Privacy Policy

Last updated: 2026-05-25

This Privacy Policy describes how BEOCAST (the "Service"), published by Nabil Jerbi (sole proprietorship, contact: privacy@beocast.com), collects, uses and protects personal data of users of the BEOCAST apps for Mac, iPhone, iPad and Apple Watch, and of the beocast.com website.

BEOCAST is a peer-to-peer remote desktop solution designed for the Apple ecosystem. Our guiding principle is data minimization: almost all session content (video, audio, keystrokes, clicks) flows directly between your devices via encrypted P2P and is never stored on our servers.

1. Data we collect

1.1 Account data

  • Email address (account creation, authentication, transactional communication)
  • Hashed password (never stored in plaintext, argon2id hashing)
  • Generated unique identifier (UUID) linking your devices to your account

1.2 Session technical data

  • Device identifiers (local UUIDs) generated by the apps for pairing
  • Public IP addresses exchanged during P2P connection setup (TURN allocation)
  • Session metadata: timestamp, duration, codec used, resolution, average bitrate — for diagnostics and Service improvement

1.3 Remote session content

Video, audio, screen captures, mouse movements, keystrokes flow exclusively between your devices, end-to-end encrypted (TLS 1.3 + QUIC). We never have access to them and they are never stored on our servers nor on the TURN relay server.

1.4 Diagnostic data

  • Anonymized error logs (crash reports, latency, packet loss)
  • App version, macOS/iOS version, device type (excluding any personal identifier)

1.5 Payments (future — Pro subscription)

When the BEOCAST Pro subscription is enabled, payments will be processed by Apple StoreKit(in-app purchases on iOS) and Stripe (web purchases). We do not store any banking data: these providers fully handle your payment information per their own privacy policies.

2. Processing purposes

  • Service delivery: authentication, account management, device pairing, last-resort TURN relay
  • Security: suspicious activity detection, abuse protection
  • Product improvement: anonymized performance analysis, incident debugging
  • Transactional communication: signup confirmation, security alerts, update notifications
  • Billing (future Pro): invoice generation, subscription management

We never sell your data. We perform no advertising tracking and use no third-party cookies for marketing.

3. Subprocessors and third parties

To deliver the Service, we rely on the following subprocessors:

  • Supabase (database hosting + authentication) — EU
  • Resend (transactional email delivery) — EU/US
  • coturn.beocast.com (self-hosted TURN relay server for sessions unable to establish a direct P2P channel) — EU
  • Apple StoreKit (iOS in-app purchases — future)
  • Stripe (web payments — future)
  • Vercel or self-hosted Docker (beocast.com website hosting)

Each of these providers is bound by a GDPR-compliant data processing agreement. No data is shared with third parties for commercial or advertising purposes.

4. Data retention

  • Active account: retained for as long as you use the Service
  • Inactive account: automatic deletion after 36 months of inactivity
  • Technical logs: 90 days maximum
  • Billing records: 10 years (French legal obligation)

5. Your rights (GDPR)

Under the General Data Protection Regulation (GDPR), you have the following rights:

  • Access: obtain a copy of your personal data
  • Rectification: correct inaccurate data
  • Erasure (right to be forgotten): request deletion of your account and data
  • Portability: retrieve your data in a structured format
  • Objection: refuse certain processing (except as required to deliver the Service)
  • Restriction: temporarily freeze data processing

To exercise these rights, contact us at privacy@beocast.com. We respond within 30 days. You may also file a complaint with the French CNIL (cnil.fr) or your local data protection authority.

6. Security

  • End-to-end TLS 1.3 / QUIC encryption for all P2P sessions
  • Passwords hashed with argon2id (never stored in plaintext)
  • HTTPS-only client-server communications
  • Optional 2FA via Apple ID (recommended)

7. Minors

BEOCAST is not intended for individuals under the age of 13. We do not knowingly collect personal data from children. If you believe a minor has created an account, contact us at privacy@beocast.com for immediate deletion.

8. International transfers

Our primary servers are hosted in the European Union. Some subprocessors (Stripe, Apple) may transfer data to the United States under the European Commission's Standard Contractual Clauses.

9. Changes to this policy

We may update this policy. Substantial changes will be notified to you by email at least 30 days before taking effect. The last-updated date appears at the top of this page.

10. Contact

Data controller: Nabil Jerbi, sole proprietorship
Email: privacy@beocast.com
Postal address: [to be completed]