Does FindBeam store the code I paste into its tools?

No. All CSS, JS, HTML, JSON, password, BMI, and text tools run entirely in your browser. Your code never reaches FindBeam servers.

Does FindBeam use tracking cookies or advertising pixels?

No. FindBeam uses cookieless Umami analytics only. No Google Analytics, no Meta Pixel, no advertising cookies are active on FindBeam.

Does FindBeam sell personal data?

No. FindBeam does not sell, share, or rent personal data to any third party. We are not a data broker.

Is FindBeam GDPR compliant?

Yes. FindBeam uses client-side architecture (zero server-side input storage), cookieless analytics, a signed Cloudflare DPA, and GDPR-certified email processors. We support all GDPR rights upon request.

How do I request deletion of my data from FindBeam?

Email privacy@findbeam.com or use our Data Request form at findbeam.com/gdpr-request/. We respond within 30 days.

Privacy Policy — FindBeam | GDPR, CCPA, LGPD & 7 More Global Laws

Contents

Who We Are
Privacy-First Architecture
Data We Collect & Why
Cookies & Tracking
Advertising & Affiliates
Third-Party Processors
International Transfers
Your Rights by Region
Data Retention
Children's Privacy
Security Measures
Policy Changes
Contact & Data Protection

FindBeam ("we," "us," "our") is operated by Rubaiyat Islam Rafat, Dhaka, Bangladesh. We run findbeam.com — a privacy-first collection of free browser-based tools. This policy explains exactly what data we collect, why, how we use it, and your rights under applicable law.

1. Who We Are

Data Controller: Rubaiyat Islam Rafat, operating FindBeam (findbeam.com)
Location: Dhaka, Bangladesh
Privacy contact: [email protected]
Legal contact: [email protected]
Data Request form: findbeam.com/gdpr-request/

2. Privacy-First Architecture

The core guarantee: The vast majority of FindBeam tools process all input entirely within your browser using JavaScript. Your code, text, health data, and passwords never reach our servers. This is an architectural decision — not just a policy.

100% Client-Side (Zero Server Contact):

All minifiers — CSS, JS, HTML
JSON Formatter, JSON Validator, XML Formatter
Password Generator (browser Web Crypto API)
SHA-256, SHA-512, MD5 hash generators
Base64 Encode/Decode, URL Encode/Decode
BMI, Calorie, TDEE and all health calculators
Word Counter, Case Converter, Lorem Ipsum, all text tools
Mortgage, Tip, Percentage, and all finance calculators

Tools Requiring Limited API Calls:

IP Lookup: Your IP is sent to our Cloudflare Worker proxy → ip2location.io for geolocation. Not stored by us.
Speed Test: Connects to speed.cloudflare.com directly. No data passes through FindBeam servers.

3. Data We Collect & Why

A. Data You Provide Voluntarily

Contact form: Name (optional), email (required), subject, message. Legal basis: consent (GDPR Art. 6(1)(a)) and legitimate interest (Art. 6(1)(f)).
Email to us: Email and message content. Retained 12 months, then deleted.

B. Automatically Collected

IP addresses (Cloudflare): Logged ≤24 hours for security/DDoS protection. Cloudflare DPA signed. We do not access these logs.
Anonymised analytics (Umami): Cookieless. Collects: page views, referrer, browser type, country-level location only. No personal identifiers. No cross-site tracking. IP anonymised at collection. Legal basis: legitimate interest (GDPR Art. 6(1)(f)).
Tool ratings (localStorage): Rating score stored in your browser only. Cannot be read server-side.

C. Data We Never Collect

Code, text, files, or health data you input into tools
Precise geolocation
Demographics (name/age/gender unless in contact form)
Payment information — FindBeam is free
Social media account data or cross-site identifiers

4. Cookies & Tracking Technologies

Essential (No Consent Required)

Cloudflare security cookies (__cflb, __cf_bm): Bot detection and load balancing. Session to 30 minutes.
localStorage (fb_rating_{tool}): Prevents duplicate ratings. Browser-only. Not a traditional cookie.

Analytics — Cookieless

Umami Analytics: No cookies set. No persistent identifiers. Anonymised aggregate data only. GDPR-exempt under statistical purposes exemption.

Advertising Cookies (Not Currently Active)

Current status: FindBeam does not serve advertising. Zero advertising cookies are active. Before introducing Google AdSense, we will implement a TCF 2.2-compliant CMP. Advertising cookies will load only after explicit user consent. Our Cookie Policy contains full details.

5. Advertising & Affiliate Disclosure

Advertising — Not Currently Active

FindBeam currently serves no advertising. All tools are free with zero ads. Future advertising via Google AdSense will be introduced only after a TCF 2.2-compliant consent system is in place. Core tool functionality will never be gated behind ad consent.

Affiliate Links

Some FindBeam pages contain affiliate links to third-party products (VPNs, hosting, developer tools, health apps). These are always clearly labelled. If you purchase via an affiliate link, we may earn a commission at no cost to you. Our recommendations are editorial and independent of affiliate relationships. Full details in our Disclosure Policy. We never sell your data to affiliate partners.

6. Third-Party Data Processors

Cloudflare Inc. (USA) — CDN, hosting, DDoS, Workers. DPA signed. SCCs in place. Cloudflare Privacy →
Umami Software Inc. — Cookieless analytics. EU-region storage. Umami Privacy →
ip2location.io — IP geolocation (IP Lookup tool only). No query data retained. ip2location Privacy →
Brevo (Sendinblue SAS) (France) — Contact form email. GDPR-certified. DPA signed. Brevo Privacy →

We do not use Google Analytics, Meta Pixel, LinkedIn Insight Tag, or any advertising pixel.

7. International Data Transfers

EU/UK → USA (Cloudflare): Covered by EU-US Data Privacy Framework and Standard Contractual Clauses (GDPR Art. 46).
Analytics (Umami): EU-region servers. No transfer outside EEA.
Email (Brevo): France-based processor. GDPR-governed. SCCs for sub-processors.

For transfers governed by LGPD, PoPIA, PIPA, PDPA, or PIPEDA, we rely on Standard Contractual Clauses and consent as required.

8. Your Privacy Rights by Region

EU, UK, EEA — GDPR / UK GDPR

Access (Art. 15) · Rectification (Art. 16) · Erasure (Art. 17) · Restriction (Art. 18)
Portability (Art. 20) · Object to processing (Art. 21) · Withdraw consent (Art. 7(3))
Lodge a complaint with your national supervisory authority (ICO / CNIL / BfDI / DPC)

California — CCPA / CPRA 2023

Know, delete, correct, opt-out of sale/sharing (we don't sell), non-discrimination, limit sensitive PI use

Brazil, Canada, South Africa, Singapore, Korea, Australia, Saudi Arabia

Residents of jurisdictions with applicable data protection law (LGPD, PIPEDA, PoPIA, PDPA, PIPA, Privacy Act, PDPL) have equivalent rights. Contact [email protected] or use our Data Request form. Response within 30 days.

9. Data Retention

Contact form / email: 12 months from last contact → permanently deleted
Cloudflare logs: ≤24 hours (Cloudflare default, not accessed by us)
Umami analytics: Aggregate only, no individual data, no deletion schedule needed
localStorage ratings: Your browser only; deleted when you clear site data
IP Lookup queries: Not retained — discarded upon response delivery

10. Children's Privacy

FindBeam is not directed at children under 13 (or under 16 in EU jurisdictions per GDPR Art. 8). We do not knowingly collect data from minors. If you believe a child has submitted data, email [email protected] for immediate deletion.

11. Security Measures

TLS 1.3 encryption — HTTPS enforced site-wide with HSTS preloading
Cloudflare DDoS protection and Web Application Firewall (WAF) active
Zero server-side storage of tool input data — architectural guarantee
Contact form routed through a Cloudflare Worker with CSRF protection, rate limiting, and honeypot — Brevo API key never exposed to client
Password Generator uses window.crypto.getRandomValues() — no custom cryptography
No passwords, payment data, or authentication tokens collected

12. Policy Changes

We update this policy when our practices change. Material changes will be announced on the FindBeam homepage for ≥30 days. The "Updated" date above reflects the most recent revision. Previous versions available at [email protected].

13. Contact & Data Protection

FindBeam — Privacy & Data Protection
Operated by: Rubaiyat Islam Rafat · Dhaka, Bangladesh
Privacy requests: [email protected]
General legal: [email protected]
Data Request form: findbeam.com/gdpr-request/
Response time: ≤30 days (mark subject "PRIVACY REQUEST" for priority)

Privacy Policy.