Security & Privacy Policy

1. Security Practices

Beacon is built with security as a foundational principle. We implement the following measures to protect your data:

• Encryption in transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2 or higher.
• Encryption at rest: All data stored in our databases and file storage systems is encrypted at rest using AES-256.
• Authentication: User authentication is managed through Clerk, an enterprise-grade authentication provider. We support single sign-on (SSO) and enforce secure session management.
• Access control: Role-based access control (RBAC) ensures users only access brands and data they are authorized to view. Roles include Owner, Admin, Editor, and Viewer.
• Infrastructure: Our application is hosted on Vercel with automatic security patches. Database infrastructure is managed by Neon (PostgreSQL) with automated backups and point-in-time recovery.
• No third-party analytics: We do not use any third-party analytics, tracking pixels, or advertising services (no Google Analytics, Segment, Mixpanel, etc.).

2. Information We Collect

Beacon collects the minimum information necessary to provide our AI brand monitoring service. We collect three categories of data:

2.1 User Account Data

Collected via Clerk authentication when you create an account:

• Email address and name
• Avatar URL (if provided)
• Last sign-in timestamp
• Role-based access permissions per brand

2.2 Brand Data (Customer-Provided)

Information you provide about your brand for analysis:

• Brand name, industry, domains, products, fees, and contact information
• Positioning statements, brand voice, and competitive stance
• Uploaded documents (stored securely in AWS S3)
• Competitor information

2.3 AI Execution Data (Platform-Generated)

Generated by our platform during brand analysis:

• Questions generated for AI evaluation
• Ground truth data collected from brand websites
• AI model responses and evaluation results
• Scores across Visibility, Accuracy, Narrative, and Readiness dimensions
• Issues identified with severity ratings

3. How We Use Your Information

We use the information we collect solely to:

• Provide, maintain, and improve our AI brand monitoring service
• Generate brand analysis reports and scores
• Authenticate users and enforce access controls
• Send service-related communications (e.g., analysis completion notifications)
• Respond to support requests

We do not sell your data, use it for advertising, or share it with third parties for their marketing purposes.

4. Data Storage & Retention

• Primary database: All application data is stored in Neon (PostgreSQL), hosted in the United States.
• File storage: Uploaded documents are stored in AWS S3, encrypted at rest.
• Retention: We retain your data for as long as your account is active. Upon receiving a deletion request, we will delete your personal data within 30 days, consistent with the California Consumer Privacy Act (CCPA). If a customer ends their relationship with Beacon but does not submit a deletion request, we will automatically delete their data within 12 months. Retention beyond these periods occurs only where required by law.
• Backups: Database backups are maintained for disaster recovery and are subject to the same encryption and access controls as production data.

5. Cookies & Client-Side Storage

Beacon uses minimal client-side storage, strictly for functionality:

• localStorage: Theme preference only
• sessionStorage: Navigation state
• Cookies: Sidebar state and authentication session (managed by Clerk)

We do not use any third-party tracking cookies, analytics pixels, or advertising cookies.

6. Your Rights

You have the right to:

• Access: Request a copy of all personal data we hold about you.
• Correction: Request correction of inaccurate personal data.
• Deletion: Request deletion of your personal data and account.
• Portability: Request an export of your data in a machine-readable format.
• Objection: Object to processing of your personal data.

California Residents (CCPA): Under the California Consumer Privacy Act, California residents have additional rights including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. Beacon does not sell personal information. We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact us at privacy@usebeacon.ai. We will respond to verified requests within 30 days.

7. Children's Privacy

Beacon is a business-to-business service and is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

8. International Data Transfers

Our services and data infrastructure are hosted in the United States. If you access Beacon from outside the United States, your data will be transferred to and processed in the United States. By using our service, you consent to this transfer.

9. Breach Notification

In the event of a data breach that affects your personal information, we will notify affected users within 72 hours of becoming aware of the breach via email and in-app notification. We will provide details about the nature of the breach, the data affected, and the steps we are taking to mitigate the impact.

10. Subprocessors

Beacon uses the following third-party services to operate our platform. Each subprocessor is contractually bound to handle data in accordance with our security and privacy standards.

11. Changes to This Policy

We may update this Security & Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of Beacon after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

For questions about this policy or to exercise your data rights, contact us at: privacy@usebeacon.ai

Beacon AI Technologies, LLC
San Francisco, CA