Privacy Policy
Effective date: July 2, 2026
Beacon ("we," "us") is a grant funder discovery service operated by Heath Johnson Consulting, available at get-beacon.app. This policy describes what information we collect, how we use it, and the choices you have.
Information we collect
- Account information: your email address and a password (stored as a secure hash by our authentication provider, Supabase).
- Organization profile: the details you provide about your nonprofit — name, location, EIN, budget range, mission statement, focus areas, and program keywords — used solely to compute your foundation matches.
- Usage data: pages visited and basic device information, collected through privacy-friendly analytics to understand how the product is used.
- Payment information: processed entirely by Stripe. We never see or store your card number; we store only your Stripe customer reference and subscription status.
How we use your information
- To provide the service: matching, dashboards, and digests.
- To send transactional email (account, billing) and, if enabled, your weekly match digest. You can adjust or stop digests at any time.
- To respond to support requests.
- To improve the product using aggregate usage patterns.
We do not sell your personal information, and we do not share it with third parties except the service providers below.
Service providers
Beacon runs on Vercel (hosting), Supabase (database and authentication), Stripe (payments), and Resend (email delivery). Each processes data only as needed to provide their service to us.
Foundation data
The foundation and grant data displayed in Beacon comes from public IRS Form 990-PF filings. It is public record and is not personal information governed by this policy.
Data retention and deletion
We retain your account and organization data while your account is active. To delete your account and associated data, email heath@heathjohnson.co and we will complete the deletion within 30 days, except records we must keep for legal or accounting purposes.
Cookies
We use cookies only for authentication sessions. We do not use advertising or cross-site tracking cookies.
Security
Data is encrypted in transit (TLS) and at rest by our infrastructure providers. Access to production data is limited to the operator of the service.
Children
Beacon is a business tool not directed at children under 13, and we do not knowingly collect their information.
Changes
If we make material changes to this policy, we will update this page and note the new effective date. Continued use of the service after a change constitutes acceptance.
Contact
Questions about this policy: heath@heathjohnson.co