close

Privacy Policy

The Beacon

security

Data Integrity

Private by default.

The Beacon exists to make sponsorship matching safer and easier. We keep the data model narrow and the sharing surface intentional.

Last Updated

March 20, 2026

Scope

Portal Access

data_exploration

What we collect

To facilitate meaningful sponsorship pairings, we collect specific data points during the intake process. This is limited to:

  • check_circle Identity: Name, phone number, optional email address, and role (Sponsor or Sponsee).
  • check_circle Matching: Life-experience tags, communication styles, and lane of recovery.
  • check_circle Operational: Sponsor capacity, referral codes, and short profile notes.
settings_input_antenna

How we use it

We use this information to calculate match recommendations, create connection requests, and let leaders review sponsor capacity and request status. We do not use this data for marketing or external tracking.

The Match Core

"Data is strictly used to ensure recovery participants find the right support at the right time."

privacy_tip

What we avoid

The Beacon is not designed to store sensitive medical or pastoral records. We explicitly avoid:

Detailed Testimony

We don't need the full depth of your story stored in the database.

Medical History

No clinical notes or medical diagnoses are recorded here.

enhanced_encryption

Encryption & Security

We employ modern zero-knowledge architectures to ensure that your sensitive recovery details are kept safe from database dumps, host compromises, or unauthorized eyes:

lock Zero-Knowledge Profile Storage

Your profile fields (including email, name, recovery tags, and cadence) are encrypted directly in the browser using AES-256-GCM symmetric encryption keys (DEKs) before they touch our database. The server stores only raw ciphertexts. Keys are cryptographically wrapped using your unique public key (RSA-OAEP-4096-SHA256) and are only decrypted locally on your device when you authenticate.

chat End-to-End Encrypted Messaging

Messages exchanged within private participant threads are fully end-to-end encrypted. Sponsee and Sponsor browsers generate unique symmetric keys for each conversation. The server only sees locked messages—only you and your paired sponsor hold the keys to read and write messages.

verified_user Offline Platform Recovery

To assist with lost keypairs and organization admin recovery, the platform maintains a restricted offline recovery key. The platform recovery private key remains encrypted with an offline passphrase and is never decrypted on the host server. Recovery actions are highly restricted, heavily audited, and designed to preserve the privacy of all matching data.

visibility

Who can see it

Visibility is restricted based on operational necessity:

  • Organization Leaders

    Leaders operating the tool can view submitted profiles and requests within their local organization to facilitate matches.

  • Prospective Partners

    Contact details are only ever revealed when a real sponsor introduction is requested and accepted.

history

Retention

Data remains in the system until an admin clears it or the ministry decides on a longer-term retention policy. Because The Beacon is in active development, these practices may be refined to further limit storage duration over time.