Beacon Privacy and Security

Basic Summary

More Details

User Anonymity

Beacon stores only a single piece of identifiable information on each user: their username. Which of course, could be anything the user desires. User email addresses are stored as salted bcrypt hashes with k-anonymity. This allows email addresses to be confirmed during login, but cannot be reversed.

Beacon’s payment processor, Stripe, does store some personally identifiable information. Stripe’s privacy policy can be found at

User Security

Upon first launch, Beacon generates a cryptographically secure 128-bit random number to use as the user’s UUID. This number is not based on any user or hardware information. Beacon also generates a 4096-bit RSA private key to use as proof of identity.

Unless the user chooses to disable community features when prompted at launch, Beacon will send the user’s UUID and public key to the Beacon server. This grants the user access to community features, such as the ability to publish documents to the community library. This user is fully anonymous.

If the user decides to create a login with Beacon, some additional data is shared with Beacon’s server. The user’s password is run through the PBKDF2 algorithm to generate a key to encrypt the user’s RSA private key with 256-bit AES CBC. Beacon’s database stores these encrypted private keys so they can be transported to other computers the user signs into. When signing into Beacon, the private key is delivered to the computer encrypted and decrypted on the computer, not on Beacon’s server.

Project Encryption

Some parts of a Beacon project are encrypted using the user’s private key, such as server information and user-defined parts of the Custom Config editor. If the user’s private key cannot decrypt information from a project, that information is not loaded by Beacon.


There aren’t any. Beacon does not utilize analytics of any kind, even on the website.

Partner Privacy Policies

    No Results