Privacy Policy

Last updated: January 15, 2026

Our Commitment to Privacy

Tandem Beam is built on a foundation of privacy-first architecture. We believe effective analytics and attribution tracking can be achieved without compromising user privacy. This policy explains how we collect, process, and protect data.

Zero PII Storage: Tandem Beam never stores raw personally identifiable information. All PII is hashed at the edge before transmission.

Data We Collect

Tandem Beam collects the following types of data to provide analytics and attribution services:

Event Data

  • Page views and navigation events
  • Form submissions (field values are hashed)
  • Custom events defined by the website operator
  • Conversion events (purchases, sign-ups, etc.)

Technical Data

  • Browser type and version
  • Device type and screen resolution
  • Referring URL and UTM parameters
  • Anonymized IP address (last octet removed)

Attribution Data

  • Advertising platform click IDs (gclid, fbclid, etc.)
  • First-party cookies set by advertising platforms
  • Session coordination identifiers

What We Don't Collect

Tandem Beam is designed to never store personally identifiable information in raw form:

  • Raw email addresses
  • Phone numbers
  • Names or physical addresses
  • Payment or financial information
  • Full IP addresses

Edge Privacy Processing

Tandem Beam uses a privacy-by-design architecture where all personally identifiable information is processed at the edge before reaching our servers:

  1. 1
    Browser/Edge Detection

    PII fields (email, phone, name) are detected in form submissions

  2. 2
    SHA-256 Hashing

    PII is immediately hashed using SHA-256 before leaving your browser

  3. 3
    Secure Transmission

    Only hashed values are transmitted to Tandem Beam servers

  4. 4
    Platform Forwarding

    Hashed values are forwarded to advertising platforms for attribution matching

Data Retention

We retain analytics data for the following periods:

  • Event data: 13 months (for year-over-year analysis)
  • Session data: 13 months
  • Platform logs: 90 days
  • Trace logs: 30 days

Data is automatically purged after these retention periods. Account holders may request earlier deletion.

Your Rights (GDPR)

If you are located in the European Economic Area, you have the following rights under GDPR:

Right to Access

Request a copy of data we have about you

Right to Deletion

Request erasure of your personal data

Right to Rectification

Request correction of inaccurate data

Right to Portability

Receive your data in a portable format

Your Rights (CCPA)

If you are a California resident, you have the following rights under CCPA:

  • Right to Know: What personal information is collected and how it's used
  • Right to Delete: Request deletion of your personal information
  • Right to Opt-Out: Opt out of the sale of personal information (Note: We do not sell personal information)
  • Right to Non-Discrimination: Equal service regardless of privacy choices

Contact Us

For privacy-related questions or to exercise your rights, please contact us:

Tandem Theory LLC

Email: privacy@tandemtheory.com

Or use our contact form.

Back to Home