embed advertising SDKs or analytics trackers in our application.
7. International transfers
Several of the above sub-processors are based in the United States. We make these transfers:
under the EU-US Data Privacy Framework (DPF) where the recipient is certified (Twilio, Microsoft, Google, Sentry — verifiable at dataprivacyframework.gov/list);
under Standard Contractual Clauses (SCCs) for sub-processors not DPF-certified (OpenAI, Telnyx, Cartesia, Resend, Fly.io, Doist);
complemented by supplementary measures we have documented per vendor in a Transfer Impact Assessment (TIA) — including data localisation where possible, end-to-end encryption, data minimisation, and contractual opt-out from model training.
The TIAs are available on request to supervisory authorities.
8. Retention
Voicemails (audio, transcript, summary, draft reply): 30 days by default, then automatically deleted by a daily retention job. This is a platform setting; per-user adjustment is not currently available.
AI receptionist conversation log (turn-by-turn): 1 hour, then deleted.
AI receptionist final recording (audio file on our volume): same 30-day retention as the associated voicemail.
Account data: as long as your account exists. On deletion: immediately erased from our live database. We simultaneously send deletes to Twilio/Telnyx for provider-side recordings; this is best-effort and may take up to 7 days for the provider to fully process.
Backups: hourly (24), daily (7), weekly (4) — on the same Fly volume. Data from a deleted user may therefore persist in backups for up to 28 days. Manual snapshots (admin-initiated) are not auto-pruned and may be kept longer.
Event log: kept as long as needed for security and forensic purposes (legitimate interest). Contains no IP addresses or User-Agent strings.
Rate-limit counters (incl. IP): 2 hours.
Password-reset tokens: 7 days.
Mobile verification codes: 24 hours.
Sentry events: 90 days (Sentry default).
OpenAI API data: maximum 30 days on the OpenAI side for abuse detection, then deleted by OpenAI. We do not train models on this data.
Invoices: once invoicing functionality is activated in BeepSweep, invoices will be retained for 7 years under Dutch fiscal retention rules (Algemene wet inzake rijksbelastingen art. 52).
9. Security (GDPR art. 32)
HTTPS everywhere, HSTS, modern TLS cipher suites.
Bcrypt password hashing; we cannot read your password ourselves.
Incident response runbook including breach notification procedure (GDPR art. 33/34).
For any data breach likely to result in a risk to your rights and freedoms, we notify the Dutch Data Protection Authority within 72 hours. For high-risk breaches we notify you directly.
10. Your rights as a user
Under the GDPR you have the following rights as an account holder:
Access (art. 15): export your full account via Settings → Account → Export. You receive a machine-readable JSON export.
Rectification (art. 16): update via Settings.
Erasure / "right to be forgotten" (art. 17): Settings → Account → Delete account. Self-serve and immediate (see section 12). Also reachable via a public page at /account/delete if you can no longer log in.
Portability (art. 20): the same JSON export is machine-readable.
Object (art. 21): to processing based on legitimate interest. Email privacy@beepsweep.com — response within 30 days.
Withdraw consent: for optional integrations (section 3.4) use "Disconnect" in Settings.
Lodge a complaint: with the Dutch Autoriteit Persoonsgegevens at autoriteitpersoonsgegevens.nl, or with the data protection authority in your own EU member state.
11. Your rights as a caller
If you called a number forwarded to BeepSweep, you are a data subject under GDPR art. 14 — even though you do not have a BeepSweep account.
Every AI conversation opens with the AI receptionist disclosing that you are talking to an AI and that the call is recorded and transcribed. For a traditional voicemail recording, the same expectation applies: the message you leave is recorded and — where the user has configured it — transcribed by AI.
Access / erasure: email privacy@beepsweep.com with the phone number from which you called, the date/time of the call, and the name of the business you called. We verify your identity (for example by calling you back on that number) and handle the request within 30 days.
Object: same address.
Complaint: with the Autoriteit Persoonsgegevens (NL) or with the supervisory authority in your own EU member state.
Retention of your call: 30 days by default (see section 8).
12. Deleting your account — how it works
Go to Settings → Account → Delete account. Enter your password to confirm.
Or, if you can no longer log in, use the public page at /account/delete: enter your phone number, receive an SMS verification code, and confirm.
We immediately erase: your users row, all voicemails (audio, transcript, summary, draft replies), contacts, tasks, greetings, push subscriptions, OAuth tokens, any outstanding verification codes and reset tokens.
We simultaneously send delete requests to Twilio/Telnyx for provider-side recordings. Provider-side deletion may take up to 7 days.
Backups containing your data are not separately scrubbed — they expire via the standard backup rotation (max 28 days).
You receive a confirmation email which also includes links to revoke connected Microsoft, Google, or Todoist integrations on their side.
What we do not automatically wipe on account delete: OAuth tokens on the external service's side (we erase them on our side, but it is your responsibility to revoke the connection within your Microsoft / Google / Todoist account — we no longer have permission to do so), and invoices where fiscal retention applies.
13. Cookies and local storage
BeepSweep uses only strictly necessary cookies and local storage:
One session cookie ("token", JWT, HttpOnly + Secure + SameSite=Lax) — required to keep you logged in.
CSRF tokens (via meta tag/form input, not via cookie).
Transient browser state (sessionStorage) for UI features such as deeplinks.
We use no tracking cookies, no analytics cookies, no advertising cookies. Therefore we do not show a cookie banner — under article 11.7a of the Dutch Telecommunications Act and the guidance of the Autoriteit Persoonsgegevens, no consent is required for strictly necessary cookies.
Microphone, camera, location: blocked via Permissions-Policy headers. The BeepSweep app never asks for microphone or camera access. Our only browser permission is notifications (for push), and — optionally — the Contact Picker API if you choose to import contacts.
14. Children
BeepSweep is intended for business users (self-employed / SMB). The service is not directed at children. We do not knowingly collect personal data from children under the age of 16. If you believe a child has provided personal data to us, email privacy@beepsweep.com and we will delete it.
15. Special categories of personal data
BeepSweep does not seek to process special categories of personal data (GDPR art. 9 — health, religion, ethnicity, sexual life, biometrics, etc.). If such information ends up in a voicemail or AI conversation incidentally — because a caller volunteers it — we process it solely to deliver the message to you. We do not analyse, index or profile based on such information.
16. Changes
We publish updates to this page with a revised date. For material changes (new sub-processor in a different jurisdiction, new data category, changed legal basis) we email all active users at least 14 days in advance. You then have the opportunity to delete your account before the change takes effect.