Privacy Policy for Beaver Dam

About Beaver Dam

Cocreators OÜ, it's parents, subsidiaries, affiliates, agents, representatives, consultants, employees, officers and directors - collectively "Cocreators", "we", or "us" is the provider of this browser extension service called Beaver Dam.

Cocreators OÜ is an Estonian company with the business ID 14170013. Our official address is Pille tn 9/3-53, 10138 Tallinn, Estonia. In case of any questions you can contact us via [email protected]

Updates to this document

This policy may be updated periodically. Any obsoleted versions will be archived and access to them is provided via the bottom of this page. When we update this document we will use any reasonable means to notify you of it, such as email and notifications on the website.

About the Beaver Dam service

Throughout this document we will be referring to "the Service" or "the Services" provided by Beaver Dam. This means any and all of the following:

  • Access to the BeaverDam.io website
  • The user accounts on the website
  • Licenses for the Beaver Dam extension
  • The Beaver Dam browser extension
  • The support portals and services for Beaver Dam

About the Privacy Policy

The Privacy Policy describes what data is collected of you, how that data is used by Cocreators, and our legal basis for doing so. When any information is shared with 3rd parties, and when you have choices in the information you share, the information is also listed here.

"Personal Data" referred to in this document means any data related to an identified or identifiable individual.

By using the Beaver Dam Services offered by Cocreators, you're agreeing to our Terms of Service, use of your Personal Data according to the practices and policies here, and acknowledge that you have read and understood this Privacy Policy.

How does Beaver Dam use cookies?

Beaver Dam uses cookies (and "local storage") where absolutely necessary for the function of the Service and the features on it, not to track you. This includes the sign up and login functions, and any other features that require storing data on your device to accurately provide the functionality you've asked for. This may include cookies used to ensure the security and performance of the Services, as well as preferences, e.g. for localization.

The cookies and other items we store on your device are as detailed below.

The website

  • login - Stores a cookie to identify your active user session, who you are, while you are logged in. This is so we can ensure personal data is only accessed by people with the right access to it, and so we can show you personalized content where necessary.

The extension

  • login - Stores a cookie to identify your active user session, who you are, while you are logged in. This is so we can ensure personal data is only accessed by people with the right access to it, and so we can show you personalized content where necessary.
  • license - Stores a digital license used to activate your extension. This is so we can ensure the extension is used with a valid license, and is periodically updated to ensure continous operation.

For security and performance

  • __cfduid - We use Cloudflare to enhance the performance and security of our service. This cookie is used by Cloudflare to detect and block malicious visitors.

Compared to most services, this list is pretty reasonable, is it not?

Additionally, we are using Paddle payments, and they will set their own cookies when you interact with the parts of the Service with payment integrations.

What Personal Data does Beaver Dam collect on the website?

  • User information and sessions, such as your email address, settings, users you've referred, who referred you, payment history, and other information you provide on your user account. For the currently active login sessions from browsers and extensions we store the browser, OS, country, when you logged in, and when the session was last updated.
  • Installations, we track the active instances of the extension that have been activated with your licenses. For the installations we store the browser, OS, license type, a unique name you may have given it via our activation codes, an unique install ID, and a link to your user account.
  • User financial information, such as your name, and other payment details. This information is collected and processed by our payment processor, as required to complete your payments. We do not receive your card details, but we receive information about the transaction such as the time and date, and what you purchased. We store only the necessary information about the transactions for our accounting, license management, and to provide you links to manage your subscriptions and view your payment receipts.

Additionally we may automatically collect:

  • Website activity information, such as internal application logs, data files, IP addresses, browsers, and normal website metrics. "Logs" are text based records of activities on the website, which contain necessary information for the operation of the website, monitoring and diagnosis of problems, and may sometimes contain IP addresses or other Personal Data - though we seek to limit this by using account IDs, and other such things that are not immediately personally identifiable and can be disconnected from you by deleting your account.

We use Plausible Analytics for a privacy-focused tracking service that gives us enough data to check e.g. effectiveness of our marketing campaigns and roughly what areas of the world our visitors are coming from, and what parts of the site are popular. Check the Plausible Data Policy for detailed information.

Additionally we use Cloudflare to optimize the performance of our website. They gather some data about traffic through their systems, including to our website. Check the Cloudflare Privacy Policy for detailed information on how they use the data.

We use the hCaptcha anti-bot service (hereinafter "hCaptcha") on our website. This service is provided by Intuition Machines, Inc., a Delaware US Corporation ("IMI"). hCaptcha is used to check whether the data entered on our website (such as on a login page or contact form) has been entered by a human or by an automated program. To do this, hCaptcha analyzes the behavior of the website or mobile app visitor based on various characteristics. This analysis starts automatically as soon as the website or mobile app visitor enters a part of the website or app with hCaptcha enabled. For the analysis, hCaptcha evaluates various information (e.g. IP address, how long the visitor has been on the website or app, or mouse movements made by the user). The data collected during the analysis will be forwarded to IMI. hCaptcha analysis in the "invisible mode" may take place completely in the background. Website or app visitors are not advised that such an analysis is taking place if the user is not shown a challenge. Data processing is based on Art. 6(1)(f) of the GDPR (DSGVO): the website or mobile app operator has a legitimate interest in protecting its site from abusive automated crawling and spam. IMI acts as a "data processor" acting on behalf of its customers as defined under the GDPR, and a "service provider" for the purposes of the California Consumer Privacy Act (CCPA). For more information about hCaptcha and IMI's privacy policy and terms of use, please visit the following links: https://www.hcaptcha.com/privacy and https://www.hcaptcha.com/terms.

What Personal Data does Cocreators collect otherwise?

When you contact us via social media, email, our support system, or other means we will have your contact information. We only use this to communicate back to you.

We use Discord for our community, and the Discord Privacy Policy explains everything you should know about using their services to join our community.

What purposes is Personal Data used for?

Beaver Dam uses Personal Data for the following reasons:

  • To make it possible for you to use the Service, set up your account, interact with the social features as well as other users.
  • To ensure the security of your account and our Services, including to prevent fraud and abuse.
  • To create and manage your account, contact you when necessary, and to provide you with a customized experience on the Service (for example to show your license status); and
  • To improve the Service and keep bringing the best experience possible to users of Beaver Dam by analyzing the usage of the Services.
  • To provide support to you when you contact us with questions or reports of problems.

Our "lawful basis" required by EU data protection law includes:

  • Performing the actions laid out in our contract we have with you when you use the Services: In certain circumstances, we need your personal data to comply with our obligation to deliver the Services.
  • To comply with legal and accounting requirements: Sometimes the law or our accountants require us to collect and use your data for example to follow the tax regulation.
  • Our legitimate interests - which is an annoyingly vague term, used to signify good and fair reasons to use your data in ways that do not hurt you, your rights, or your interests. This includes things like our legitimate interest to guarantee and continuously improve on the safety, security, and performance of the Services.

How does Cocreators share your Personal Data?

Since social functions are not at the core of Beaver Dam, neither is Personal Data at the core of our business. Cocreators does not rent, sell, your Personal Data, or otherwise give access to your Personal Data to anyone unless to explicitly perform the actions and functions mentioned in the Terms of Service and this document.

We share your Personal Data in the following ways:

  • Beaver Dam staff: We may share your Personal Data with anyone directly involved with the operation of Beaver Dam, including our affiliates, employees, subsidiaries, and parents, when it is reasonably necessary or desirable for us to disclose your data in order to carry out the data processing purposes required from us.
  • Agents: We may employ other companies and people to perform tasks in our behalf in certain circumstances, and need to share your information with them to provide products or services to you. This may include things like delivery of mail or email, data analysis, marketing, processing payments, and customer service. Unless explicitly mentioned otherwise, the agents DO NOT have any right to use your Personal Data that we share with them beyond what is necessary for them to perform their required functions.
  • Statistical and aggregate data: We may provide collected statistical analysis and aggregated information about how our users, collectively, use our site. This data is typically used to better understand our users and provide you with the optimal experience, or improve our marketing. This data does not contain personally identifying information.
  • Communications: When communicating with Cocreators e.g. via our support, we may send you email or other communication that may contain Personal Data in it.
  • Business Transfers: In case Beaver Dam or a substantial amount of its assets were acquired, or Cocreators to go out of business or declare bankruptcy, customer information is one of the assets that is transferred or acquired by a third party. By signing up for Beaver Dam you acknowledge that such transfers may occur, and that your Personal Data may be continued to be used by any acquirer of Beaver Dam.
  • Protection of Beaver Dam, and complying with the law: We may be required to disclose Personal Data to comply with the law or law enforcement, to prevent abuse and fraud on Beaver Dam, protect our legal rights, property, or the safety of Cocreators, its staff, users, and others. We reserve the right to disclose information when we believe doing so is reasonably necessary in these kinds of scenarios.
  • Your explicit consent: When your Personal Data may be shared with 3rd parties for other purposes, you will be notified of it, and you will be able to choose whether or not you want to share your information.

What rights do you have?

Users of Beaver Dam in certain countries and the EU are given certain rights about their personal information by law. We at Cocreators believe that these rights belong to everyone.

As a user of Beaver Dam you have the right to access, correct, and request deletion of your personal information. You can request a copy of your Personal Data via our support. To modify or delete your Personal Data, you may log in and update or delete your account. We may still retain information where required by law or necessary for our legitimate business purposes (such as keeping our accountants happy, and our statistics accurate).

You also have the right to lodge a complaint with a supervisory authority: https://edpb.europa.eu/about-edpb/board/members_en

How does Cocreators secure your Personal Data?

We at Cocreators are pretty passionate about security. We follow the best practices for protecting the data we collect and maintain, including e.g. encryption of traffic over the internet, but where possible we go the extra step and ensure that we do not store unnecessary and potentially damaging information about our users, and that additional technical means are in place to ensure safety of your data.

We store our data and host our services using European infrastructure whenever possible, in secure data centers with strong physical and electronic security measures in place. We limit unnecessary access to your data, and do not store it for longer than necessary. Since we use common cloud hosting services for cost-efficiency, their ultimate owners are U.S. based entities which means there is some risk that U.S. based entities and agencies may gain access to some or all of your data on Beaver Dam. We are continuously evaluating alternatives for services that allow us to reduce dependency on U.S. based entities that are not fully trustworthy.

Ultimately no level of security is perfect, and any security system is as weak as its weakest link. In the case of Personal Data it is often your personal account credentials, and it is up to you to ensure that you use unique and strong passwords on e.g. your email service, as well as two-factor authentication where possible to prevent unauthorized access to your account.

There may also be other failures in the security ranging from bugs, hardware failure, unauthorized entry, and other things. In such events we strive to ensure any failures in our security are promptly fixed, and reasonable notifications are sent out as soon as possible.

How does Cocreators store Personal Data?

Cocreators stores Personal Data only as long as it is necessary for the fulfillment of the purposes for which it was collected, unless otherwise required or authorized by applicable law. You can choose to delete your Personal Data on Beaver Dam by deleting your account, this however does not include deletion of data we are required to keep to fulfill our requirements by law, or any anonymized or aggregated data we collect for e.g. statistics.

We have processes in place to ensure Personal Data will be permanently de-identified or deleted if required by law, or if no longer required for the purposes for which we collected it.

Is Cocreators collecting Personal Data about children?

Cocreators does not knowingly collect, maintain, or use Personal Data about children under the age of 13. People under the age of 16 are not permitted to create Beaver Dam accounts without consent from their legal guardian. The service is not targeted towards children, and children under 13 are not permitted to register an account or use our Services. If you learn that your child has provided us with Personal Data without your consent, please send us all the information via our support. Cocreators will take steps to delete any information and terminate accounts of children under the age of 13.

If you want your child to use Beaver Dam safely, use our activation code -system. We only store an unique install ID, the name you give for the code, the browser, OS, license type, and the connection to your user account when using activation codes.

Is my data transferred abroad?

Cocreators is an Estonian company, and Estonia is a member of the European Union. Beaver Dam strives to store all its data within the EU, and avoids storing data outside of the EU where possible, however in certain scenarios some Personal Data may be in other countries, such as the United States. When your Personal Data is transferred to those countries, it is protected as described in this Privacy Policy. An example of such transfer would be in case of Paddle - our payment provider.

Handling of your Personal Data by Paddle is still regulated by, e.g. the EU GDPR.

If you feel we're needlessly transferring your data abroad and have better solutions to recommend to us, please let us know, we're always looking to improve.

Thanks for reading all the way through this, you're a champ 👍