Privacy Policy

Effective Date: March 20, 2026 · Last Updated: March 20, 2026

AuthBeacon ("we", "our", "the extension") is a browser extension and web platform developed by AWB Tech LLC. This privacy policy explains what data the AuthBeacon browser extension and platform collect, how that data is used, and your rights regarding that data.

What AuthBeacon Does

AuthBeacon is a shadow IT discovery tool designed for enterprise IT teams. The browser extension detects the presence of login forms (password input fields) on web pages and reports them to your organization's self-hosted AuthBeacon server. The purpose is to give IT administrators visibility into which web applications employees are authenticating to.

Data Collected by the Browser Extension

When the extension detects a password input field on a web page, it sends the following to your organization's AuthBeacon server:

  • Page URL — the full URL of the page containing the password field
  • Page title — the title of the web page
  • Device ID — a randomly generated UUID stored locally in the browser
  • User email and display name — only if configured by your IT administrator or manually entered
  • Browser type and operating system — derived from the User-Agent string

Data We Do NOT Collect

  • Passwords or any form input data
  • Cookies or session tokens
  • Browsing history or pages without password fields
  • Keystrokes or screen content
  • Personal files or documents

How Data Is Used

All collected data is used exclusively for shadow IT discovery and reporting within your organization:

  • Maintaining an inventory of web applications with login pages
  • Displaying SSO coverage and trends in the dashboard
  • Identifying which users and devices access which applications
  • Generating reports and exports for IT compliance

Data Storage and Security

  • Self-hosted — AuthBeacon is deployed on your organization's infrastructure. AWB Tech LLC does not host, access, or process your data.
  • Tenant isolation — each organization's data is logically isolated.
  • Encryption in transit — all communication uses HTTPS.
  • API key authentication — keys are stored as SHA-256 hashes.
  • Password hashing — user passwords use Django's PBKDF2 algorithm.

Data Sharing

We do not sell, rent, or share your data with third parties. Since AuthBeacon is self-hosted, your organization's data never leaves your infrastructure. AWB Tech LLC does not have access to any data collected by your deployment.

Data Retention

Data retention is controlled by your organization's AuthBeacon administrator. The platform does not automatically delete data. Administrators can remove data at any time through the dashboard.

Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access your data by contacting your organization's AuthBeacon administrator
  • Delete your data by requesting removal from your administrator
  • Opt out by uninstalling the extension or requesting removal from your IT team

Since AuthBeacon is self-hosted, data subject requests should be directed to your organization's IT administrator.

Browser Extension Permissions

  • Host permissions (all URLs) — required to scan pages for password fields. No page content is read beyond detecting password inputs.
  • Storage — required to persist configuration (server URL, API key, device ID) across sessions.

Children's Privacy

AuthBeacon is an enterprise tool not directed at children under 13. We do not knowingly collect data from children.

Changes to This Policy

We may update this policy from time to time. Changes will be reflected in the "Last Updated" date above.

Contact

AWB Tech LLC
Email: [email protected]
Website: authbeacon.io