Beacon Reports

Legal

Privacy policy

Last updated 2026-05-11

Beacon Reports is a private commercial vendor of custom TeleStaff reports, operating in British Columbia. This policy explains what personal information we collect, why, where it is stored, how long we keep it, and how to contact us.

We are bound by the BC Personal Information Protection Act(PIPA) and Canada's Anti-Spam Legislation (CASL). We collect the minimum information needed to deliver your report and operate the service; we do not sell or share your data with anyone outside the operational vendors named below.

Use of Beacon Reports is also subject to our Terms of Service and Refund & Revision Policy.

What we collect and why

  • Email address — to verify your identity (one-time codes, magic links), send order confirmations and invoices, and update you on order status. Required to use the studio.
  • Department or organisation name and report title — collected on the order form to render your custom report. Stored on the order record.
  • Department logo (if uploaded) — embedded in the rendered report. Optional. Stored on the order record.
  • Order history metadata — template selected, KPI cards chosen, timestamps, status. Stored on the order record for as long as the order is in the system.
  • Authentication metadata — sign-in is by one-time code or magic link sent to the email you enter. We store the issued code, the timestamp, and whether it has been used. We never receive or store any password.

Where the data lives

We use the operational vendors below. Each is a contracted data processor.

  • Supabase (Canada region) — primary database and file storage. All customer order data, invoice records, sign-in tokens, and uploaded logos are stored on Canadian infrastructure.
  • Resend — transactional email delivery (sign-in codes, invoices, order confirmations).
  • Loops.so — onboarding email sequences for external customers. You can opt out at any time using the unsubscribe link in any marketing email.
  • Cloudflare — application hosting (Workers), and inbound support email routing (the address support@beaconreports.ca is forwarded into the application via a Cloudflare Worker).
  • Anthropic and Google (Gemini) — large-language-model providers used to customise report XML. We send the report template and your card selection. Customer-supplied freeform fields (department name, report title, custom-engagement notes) may be included if they appear in the template; uploaded logos are not sent.
  • Stripe— payment processing for the Professional Edition. Stripe receives your email address and order amount when you click the payment link in an invoice; card data is collected on Stripe's hosted page and never reaches our servers.
Data residency. Our primary data store (Supabase) is hosted in Canada, so customer order records and uploaded logos remain in Canada at rest. Email delivery, authentication, payment processing, and AI processing involve vendors with global infrastructure. Organisations bound by FOIPPA s.30.1 may contact privacy@beaconreports.ca to discuss the exact transit and processing chain before placing an order.

How long we keep it

  • Sign-in tokens — 10 minutes. Expired tokens are deleted by an automated daily job (PIPA s.35).
  • Orders, invoices, and order audit log — retained for at least 7 years from the order date to satisfy Canada Revenue Agency record-retention requirements. Older records may be retained longer for operational continuity unless you ask us to delete them.
  • Email opt-out preferences — kept indefinitely so we can continue to honour withdrawn consent (CASL).
  • Marketing list (Loops) — until you unsubscribe.
  • Server logs — short-lived diagnostic logs are retained for up to 30 days by our hosting providers and not actively mined for personal information.

Your rights under BC PIPA

You may request:

  • A copy of the personal information we hold about you (PIPA s.23).
  • Correction of inaccurate personal information (PIPA s.24).
  • Withdrawal of consent for any non-essential processing.
  • Deletion of your account and associated personal information. Records required for tax-record retention (orders, invoices) will be retained for the minimum statutory period and then deleted on request.

To exercise any of these, email privacy@beaconreports.ca. We will respond within 30 days.

If you are not satisfied with our response, you may file a complaint with the BC Office of the Information and Privacy Commissioner (oipc.bc.ca).

Security

We use industry-standard safeguards: HTTPS for all traffic, hashed one-time codes (never stored in plaintext), service-role keys never exposed to client code, row-level security on every Supabase table, and signed unsubscribe tokens to prevent enumeration.

Our incident-response posture is documented internally. If we determine that an incident creates a real risk of significant harm to you, we will notify you and the BC OIPC in accordance with PIPA s.34.

Marketing emails (CASL)

Order confirmations, invoices, and revision-required notifications are transactional and are sent regardless of marketing preferences. The Free Edition confirmation includes a one-time upsell to the Professional Edition; every promotional email carries a one-click unsubscribe link that takes effect immediately and is honoured for all future marketing email.

Privacy Officer

the Admin is the designated Privacy Officer for Beacon Reports. Contact: privacy@beaconreports.ca.

Changes to this policy

Material changes (new vendor, expanded data collection, shorter retention) will be announced by email to active customers at least 14 days before taking effect. Non-material changes (formatting, clarification of existing terms) take effect on publication. The "Last updated" date at the top of this page reflects the most recent change.