What do I need to use BeLooped?
BeLooped runs on iOS and Android smartphones and tablets.
- Apple iPhones and iPads require iOS 11 or later.
- Android phones and tablets require Android Lollipop (5.0) or later.
An Internet connection (either WiFi or cellular) is required to sign into your account and to sync with the server. You can’t use BeLooped without signing into your account.
Syncing with our server is an important part of BeLooped. However, once you’ve signed in, you can use BeLooped offline if you don’t have a connection.
Why do you want my email address?
We use your email address acts to establish your identity. There are many Debbie Browns in the world, but only one DBrown@BeeMail.buzz. That is why we use your email address: it’s guaranteed to be unique. When you register, you are claiming to “own” a specific email address. We confirm this by sending a Secret Code to it and asking you to verify the code. When you enter this code, we can be sure you own the email address you said you do.
We do not use the email address for anything else. You can choose to share it with others in the groups you join so other members can contact you, but you don’t have to.
Most free services are actually cashing in on your personal data. You and your interests and activities are the product they sell. BeLooped offers in-app purchases instead of selling what you say, what you do and where you are.
We won’t spam you. If there’s a new feature that we want to tell you about, we’ll let you know from within BeLooped. We do not sell, rent, lease, lend, give, or in any other way share your email address (or any other personal information). And if this list seems to offer us some wiggle room, let us know so we can close it!
How does BeLooped make money?
A few ways:
- Subscriptions. Users like you can subscribe to BeLooped to gain access to additional features.
- Sponsorship. BeLooped is important enough to some of our users that they pay us directly for development considerations. Basically, they give us money to help prioritize the features we add. This doesn’t mean that we’ll add anything we don’t believe in.
- Advertising. No, we’re kidding about this. We don’t run any advertising or share any information with others. This is a critical point to us, which we explain elsewhere.
What’s wrong with advertising?
Advertising itself is not evil (aside from some obvious tradeoffs, like taking away screen space, bandwidth and wasting your time and ours), but it leads to bad decisions about how to maximize revenue from the advertising.
Consider: Showing you an ad for LEGO would not be evil. Maybe you like LEGO! At least one of our developers was raised on it. But gathering the kind of data to know you like LEGO in order to increase the value of the ad means knowing more about you than you probably want want known. To really maximize the return, the advertising would not only track that you like LEGO but also other kinds of purchases you make. Does this person use Mega-Blocks? Maybe we can turn them. What kind of sets would they be interested in?
Some people don’t care about that kind of privacy breach, but we think the things you can learn about people are only going to increase in the future. The opportunities available to use this data for profit are only going to increase in the future, too, and some of those opportunities may be worse for you than anything being done now. For instance, some sites have been already been increasing the price of things they think you might want to purchase (though more sites do just the opposite).
The best way to keep your trust is for us not to get into any of that. We want to align our goals with yours: You want a good product without those compromises. We want to give you a good product, and we’ve made avoiding those kinds of compromises part of our business.
Why are Secret Codes so short?
We’ve done the math on this, though we’ll spare you the details. Secret Code are secure enough at that length.
Some of the factors involved:
- A Secret Code by itself does not contain enough information to access your account. Your account can only be accessed from the device that generated it.
- A given code is only valid for a limited number of attempts, after which a new one is generated.
- Other techniques are used on the server to restrict break-in attempts further.
See “How is BeLooped secure without passwords?” later in the FAQ.
Why are Group Invite Codes so long?
Remember how we said we’ve done the math on this? Group Invite Codes are not restricted in the same way as secret codes, so they need to be longer.
To be useful, you need to be able to give an invite code to anyone using BeLooped (or even someone not using BeLooped yet). They’re also valid longer. Given those two things, Group Invite Codes need to be longer to be secure.
We don’t just increase the length of the codes. There are other restrictions enforced on our servers. It’s exceedingly unlikely someone could guess an invite code. A more real concern is that someone could overhear you reading a code or break into your email, so be careful.
How is BeLooped secure without passwords?
BeLooped is secure without passwords because of a number of things not visible to you.
When the app contacts the server, they exchange secrets known only to the app and server. Part of this is the secret code sent to you via email, but there are other factors. Without these secrets, the server will refuse to talk to the client.
This means if you generate a secret code for your device, the secret code will come to your email address and is good only for that device.
You need to keep your email account secure, though. Someone else can generate a code using their device and send it to your email address. If they have read your email account, they can read the secret code there and gain access to your account.
We think you are going to do a better job keeping your email secure than you would an application like ours. This article from Avast (the antivirus company) might help: 10 tips to protect against an email hack might help you secure your email.