Security & Trust

How Beacon handles customer data.

Last updated May 14, 2026

Beacon is the Voice of AI platform. Buyers form opinions of brands inside AI assistants like ChatGPT, Gemini, Claude, Perplexity, and Google AI Mode before they ever visit a brand's website. Beacon measures how AI describes your brand, attributes the sources driving each claim, and produces playbooks your marketing and web teams ship. The platform operates entirely on the public AI assistant surface and on inputs you provide. It does not connect to your customer database, your CRM, your analytics, or your production systems.

How Beacon works

Step 1

Inputs

Brand identity
Strategic direction
Buyer personas
Priority competitors

Step 2

Capture

Browser automation + public API run persona-driven prompts against the public AI surface.

ChatGPT

Gemini

Claude

Perplexity

AI Mode

Grok

Step 3

Analysis

Claim extraction
Source attribution
Scoring

Step 4

Outputs

Voice of AI dashboard
Research probe library
Action playbooks

Beacon is always the questioner. We do not observe your customers' conversations with AI assistants.

Capture

Browser automation drives the public web UIs of ChatGPT, Gemini, Claude, Perplexity, Grok, and Google AI Mode using prompts authored by Beacon. Public API calls supplement browser automation where stable API access is available.

Prompts are run against buyer and customer personas Beacon models from a corpus of chat transcripts, so the assistants are queried the way real buyers query them rather than the way a marketer would phrase a survey.

Analysis

Captured responses flow into language-model analysis stages: claim extraction, source attribution, and scoring against the Beacon methodology covering visibility, perception, comparison, and endorsement. These are stateless inference calls. Customer data is not used to train any model at any stage.

Outputs

Voice of AI dashboard. A read-only view of how your brand is being described across each captured assistant.
Research probe library. On-demand investigations into specific findings; results are added to a brand-specific library reviewable by your team.
Action playbooks. Prescriptive recommendations your content and web teams implement on your owned properties. Beacon authors copy and structural guidance; your teams ship it.

Data provided

Input	Detail
Brand identity	Name, primary and supplementary domains, voice and positioning
Strategic direction	Products to win on, buyer personas, priority competitors
Optional context	Known content gaps, target opportunities, prior research

Data accessed

Source	Detail
Public AI assistants	Public responses to category and brand prompts Beacon poses
Public web content	Brand and competitor URLs fetched as a search engine would
Dashboard accounts	Names, emails, role assignments. Auth via Clerk; passwords not stored

Data not accessed

No consumer PII. Names, emails, phone numbers, addresses, account identifiers, or any other personal data of your customers.
No payment data. Card numbers, banking details, transaction records. Beacon is not in PCI scope.
No consumer IP addresses, cookies, session identifiers, or device fingerprints.
No connection to your systems. No read or write access to your CRM, marketing automation, analytics, ad accounts, CMS, ticketing, or production databases.
No write access, anywhere. Action playbooks are recommendations your teams implement; Beacon never pushes, posts, or modifies anything in your environment.
No PHI. Beacon is not configured to receive Protected Health Information.

Models in use

Beacon uses third-party language models for analysis. We use the latest stable model from each provider. No model provider Beacon uses trains models on Beacon's API traffic, and Beacon does not fine-tune or train models on customer data at any stage.

Current model families

Provider	Families
Anthropic	Claude Opus 4, Claude Sonnet 4, Claude Haiku 4
OpenAI	GPT-5.4, GPT-5.4 Pro, GPT-5.3
Google	Gemini 3, Gemini 2.5
xAI	Grok
Perplexity	Sonar

Sub-processors

Beacon uses the sub-processors below to deliver the service. Each is bound by a written data-processing agreement. We notify designated customer contacts 30 days in advance of any new sub-processor.

Full sub-processor list

Sub-processor	Purpose	Region
Amazon Web Services (RDS, S3)	Primary database and object storage	US (us-east-1)
Vercel	Application hosting	US
Anthropic	Claude API for analysis	US
OpenAI	GPT API for analysis	US
Google (Vertex AI)	Gemini API for analysis	US
xAI	Grok API for analysis	US
Perplexity	Sonar API for analysis	US
Inngest	Background workflow orchestration	US
Clerk	Authentication for the dashboard	US

Optional integrations

The integrations below are included in the Beacon license at no additional fee. They are independent of the baseline product, and the baseline product does not depend on any of them.

Authorization

Each optional integration is disabled by default. Enabling any integration requires written authorization signed by an authorized customer representative. Customers can specify in the master agreement which integrations are permitted; integrations outside that list are blocked at the contract and ingest level. A business-side request cannot unilaterally introduce an unreviewed data path.

Each enabled integration can be technically disabled at any time. Beacon's ingest layer rejects data from any integration not currently authorized.

Anonymized CDN log integration

Correlate AI assistant referral traffic with your owned properties via a narrow slice of CDN logs.

Fields received

Timestamp · URL path and host · User-Agent

Fields not received

IP addresses · cookies · session IDs · auth headers · request or response bodies · geo · device fingerprints

On Cloudflare Logpush, Akamai DataStream 2, and Fastly Real-Time Logs, field selection is opt-in at the edge: fields not explicitly included in the stream are never transmitted to Beacon. As a defense-in-depth control, Beacon's ingest layer discards consumer IP addresses, cookies, session identifiers, and authorization headers before persistence, regardless of whether the source CDN transmits them.

Supported delivery: Cloudflare Logpush, Akamai DataStream 2 (mTLS), Fastly Real-Time Logs, or SFTP with PGP-encrypted batches for customers who prefer customer-side pre-anonymization.

Beacon JavaScript tag for agent traffic

A site-installed tag that classifies the User-Agent against known AI bot patterns and pushes only matching events to Beacon. One-way push from your site; no read path back. Removable at any time; scope restrictable at the contract level.

Fields pushed

Timestamp · URL path · User-Agent · referrer

Fields not pushed

IP addresses · cookies · session IDs · page content · form data

Analytics export for AI referral traffic

A periodic export from your analytics tool (GA4, Adobe Analytics, Amplitude) showing aggregated referral traffic from AI assistants to your owned properties. One-way push from your tool to Beacon; we do not query your analytics tool directly.

Fields received

Aggregated session counts · referrer domain · landing URL · time window

Fields not received

Individual user identifiers · IP addresses · cookie IDs · per-person conversion data

SEO data export

Existing SEO data (keyword search volumes, ranking positions, click-through rates), typically exported from Search Console, Ahrefs, or SEMrush. Aggregate, non-PII. Lets Beacon correlate AI assistant visibility with organic search performance.

Industry benchmarking

An opt-in exchange: you contribute your scoring artifacts (aggregated and anonymized at the category level), and in return you see how your brand compares against the rest of your category inside the dashboard. Participation requires written authorization and can be withdrawn at any time. Withdrawal stops future contributions; previously aggregated, anonymized data remains in historical benchmark series.

Security

Controls

Encryption

At rest. AES-256 via AWS-managed keys.
In transit. TLS 1.2 or higher for all customer-facing endpoints; TLS 1.3 where the client supports it.

Access control

Dashboard. Authentication via Clerk. Enterprise SSO (SAML / OIDC) available on request. Role-based access via Brand-User membership: Owner, Admin, Editor, Viewer.
Beacon staff. Scoped access to production via SSO, time-bounded credentials, and least-privilege IAM. Production database access is restricted, audit-logged, and limited to the engineers who require it.
API access. Scoped, brand-isolated API tokens, revocable from the dashboard.

Audit logging

Dashboard authentication events, brand-level read access, administrative actions, and production database access are logged with timestamp, actor, and target.

Secret management

Application secrets are stored in Vercel and AWS secret managers, never in source control. CI/CD pipelines pull secrets at deploy time. Database credentials and API keys are rotated on staff offboarding.

Network

The production database is private to a VPC and is not internet-reachable. The dashboard and worker tier reach the database over private network only. Egress to sub-processors is over public TLS endpoints; no inbound traffic from sub-processors is required.

Privacy and compliance

Beacon does not process consumer personal data. For the limited dashboard-user account information Beacon holds (your team's Beacon users), Beacon offers a standard Data Processing Agreement and acts as a service provider under documented customer instructions, covering GDPR, CCPA, and CPRA obligations as applicable. Beacon does not sell or share personal information.

Beacon does not receive or process PHI under the baseline product and is not currently covered by a Business Associate Agreement.

As Beacon scales into the enterprise tier, we are aligning our control environment with industry frameworks (SOC 2, ISO 27001). We are happy to walk InfoSec teams through our current control mapping under NDA.

Data Processing Agreement

Beacon's standard DPA is available on request and may be executed alongside the master service agreement. It covers sub-processor disclosure and notification, international transfers under Standard Contractual Clauses, technical and organizational security measures, customer audit rights, and breach notification within 72 hours of confirmed incident.

Termination and data export

On termination, Beacon provides a complete export of your account data: captured AI responses, scoring artifacts, action playbooks, and configuration. Customer data is deleted from production systems within 30 days of contract termination or explicit deletion request. If a customer relationship ends without an explicit deletion request, data is automatically deleted within 12 months. Backups are purged on the standard backup rotation. A deletion certificate is available on request.

FAQ

Does Beacon need a network integration into our environment to operate?

No. The baseline product requires no integration on your side. You provide your brand name, primary domain, and strategic direction at onboarding; we do the rest.

Does Beacon access our analytics, ad accounts, CRM, or CMS?

No. The optional analytics export is a one-way push from your tool to Beacon, not a connection from Beacon to your tool.

Does Beacon receive our customers' personal data?

No. The baseline product captures public AI assistant responses, not consumer data. Each optional integration is configured so that consumer-identifying fields are excluded at source and are also discarded at Beacon's ingest layer as a defense-in-depth control.

Are our prompts or our customers' AI conversations sent to Beacon?

No. Beacon does not capture your customers' conversations with AI assistants. Beacon poses its own buyer-style questions to the public AI assistant layer and captures those responses.

Where is our data stored?

The United States. Database and object storage are hosted on AWS in us-east-1. Application hosting is on US infrastructure.

Are AI models trained on our data?

No. Beacon does not fine-tune or train models on customer data. The model providers Beacon uses operate under API terms that exclude API customer traffic from model training.

Can a business-side user enable an optional integration without security review?

No. Each optional integration is disabled by default and requires written authorization from an authorized customer representative to enable. Customers can also specify in the master agreement which optional integrations are permitted; everything else is blocked at the contract and ingest level.

Does our usage feed industry benchmarks automatically?

No. Benchmark contribution is opt-in and requires written authorization.

What happens to our data if we terminate?

You receive a complete export of your account data. Beacon deletes your data from production within 30 days; backups are purged on the standard backup rotation. A deletion certificate is available on request.

Can we host Beacon in our own environment?

Beacon is delivered as a managed SaaS product. We do not currently offer a self-hosted deployment.

Policy details

Standard policy items maintained for completeness. Most procurement teams do not need to read this section.

Cookies and client-side storage

Beacon uses minimal client-side storage, strictly for functionality:

localStorage. Theme preference only.
sessionStorage. Navigation state.
Cookies. Sidebar state and authentication session (managed by Clerk).

Beacon does not use third-party tracking cookies, analytics pixels, or advertising cookies.

Your rights

For dashboard-user account information held by Beacon, you have the right to:

Access. Request a copy of personal data we hold about you.
Correction. Request correction of inaccurate personal data.
Deletion. Request deletion of your personal data and account.
Portability. Request an export of your data in a machine-readable format.
Objection. Object to processing of your personal data.

California residents (CCPA). Under the California Consumer Privacy Act, California residents have additional rights, including the right to know what personal information is collected, the right to request deletion, and the right to opt out of the sale of personal information. Beacon does not sell personal information. Beacon will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, contact privacy@usebeacon.ai. Beacon responds to verified requests within 30 days.

Children's privacy

Beacon is a business-to-business service and does not collect consumer personal information from any individual, regardless of age. Beacon is not directed at or intended for use by individuals under 18.

International data transfers

Beacon's services and data infrastructure are hosted in the United States. If you access Beacon from outside the United States, your data will be transferred to and processed in the United States. By using the service, you consent to this transfer.

Breach notification

In the event of a data breach that affects your personal information, Beacon will notify affected users within 72 hours of becoming aware of the breach via email and in-app notification. Notice will include the nature of the breach, the data affected, and the steps Beacon is taking to mitigate the impact.

Changes to this page

Beacon may update this page from time to time. Material changes are posted on this page with an updated "Last updated" date. Continued use of Beacon after changes are posted constitutes acceptance of the updated page.

Contact

For security, privacy, legal, and procurement inquiries: privacy@usebeacon.ai.

Beacon AI Technologies, LLC. San Francisco, CA.