2. Information We Collect

Beacon collects the following categories of personal information in connection with your use of the Platform:

2.1 Information You Provide Directly

​

• First name and last name

• Mobile phone number

• Email address (collected when you register via the in-park leaderboard QR code)

• Vehicle license plate number(s)
   

2.2 Information Received from the Property's Point-of-Sale System

If you are a season passholder, VIP guest, or hold any other designated tier at a Property, Beacon receives the following information from the Property's point-of-sale ("POS") system for purposes of guest recognition and parking entitlement verification:

​

• First name and last name

• Mobile phone number

• Tier designation (e.g., season passholder, cabana guest)

​

This data is provided to Beacon by the Property, not directly by you. The accuracy of this data is the Property's responsibility. Beacon uses this data solely to verify your parking entitlements and does not use it for any purpose unrelated to operating the Platform.

2.3 Information Generated Through Your Use of the Platform

​

• Visit history — dates, times, and number of qualifying scans at each Property

• Leaderboard points and campaign participation records

• Reward earning and redemption history

• Guest satisfaction rating responses

• Device identifier used for returning guest recognition

• Enforcement-related records, if any, associated with your vehicle

• Terms of Service version accepted and acceptance timestamp

• SMS marketing consent status and timestamp

• SMS opt-out records, including channel and timestamp
   

2.4 Information We Do Not Collect

Beacon does not collect or store payment card numbers, bank account information, or any other financial account data. All payment transactions are processed directly by Stripe, Inc. in accordance with Stripe's own privacy policy. Beacon does not access, store, or transmit your payment credentials at any point.

Beacon does not use location tracking or GPS data. On-property scan validation is accomplished through the QR code mechanism, which requires physical presence at the Property. No location data is collected from your device.
Beacon does not cross-reference your license plate number with any vehicle registration database or use it to identify you through third-party sources. License plate data is used solely for parking compliance verification within the Platform.

3. How We Use Your Information

Beacon uses the personal information we collect for the following purposes:

3.1 Operating the Platform

​

• Processing parking transactions and verifying payment status

• Recognizing returning guests to eliminate re-entry friction

• Verifying VIP status and applying tier-based pricing and entitlements automatically

• Tracking visit counts for Trip-Based Rewards progression

• Maintaining leaderboard standings and campaign participation records

• Enabling reward redemption by Property Guest Services staff

• Supporting enforcement monitoring by making vehicle payment status visible to authorized Property staff
   

3.2 Communications

​

• Sending transactional SMS messages — verification codes and VIP enrollment confirmations — as necessary for Platform operation

• Sending marketing SMS messages — rewards reminders, promotional messages, and event notifications — to guests who have affirmatively opted in

• Sending re-engagement messages after qualifying scans to remind opted-in guests of pending rewards
   

3.3 Sharing with the Property

Guest personal information, including name, phone number, email address, and visit history, may be shared with the Property you visited for the Property's own marketing, operational, and guest relationship purposes. When Beacon shares your information with a Property, that Property's own privacy practices govern how it uses and protects that information. Beacon is not responsible for the privacy practices of any Property.

3.4 Internal Analytics and Product Improvement

Beacon uses aggregated, anonymized data across its platform for internal analytics, benchmarking, and product improvement purposes. This includes aggregate information about visit frequency, scan timing, occupancy patterns, and program engagement. This data does not identify individual guests and is not shared with third parties in any form that could be used to identify you.

3.5 Legal Compliance and Protection

​

• Complying with applicable laws, regulations, and legal process

• Enforcing Beacon's Terms of Service

• Protecting the rights, property, and safety of Beacon, Properties, and guests

• Responding to lawful requests from government authorities

4. How We Share Your Information

Beacon does not sell your personal information. Beacon shares your personal information only as described below:

4.1 With the Property You Visited

Beacon shares your personal information — including name, phone number, email address, visit history, and tier status — with the Property at which you scanned. The Property uses this information for its own marketing, operational, and guest relationship purposes. Beacon is not responsible for the Property's use of this information after it is shared. If you have questions about how a specific Property uses your information, please contact that Property directly.

4.2 With Stripe, Inc. (Payment Processing)

Payment transactions are processed by Stripe, Inc. Beacon shares the minimum information necessary to facilitate payment processing with Stripe. Stripe's use of your information is governed by Stripe's Privacy Policy, available at stripe.com/privacy. Beacon does not store, access, or transmit your payment card data.

4.3 With Twilio, Inc. (SMS Delivery)

SMS messages are delivered through Twilio, Inc. Beacon shares your mobile phone number with Twilio for the sole purpose of delivering SMS messages associated with your use of the Platform. Twilio's use of your information is governed by Twilio's Privacy Policy, available at twilio.com/en-us/legal/privacy.

4.4 In Connection with a Business Transfer

If Beacon is involved in a merger, acquisition, financing, reorganization, or sale of all or a portion of its assets, your personal information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information by updating this Privacy Notice.

4.5 For Legal Compliance

Beacon may disclose your personal information if required to do so by law, regulation, or valid legal process, or if Beacon believes in good faith that such disclosure is necessary to protect the rights, property, or safety of Beacon, a Property, or others.

4.6 No Sale of Personal Information

Beacon does not sell, rent, or trade your personal information to any third party for that party's own marketing or commercial purposes. The sharing described in Sections 4.1 through 4.5 above does not constitute a "sale" of personal information under applicable privacy law.

5. Data Retention

Beacon retains your personal information indefinitely unless you submit a verifiable deletion request as described in Section 7. We retain information indefinitely because the Platform's visit-based rewards and leaderboard programs are designed to track long-term guest relationships, and historical visit data is necessary to maintain the integrity of those programs across seasons.

Notwithstanding the foregoing, Beacon retains the following records for the periods required by applicable law, regardless of any deletion request:

​

• Records of Terms of Service acceptance — retained for the period necessary to demonstrate compliance with the E-SIGN Act and applicable consumer protection law

• Records of SMS marketing consent and opt-out — retained for the period required by the Telephone Consumer Protection Act and FCC regulations

• Transaction records — retained for the period required by applicable tax and financial recordkeeping law

​

When you submit a deletion request, Beacon will delete or anonymize your personal information within a reasonable time, except for the legally required retention categories listed above.

6. Data Security

Beacon implements reasonable technical and organizational measures to protect your personal information against unauthorized access, disclosure, alteration, or destruction. These measures include encryption of personal data at rest, role-based access controls limiting staff access to only the data necessary for their role, and secure transmission protocols.

No method of electronic transmission or storage is completely secure. Beacon cannot guarantee absolute security of your personal information. In the event of a data breach that affects your personal information and triggers notification obligations under applicable state law, Beacon will notify you as required by law using the contact information associated with your account. For breach-related inquiries, contact info@gobeacon.us.

Beacon maintains an internal breach response protocol and will notify affected Properties promptly following discovery of any breach affecting guest data.

7. Your Privacy Rights

Depending on the state in which you reside, you may have certain rights with respect to your personal information. Beacon honors these rights for all guests regardless of state of residence. Your rights include:

7.1 Right to Know

You have the right to request information about the categories and specific pieces of personal information Beacon has collected about you, the sources of that information, the purposes for which it is used, and the categories of third parties with whom it is shared.

7.2 Right to Access

You have the right to request a copy of the personal information Beacon holds about you.

7.3 Right to Correct

You have the right to request correction of inaccurate personal information in your account record. For corrections to POS-sourced data (name, phone number, tier designation), please contact the Property directly, as that data originates with the Property.

7.4 Right to Delete

You have the right to request deletion of your personal information. To submit a deletion request, contact Beacon at info@gobeacon.us. Beacon will verify your identity before processing your request and will honor verified deletion requests within a reasonable time, subject to the legal retention obligations described in Section 5.

7.5 Right to Opt Out of Data Sharing

You have the right to opt out of the sharing of your personal information with the Property for the Property's marketing purposes. To exercise this right, contact Beacon at info@gobeacon.us. Note that opting out of data sharing with the Property does not affect Beacon's ability to share your data with Stripe and Twilio, which is necessary for Platform operation.

7.6 Right to Non-Discrimination

Beacon will not discriminate against you for exercising any of your privacy rights. Exercising your rights will not result in denial of access to the Platform, different pricing, or a different level of service, except to the extent that the deletion of your account data makes it technically impossible to continue providing the service.

7.7 How to Submit a Request

To exercise any of the rights described above, contact Beacon at:
 
Email: info@gobeacon.us
Subject line: Privacy Rights Request
 
Beacon will respond to verifiable requests within 45 days. If additional time is needed, Beacon will notify you of the extension and the reason for it. Beacon may request information to verify your identity before processing your request.

7.8 Delaware Residents — Delaware Department of Justice

If you are a Delaware resident and believe Beacon has violated your rights under the Delaware Personal Data Privacy Act, you may submit a complaint to the Delaware Department of Justice at privacy@delaware.gov.

7.9 Texas Residents

If you are a Texas resident, you have additional rights under the Texas Data Privacy and Security Act, including the right to opt out of the processing of your personal data for purposes of targeted advertising and the right to appeal Beacon's response to your privacy request. To submit an appeal, contact info@gobeacon.us with the subject line "Privacy Rights Appeal." Beacon will respond to verified appeals within 60 days.

7.10 Other State Residents

Residents of California, Virginia, Colorado, Connecticut, Montana, Oregon, New Hampshire, New Jersey, Nebraska, Iowa, Indiana, Kentucky, Maryland, Minnesota, Rhode Island, and other states with comprehensive privacy laws have rights substantially similar to those described in this Section. Beacon honors these rights for all guests regardless of state of residence. Contact info@gobeacon.us to exercise your rights.

8. Children's Privacy

The Platform is intended for use by adults 18 years of age or older. The account holder is the adult driver of the vehicle who scans the QR code and accepts the Terms of Service. Beacon does not knowingly collect personal information directly from children under the age of 13.

Because the account holder is the adult driver, minor passengers traveling in the vehicle are not the subject of any direct data collection by Beacon. The account holder's acceptance of the Terms of Service on behalf of minor passengers is governed by the Terms of Service.

If you believe that Beacon has inadvertently collected personal information from a child under 13 without parental consent, please contact us at info@gobeacon.us and we will take prompt steps to delete that information.

9. License Plate Data and the Driver's Privacy Protection Act

Beacon collects vehicle license plate numbers for the sole purpose of parking compliance verification within the Platform. Specifically, license plate data is used to match a scanned vehicle to an existing payment or VIP record, and to enable Property enforcement staff to identify whether a vehicle in the lot has completed a valid parking scan.

Beacon does not cross-reference license plate numbers with any vehicle registration database, state DMV records, or any other external data source for the purpose of identifying vehicle owners or obtaining additional personal information. Beacon's use of license plate data is consistent with the Driver's Privacy Protection Act, 18 U.S.C. § 2721 et seq., which governs the permissible use of personal information from motor vehicle records.

License plate data is retained as part of your guest record in accordance with Beacon's general data retention policy described in Section 5 and may be deleted upon a verified deletion request.

10. SMS Communications and TCPA Compliance

​

Beacon's SMS program is operated in compliance with the Telephone Consumer Protection Act ("TCPA"), 47 U.S.C. § 227, and the rules and regulations promulgated thereunder by the Federal Communications Commission.
 

Beacon maintains an internal suppression list of all phone numbers that have opted out of marketing SMS. Opted-out numbers are not re-enrolled in marketing SMS without fresh affirmative consent. Beacon processes opt-out requests received through any reasonable channel — including SMS reply, email, or written request — within 10 business days.

Beacon periodically scrubs its marketing SMS send list against the FCC's Reassigned Numbers Database to minimize the risk of contacting individuals who have been reassigned a phone number previously associated with a Beacon guest account. If you have been reassigned a phone number that was previously registered in the Platform, please contact info@gobeacon.us so we can remove your number from any send lists.
 

For questions about Beacon's SMS program or to opt out, contact info@gobeacon.us or reply STOP to any Beacon marketing message.

11. Payment Processing — Stripe, Inc.

​

All payment transactions completed through the Platform are processed by Stripe, Inc. ("Stripe"), a third-party payment processor. When you complete a parking payment, your payment information is submitted directly to Stripe and is governed by Stripe's Privacy Policy, available at stripe.com/privacy, and Stripe's Terms of Service.
 

Beacon does not store, process, or have access to your full payment card number, CVV, or bank account information at any point. The only payment-related information retained by Beacon is a record of the transaction amount, date, and status for purposes of revenue reporting and payout calculation.
 

Stripe is responsible for PCI-DSS compliance in connection with payment card data. By completing a payment through the Platform, you acknowledge that your payment data is being processed by Stripe and that Stripe's own privacy and security practices govern that data.

12. Third-Party Services

​

In addition to Stripe and Twilio described above, the Platform operates in connection with the Property's point-of-sale system, which is a third-party service operated by the Property or its technology vendors. Beacon's integration with the Property's POS is one-directional — data flows from the POS to Beacon for purposes of guest recognition, and not from Beacon back to the POS except as expressly agreed with the Property.
 

This Privacy Notice does not govern the data practices of any Property, any Property's point-of-sale provider, Stripe, Twilio, or any other third party. Beacon encourages you to review the privacy policies of these third parties directly.