Privacy Policy

What We Collect

Beltmar collects information in two categories: information you provide directly, and behavioral signals generated through the Beltmar tracking snippet you install on your own website.

Account information

• •Name, email address, and password when you create an account
• •Workspace name and team member information you add
• •Billing details processed by our payment provider (we do not store full card numbers)

Tracking snippet signals

• •Page views, clicks, custom events, and session timing on your instrumented website
• •Referrer and entry source (UTM parameters, referral domain) where present
• •A pseudonymous visitor identifier stored in a first-party cookie or localStorage on your domain
• •Email address or name only when your application explicitly identifies a visitor (e.g., after login)

How We Use It

We use collected information exclusively to operate, maintain, and improve the Beltmar service for you:

• •Generating your Daily Brief, actor journeys, engagement cohorts, and narrative interpretations
• •Operating your workspace, managing team access, and sending transactional emails (password reset, invitations)
• •Processing payments and maintaining billing records
• •Improving Beltmar's features, reliability, and performance
• •Responding to your support requests

We do not use your workspace data to train AI models shared across customers, build advertising profiles, or derive aggregate insights sold to third parties.

What We Don't Do

• •No lead scoring: We generate interpretive signals, not conversion probability scores or sales-readiness ratings
• •No cross-site tracking: The snippet is scoped to your domain; we do not track your visitors across other websites
• •No data selling: We never sell, rent, or broker your data to third parties for any purpose
• •No automated outreach: Beltmar does not trigger emails, notifications, or CRM actions based on behavior signals
• •No third-party advertising: We do not place or serve advertising pixels on the Beltmar application or your instrumented site

Cookies & the Tracking Snippet

The Beltmar application itself uses a session cookie to keep you signed in. No third-party analytics or advertising cookies are set on beltmar.com.

When you install the Beltmar tracking snippet on your own website, it sets a first-party cookie (or uses localStorage) on your domain to recognize returning visitors. This identifier is pseudonymous — it does not contain personal data on its own. You are responsible for disclosing this tracking in your own website's privacy notices and obtaining any consent required under applicable law.

• •Signals are scoped to the domain where the snippet is installed — we do not track across unrelated sites
• •You can disable the snippet at any time in your workspace settings

Data Sharing & Subprocessors

We share data with a limited number of service providers that help us operate Beltmar. Each is bound by appropriate data processing agreements:

• •Vercel — application hosting and edge delivery
• •Neon / PostgreSQL — database storage
• •Anthropic — AI inference for generating narrative interpretations
• •Resend — transactional email delivery
• •Stripe — payment processing (no card data stored by Beltmar)

We will not share your information with any other third party without your consent, except where required by law.

Data Retention

We retain your data for as long as your account is active or as needed to provide the service:

• •Workspace event data is retained for the duration of your subscription and for 30 days after cancellation, after which it is permanently deleted
• •Account information (name, email) is retained until you request deletion
• •Billing records are retained for the period required by applicable tax and accounting laws (typically 7 years)

You may export or delete your workspace data at any time from your account settings.

Your Rights

Depending on where you are located, you may have rights under GDPR, CCPA, or similar laws regarding your personal data:

• •Access: Request a copy of the personal data we hold about you
• •Correction: Ask us to correct inaccurate or incomplete information
• •Deletion: Request deletion of your personal data (subject to legal retention requirements)
• •Portability: Receive your data in a structured, machine-readable format
• •Objection: Object to certain processing activities, including direct marketing

To exercise any of these rights, contact us at privacy@beltmar.com. We will respond within 30 days.

Security

We apply industry-standard technical and organizational measures to protect your data:

• •All data is encrypted in transit (TLS) and at rest
• •Access to production data is restricted to authorized personnel
• •Workspace data is isolated per customer — one workspace cannot access another's data
• •Passwords are hashed using bcrypt; we never store plaintext credentials

No method of transmission or storage is 100% secure. If you discover a security issue, please disclose it responsibly to security@beltmar.com.