Privacy Policy

BeyondMachines ("us", "we", or "our") operates (the "Website") and third-party integrations (the "App") with collaboration platforms like Slack  (the “Collaboration Platforms").

BeyondMachines provides online cybersecurity knowledge and awareness content, tools and consultancy via the Website and via integration to collaboration platforms like Slack (the "Service").

This Privacy Policy describes how we collect and use the information you may provide or may be accessible to us when using BeyondMachines. We respect your privacy and comply with any applicable law and regulation regarding any personal information we may collect about you, including across our Apps, Website and other sites we own and operate.

In case our Website contains links to third-party sites and services, please be aware that those sites and services have their own privacy policies. After following a link to any third-party content, you should read their posted privacy policy information about how they collect and use personal information. This Privacy Policy does not apply to any of your activities after you leave our site.

Data Residence

BeyondMachines strives to be very transparent about data processing and data residence locations.

No local copies of data are performed on personal computers/devices

Data residence per location and use:

  • Primary BeyondMachines Service processing and data store - BeyondMachines operates it's platform from AWS Region eu-central-1 (Frankfurt);
  • Analytics platform - BeyondMachines uses Mixpanel with EU data store selected.
  • Development, Maintenance and support of the BeyondMachines Service - The team maintaining the BeyondMachines platform operates from North Macedonia, and part of the data (mail contacts) can be accessed for development, maintenance and support of the platform.
  • Email communication - BeyondMachines uses AWS and Gsuite for email communication and customer support, both on with an EU data residence.
  • Meetings management - BeyondMachines uses Gsuite for meeting scheduling and management with a EU data residence.

Platforms and social media we use

  • Blog platform - BeyondMachines uses Medium to publish it's blog. We don't collect any customer data via Medium, but for Medium's policy on their data collection please see the Medium Privacy Policy
  • Videos  - BeyondMachines uses Youtube to publish it's videos. We don't collect any customer data via YouTube, but for YouTube's policy on their data collection please see the YouTube Privacy Policy
  • Social media - BeyondMachines uses Twitter, LinkedIn, Mastodon and Facebook to interact with customers using social media. BeyondMachines processes the identity that you have chosen to use and make accesible to other users and pages on those social media. This will include usernames and depending on your own choice it may include personally identifiable information that you have chosen to make public (Name, Surname, company, location etc...). We don't extract that information out of the respective social media nor use it outside of the social media where you have placed it. If you delete your data on the respective social media will also delete it for us. For the privacy policies of the social media and their use of your data, please visit Twitter Privacy PolicyLinkedIn Privacy Policy, Mastodon Privacy Policy and Facebook Privacy Policy.

Third parties controlled by users

  • Slack - integrated to BeyondMachines by action of the user - please check with Slack on data residence. For Slack's policy on their data collection please see the Slack Privacy Policy

Notification of candidate third parties and rights to objection

In the below table we will publish the planned new third parties or services we are considering as subprocessors or partners, which will provide you with information and possibility to object.

You can object to candidate subprocessors for the platform - those that process personal information which are exposed to BeyondMachines by you directly using the BeyondMachines platform.

You can't object to:

  • social media or voluntary service where personal information is not sent to BeyondMachines and any access to such service is purely voluntary by the user. 
  • subprocessors which don't process any of your PII data.

All objections must be based on a reasonable material argument of risk to PII data. Objections can't be based on individual or corporate views of the subprocessors.

We will do our best to review and accept all objections to the subprocessors. If your objection is rejected, you will be notified. You always have the option to stop using the service.

If we don't receive any objection or objections are rejected within 90 days of announcement or the subprocessor, the third party will be used.

Candidate announced date Processes your PII data? Candidate Third Party Name Reason for Use Processing location Third Party Home page Third Party Privacy page

Information we collect

BeyondMachines only collects information that is sent directly to it, via visiting the Website, via installation of App, data entered directy in the Website by an authenticated user with permissions to integrate Collaboration Platform to our Website, email or direct direct message, command or mention of Collaboration Platform App. 

Information we collect falls into one of two categories: "voluntarily provided" information and "automatically collected" information.

"Voluntarily provided" information refers to any information you knowingly and actively provide us when using or participating in any of our Services and promotions.

"Automatically collected" information refers to any information automatically sent by your devices in the course of accessing our products and services. Automatically collected information has several different purposes:

  • Installation contact personal information - used to contact and notify the administrator who has integrated the BeyondMachines App to the Collaboration Platform about status of service, errors and service reports;
  • Action contact personal information - used to contact and notify the user with a response to the question/action they requested through the App on the Collaboration Platform;
  • Analytics - used to understand and improve the functionality of the Website;
  • Log data - used to identify application errors or potential security events in the Website or App.

Automatically collected Personal information

BeyondMachines collects basic personal information about Collaboration Platform workspace admin when the App is installed or used:

  • name
  • email address

as they are registered in the Collaboration Platform.

Volontarily provided Personal information

BeyondMachines may collect personal information through volontary actions of the use, when the user adds details or submits custom information when using the commercial Service, or when participating in cybersecurity tests and simulations for knowledge purposes.


Using standard web analytics and web server technologies, BeyondMachines logs your navigation actions, IP address, Operating System and other information provided by your web browser. BeyondMachines makes reasonable effort not to log information that can uniquely identify the user in web analytics, like username, personal names

Log Data

When you visit our website, our servers may automatically log the standard data provided by your web browser. It may include your username, device’s Internet Protocol (IP) address, your browser type and version, the function of the Service that you visite, the time and date of your visit, the time spent on each page, and other details about your visit.

If you encounter certain errors while using BeyondMachines, we may automatically collect data about the error and the circumstances surrounding its occurrence. This data may include technical details about your device, what you were trying to do when the error happened, and other technical information relating to the problem. You may or may not receive notice of such errors, even in the moment they occur, that they have occurred, or what the nature of the error is.

Please be aware that while this information may not be personally identifying by itself, it may be possible to combine it with other data to personally identify individual persons.

Legitimate Reasons for Processing Your Personal Information

We only collect and use your personal information when we have a legitimate reason for doing so. In which instance, we only collect personal information that is reasonably necessary to provide our services to you.

We may collect personal information from you when you do any of the following:

  • Install or use the App in Collaboration Platform like Slack
  • Purchase a commercial Service
  • Sign up to receive updates from us via email or social media channels
  • Use a mobile device or web browser to access our content
  • Contact us via email, social media, or on any similar channels
  • When you mention us on social media

We may collect, hold, use, and disclose information for the following purposes, and personal information will not be further processed in a manner that is incompatible with these purposes:

  • to provide you with our platform's core features and services
  • to enable you to access and use our Website, associated applications, and associated social media platforms
  • for internal record keeping and administrative purposes (register of contracts, agreements etc)
  • to comply with our legal obligations and resolve any disputes that we may have
  • for security and fraud prevention, and to ensure that our sites and apps are safe, secure, and used in line with our terms of use
  • for technical assessment, including to operate and improve our app, associated applications, and associated social media platforms

We may combine "voluntarily provided" and "automatically collected" personal information with general information or research data we receive from other trusted sources. For example, If you provide us with your location, we may combine this with general information about currency and language to provide you with an enhanced experience of our site and service.

Security of Your Personal Information

When we collect and process personal information, and while we retain this information, we will protect it within commercially acceptable means to prevent loss and theft, as well as unauthorised access, disclosure, copying, use, or modification.

Although we will do our best to protect the personal information you provide to us, we advise that no method of electronic transmission or storage is 100% secure, and no one can guarantee absolute data security.

We employ relevant technical and organizational measures to protect your personal information, as listed in our Security page.

How Long We Keep Your Personal Information

We keep your personal information as long as needed to provide the Service or functionality that you have requested of us. For example,

  1. the information collected through the Collaboration Platform (for example Slack), we will retain this information for the duration your workspace account exists on our system. If your personal information is no longer required for this purpose, we will delete it or make it anonymous by removing all details that identify you.
  2. the information collected through subscription to mailing list and is not related to other functionality of our Service will be deleted immediately upon requesting to be removed from the mailing list.

We may retain your personal information for our compliance with a legal, accounting, or reporting obligation to the extent required by law.

Public Information

If you are a member of a Slack workspace that has enabled BeyondMachines, we may publicly present on our Website your Slack workspace name and team avatar after getting your approval to do so. We will not show any individual user’s information.

Children’s Privacy

We do not aim any of our products or services directly at children under the age of 13, and we do not knowingly collect personal information about children under 13.

Disclosure of Personal Information to Third Parties

We may disclose personal information to:

  • a parent, subsidiary, or affiliate of our company
  • third-party service providers for the purpose of enabling them to provide their services, including (without limitation) IT service providers, data storage, hosting and server providers, analytics, error loggers, debt collectors, maintenance or problem-solving providers, marketing providers, professional advisors, and payment service providers
  • our employees, contractors, and/or related entities
  • credit reporting agencies, courts, tribunals, and regulatory authorities, in the event you fail to pay for goods or services we have provided to you
  • courts, tribunals, regulatory authorities, and law enforcement officers, as required by law, in connection with any actual or prospective legal proceedings, or in order to establish, exercise, or defend our legal rights
  • third parties, including agents or sub-contractors, who assist us in providing information, products, services, or direct marketing to you
  • an entity that buys, or to which we transfer all or substantially all of our assets and business

Where legally applicable, BeyondMachines will maintain protection of personal information by signing a Data Protection Agreement with the other Third Parties

Third parties we currently use include:

  • Amazon Web Services - provider of Infrastructure Services on which our Service operates, data residence - Frankfurt, Germany.
  • Google Cloud Platform - provider of email communication service, data located globally
  • Mixpanel - provider of analytics services, data residence - EU

In the case of adding a new third party service to this list, we will send out a notice six weeks prior giving you an option to terminate your usage of BeyondMachines. The notice will be sent as a Direct Message within the Collaboration Platform to the workspace user that installed the BeyondMachines app. If the usage is not terminated within this timeframe, the new third party service is deemed to be accepted.

BeyondMachines may only engage a third party service if it has imposed the necessary responsibilities and obligations on the sub-processor as required by article 28 GDPR.

International Transfers of Personal Information

The personal information we collect is currently stored and/or processed in the countries listed in the Data Residence section where we or our partners, affiliates, and third-party providers maintain facilities or teams.

The countries to which we store, process, or transfer your personal information may not always have the same data protection laws as the country in which you initially provided the information. If we transfer your personal information to third parties in other countries: (i) we will perform those transfers in accordance with the requirements of applicable law; and (ii) we will protect the transferred personal information in accordance with this privacy policy.

Your Rights and Controlling Your Personal Information

Your choice: By providing personal information to us, you understand we will collect, hold, use, and disclose your personal information in accordance with this privacy policy. You do not have to provide personal information to us, however, if you do not, it may affect your use of our website or the products and/or services offered on or through it.

Information from third parties: If we receive personal information about you from a third party, we will protect it as set out in this privacy policy. If you are a third party providing personal information about somebody else, you represent and warrant that you have such person’s consent to provide the personal information to us.

Marketing permission: If you have previously agreed to us using your personal information for direct marketing purposes, you may change your mind at any time by contacting us using the details below.

Access: You may request details of the personal information that we hold about you.

Correction: If you believe that any information we hold about you is inaccurate, out of date, incomplete, irrelevant, or misleading, please contact us using the details provided in this privacy policy. We will take reasonable steps to correct any these information.

Non-discrimination: We will not discriminate against you for exercising any of your rights over your personal information. Unless your personal information is required to provide you with a particular service or offer (for example processing transaction data), we will not deny you goods or services and/or charge you different prices or rates for goods or services, including through granting discounts or other benefits, or imposing penalties, or provide you with a different level or quality of goods or services.

Notification of data breaches: We will comply with laws applicable to us in respect of any data breach and notify the administrator of the impacted Collaborative Platform workspace via e-mail or direct message.

Complaints: If you believe that we have breached a relevant data protection law and wish to make a complaint, please contact us using the details below and provide us with full details of the alleged breach. We will promptly investigate your complaint and respond to you, in writing, setting out the outcome of our investigation and the steps we will take to deal with your complaint. You also have the right to contact a regulatory body or data protection authority in relation to your complaint.

Unsubscribe: To unsubscribe from our email database or opt-out of communications (including marketing communications), please contact us using the details provided in this privacy policy, or opt-out using the opt-out facilities provided in the communication. We may need to request specific information from you to help us confirm your identity.

Use of Cookies

A cookie is a small piece of data that we may store on your computer (see details below) and we recognize with subsequent requests, so we can provide you the requested services.

For visitors of, we don't use cookies and we don't collect any personal data. We do not track any individual people. No information such as cookies is stored in the browser. We just collect some anonymous usage data for statistical purposes.

For BeyondMachines customers that log in to we use cookies to provide the login functionality. They actively need to sign up for an account.

Business Transfers

If we or our assets are acquired, or in the unlikely event that we go out of business or enter bankruptcy, we would include data, including your personal information, among the assets transferred to any parties who acquire us. You acknowledge that such transfers may occur, and that any parties who acquire us may, to the extent permitted by applicable law, continue to use your personal information according to this policy, which they will be required to assume as it is the basis for any ownership or use rights we have over such information.

Limits of this Policy

Our website may link to external sites that are not operated by us. Please be aware that we have no control over the content and policies of those sites, and cannot accept responsibility or liability for their respective privacy practices.

Changes to this Policy

At our discretion, we may change our privacy policy to reflect updates to our business processes, current acceptable practices, or legislative or regulatory changes. If we decide to change this privacy policy, we will post the changes here at the same link by which you are accessing this privacy policy.

If the changes are significant, or if required by applicable law, we will contact you (based on your selected preferences for communications from us) and all our registered users with the new details and links to the updated or changed policy.

If required by law, we will get your permission or give you the opportunity to opt in to or opt out of, as applicable, any new uses of your personal information.

Additional Disclosures for General Data Protection Regulation (GDPR) Compliance (EU)

Data Controller / Data Processor

The GDPR distinguishes between organisations that process personal information for their own purposes (known as "data controllers") and organizations that process personal information on behalf of other organizations (known as "data processors"). We are a Data Processor with respect to the personal information you provide to us.

Legal Bases for Processing Your Personal Information

We will only collect and use your personal information when we have a legal right to do so. In which case, we will collect and use your personal information lawfully, fairly, and in a transparent manner. If we seek your consent to process your personal information, and you are under 16 years of age, we will seek your parent or legal guardian’s consent to process your personal information for that specific purpose.

Our lawful bases depend on the services you use and how you use them. This means we only collect and use your information on the following grounds:

Consent from you

Where you give us consent to collect and use your personal information for a specific purpose. You may withdraw your consent at any time using the facilities we provide; however this will not affect any use of your information that has already taken place. You may consent to providing your email address for the purpose of receiving marketing emails from us. While you may unsubscribe at any time, we cannot recall any email we have already sent. If you have any further enquiries about how to withdraw your consent, please feel free to enquire using the details provided in the "Contact us" section of this privacy policy.

Performance of a Contract or Transaction

Where you have entered into a contract or transaction with us, or in order to take preparatory steps prior to our entering into a contract or transaction with you. For example, if you purchase a product, service, or subscription from us, we may need to use your personal and payment information in order to process and deliver your order.

Our Legitimate Interests

Where we assess it is necessary for our legitimate interests, such as for us to provide, operate, improve and communicate our services. We consider our legitimate interests to include research and development, understanding our audience, marketing and promoting our services, measures taken to operate our services efficiently, marketing analysis, and measures taken to protect our legal rights and interests.

Compliance with Law

In some cases, we may have a legal obligation to use or keep your personal information. Such cases may include (but are not limited to) court orders, criminal investigations, government requests, and regulatory obligations. If you have any further enquiries about how we retain personal information in order to comply with the law, please feel free to enquire using the details provided in the "Contact us" section of this privacy policy.

International Transfers outside of the European Economic Area (EEA)

We will ensure that any transfer of personal information from countries in the European Economic Area (EEA) to countries outside the EEA will be protected by appropriate safeguards, for example by using standard data protection clauses approved by the European Commission, or the use of binding corporate rules or other legally accepted means.

Your Rights and Controlling your Personal Information

Restrict: You have the right to request that we restrict the processing of your personal information if (i) you are concerned about the accuracy of your personal information; (ii) you believe your personal information has been unlawfully processed; (iii) you need us to maintain the personal information solely for the purpose of a legal claim; or (iv) we are in the process of considering your objection in relation to processing on the basis of legitimate interests.

Objecting to processing: You have the right to object to processing of your personal information that is based on our legitimate interests or public interest. If this is done, we must provide compelling legitimate grounds for the processing which overrides your interests, rights, and freedoms, in order to proceed with the processing of your personal information.

Data portability: You may have the right to request a copy of the personal information we hold about you. Where possible, we will provide this information in CSV format or other easily readable machine format. You may also have the right to request that we transfer this personal information to a third party.

Deletion: You may have a right to request that we delete the personal information we hold about you at any time, and we will take reasonable steps to delete your personal information from our current records. If you ask us to delete your personal information, we will let you know how the deletion affects your use of our website or products and services. There may be exceptions to this right for specific legal reasons which, if applicable, we will set out for you in response to your request. If you terminate or delete your account, we will delete your personal information within 30 days of the deletion of your account. Please be aware that search engines and similar third parties may still retain copies of your personal information that has been made public at least once, like certain profile information and public comments, even after you have deleted the information from our services or deactivated your account.

Information and Audits

BeyondMachines will assist controller in ensuring compliance with the Applicable Data Protection Law if controller can't meet its obligations without assistance.

BeyondMachines makes available to the controller all information necessary to demonstrate compliance with the obligations laid down in article 28 GDPR and allow for and contribute to audits, including inspections, conducted by the controller or another auditor mandated by the controller. Audits or inspections can be performed only (1) during regular business hours, (2) without interfering with BeyondMachines business operations, (3) upon prior notice of at least 30 days and further consultation with BeyondMachines, (4) under execution of confidentiality, (5) at most once a year. Audit will be performed on the expense of the controller and BeyondMachines will be compensated for the cost of assisting with the audit, including costs of the internal resources, and covering the legal costs. BeyondMachines will receive a copy of the audit report.

Additional Disclosures for Australian Privacy Act Compliance (AU)

International Transfers of Personal Information

Where the disclosure of your personal information is solely subject to Australian privacy laws, you acknowledge that some third parties may not be regulated by the Privacy Act and the Australian Privacy Principles in the Privacy Act. You acknowledge that if any such third party engages in any act or practice that contravenes the Australian Privacy Principles, it would not be accountable under the Privacy Act, and you will not be able to seek redress under the Privacy Act.

Additional Disclosures for California Compliance (US)

Under California Civil Code Section 1798.83, if you live in California and your business relationship with us is mainly for personal, family, or household purposes, you may ask us about the information we release to other organizations for their marketing purposes.

To make such a request, please contact us using the details provided in this privacy policy with "Request for California privacy information" in the subject line. You may make this type of request once every calendar year. We will email you a list of categories of personal information we revealed to other organisations for their marketing purposes in the last calendar year, along with their names and addresses. Not all personal information shared in this way is covered by Section 1798.83 of the California Civil Code.

Do Not Track

Some browsers have a "Do Not Track" feature that lets you tell websites that you do not want to have your online activities tracked. At this time, we do not respond to browser "Do Not Track" signals because we don't track you individually.

We adhere to the standards outlined in this privacy policy, ensuring we collect and process personal information lawfully, fairly, transparently, and with legitimate, legal reasons for doing so.

Cookies and Pixels

At all times, you may decline cookies from our site if your browser permits. Most browsers allow you to activate settings on your browser to refuse the setting of all or some cookies. Accordingly, your ability to limit cookies is based only on your browser’s capabilities. Please refer to the "Use of Cookies" section of this privacy policy for more information.

CCPA-permitted financial incentives

In accordance with your right to non-discrimination, we may offer you certain financial incentives permitted by the CCPA that can result in different prices, rates, or quality levels for the goods or services we provide.

Any CCPA-permitted financial incentive we offer will reasonably relate to the value of your personal information, and we will provide written terms that describe clearly the nature of such an offer. Participation in a financial incentive program requires your prior opt-in consent, which you may revoke at any time.

California Notice of Collection

In the past 12 months, we have collected the following categories of personal information enumerated in the California Consumer Privacy Act:

  • Audio or visual data, such as photos or videos you share with us or post on the service.

For more information on information we collect, including the sources we receive information from, review the "Information We Collect" section. We collect and use these categories of personal information for the business purposes described in the "Collection and Use of Information" section, including to provide and manage our Service.

Right to Know and Delete

If you are a California resident, you have rights to delete your personal information we collected and know certain information about our data practices in the preceding 12 months. In particular, you have the right to request the following from us:

  • The categories of personal information we have collected about you;
  • The categories of sources from which the personal information was collected;
  • The categories of personal information about you we disclosed for a business purpose or sold;
  • The categories of third parties to whom the personal information was disclosed for a business purpose or sold;
  • The business or commercial purpose for collecting or selling the personal information; and
  • The specific pieces of personal information we have collected about you.

To exercise any of these rights, please contact us using the details provided in this privacy policy.

Shine the Light

We do not share any personal information of our users with third parties for for their own direct marketing purposes.

Deleting your Data

You can request that your data be permanently deleted by requesting a deletion via contact [at] beyondmachines [dot] net. Please note that we will make reasonable efforts to fulfill your request or advise you of any limitation that prevents us to fully or partially fulfill your request.

Contact us

If you have any questions, comments, or concerns about this privacy policy, your data, or your rights with respect to your information, you may contact us at contact [at] beyondmachines [dot] net.

Change log

  • 08 May 2022: Initial version
  • 01 June 2022: Updating processors to add social media
  • 05 June 2022: Adding Notification of candidate third parties and rights to objection
  • 24 July 2023: Adding Mastodon and Facebook as social media processors