Privacy
Verifying shouldn't cost you your data.
BeOriginal exists to tell you whether a product is original — not to profile you. That's why the scanner works with no accounts, no sign-ups, and nothing asked that isn't needed.
Last updated: July 3, 2026
Who is responsible
beoriginal.id is operated by BeOriginal, a trademark of P3 Consultores S. de R.L. de C.V. If you have any question about how we handle data, write to beo@beoriginal.id.
This policy is governed by Mexico's Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP): the new law published March 20, 2025, in force since March 21, 2025, which replaced the 2010 version. The authority overseeing it is no longer INAI — it was dissolved that same date — but the Secretaría Anticorrupción y Buen Gobierno (Anti-Corruption and Good Governance Ministry). The rights described below correspond to the ARCO rights (Access, Rectification, Cancellation, Opposition).
Simplified notice on the scanner
This page is the full privacy notice. At the moment of scanning, before asking for camera and location permission, you'll see a short simplified notice with the essentials — and the scanner screen always has a direct link to this full page, no need to hunt for it.
What we store when you verify a product
When you scan a BeOriginal label we record the verification event. This part is necessary for the service — without it there's no verification:
- the label's code and the outcome (original, already used, alert…),
- the date and time of the scan.
This part is voluntary — it's your call, not a requirement to verify:
- your approximate location — ONLY if you allow it when the browser asks. Verification works exactly the same if you decline.
You see at most the city. Exact coordinates are visible only to the brand that owns the product, so it can detect where copies show up.
We don't ask for your name, email, phone or an account. We don't know who you are — by design.
The link checker
If you paste a link (or scan a non-BeOriginal QR), we check it with our own filters and Google Web Risk to warn you about danger signals. The link is processed to give you the verdict; it is not tied to your identity.
Brand accounts (staff)
Brands using the panel have accounts with email and password. We keep what's needed to operate: encrypted credentials, role, and an action log (who generated, activated or voided labels). That protects both consumers and the brand itself.
Sub-processors
To operate we use the following providers. None of them receives your identity as a consumer:
- Vercel — hosting and site delivery.
- Neon — database (Postgres, encrypted at rest).
- Google Web Risk — checking suspicious links.
- BigDataCloud — turning coordinates into “City, Country” (no personal data).
- Cal.com — demo scheduling (only if you book).
If this list changes, we update this page first.
Cookies
We use one cookie to remember your language (ES/EN) and the strictly necessary ones for the brand panel session. No advertising cookies, no cross-site tracking. We don't sell profiles to anyone — period. Full detail is on the Cookies page.
Your rights (ARCO)
You have the right to access, rectify, cancel or oppose the processing of your data. Write to beo@beoriginal.id and we reply within 72 hours.
Honest note: since the scanner doesn't store your identity, in most cases there is nothing of yours to delete.
Security
Encryption in transit (TLS) and at rest. Label codes are stored as cryptographic fingerprints (salted hashes): not even our database knows the plain codes. Restricted internal access and an audit log. Full technical detail is on the Security page.
Minors
beoriginal.id is not aimed at children under 13. Verifying a product collects no identity, but the brand panel is for adults only.
Changes to this policy
If this policy changes, we publish it here before it takes effect. We never apply retroactive changes.