Security & Data Safety

We built GBI to be trusted with the most sensitive part of your business — your customers. Here is exactly how we protect your data, who handles it, and what we will never do with it.

Last updated: June 2026 · Questions? hello@goldenbeaconintelligence.com

Our Commitment

Your clients trust you. We take that seriously.

GBI processes real conversations between your business and your customers. That data belongs to you — not to us, not to our partners, not to anyone else.

We are a small, independent company based in Fort Worth, Texas. We do not have VC pressure to monetize your data. Our only revenue is your subscription. That alignment matters.

GBI does not yet hold its own SOC 2 certification. We are honest about that. What we do have is a platform built entirely on infrastructure that does hold SOC 2 Type II certifications — and a commitment to complete our own audit as we scale. Every layer of our stack has been independently audited.

Infrastructure

Built on a fully certified stack

Every vendor that touches your data has completed an independent SOC 2 Type II audit — the highest standard for SaaS security. We didn't build on cheap infrastructure to save money.

V

Vercel

SOC 2 Type II

Application hosting & delivery

Our application is hosted and served entirely on Vercel's global edge network. Vercel holds a SOC 2 Type II report, audited annually.

S

Supabase

SOC 2 Type II

Database & file storage

All business data — customers, calls, conversations, leads — is stored in Supabase (Postgres on AWS). Encrypted at rest using AES-256.

C

Clerk

SOC 2 Type II

Authentication & identity

All sign-in, session management, and password handling is done by Clerk. We never store passwords. Supports multi-factor authentication.

V

Voice & SMS Infrastructure

SOC 2 Type II

Phone calls & text messages

All phone calls and text messages are handled by a leading enterprise telecom infrastructure provider used by the world's largest companies. Calls and SMS are encrypted in transit and handled under strict data retention policies.

A

Anthropic

SOC 2 Type II

AI language model

The AI that powers GBI's chat, voice scripts, and automations runs on Anthropic's Claude models. Anthropic does not use your data to train future models.

Encryption

In transit — TLS 1.3

All data moving between your browser, our servers, and our vendors is encrypted using TLS 1.3. This is enforced by Vercel at the edge.

At rest — AES-256

All data stored in Supabase is encrypted at rest using AES-256, the same standard used by banks and federal agencies.

Passwords — never stored by us

Clerk handles all authentication. We never see, receive, or store your password in any form.

Access & isolation

Hard tenant isolation

Every database query is scoped to your business ID at the code level. It is technically impossible for one client's data to appear in another client's account.

Role-based access

You control who on your team can access your account. Roles include Owner, Manager, and Staff — each with defined permissions.

Multi-factor authentication

Supported for all accounts via Clerk. We strongly recommend enabling MFA, especially for owner-level access.

What we will never do

Clear commitments, not marketing. These are hard rules in how we operate — not buried in a terms of service.

We do not sell your data to anyone, ever — not advertisers, not data brokers, not partners.

We do not store passwords. Authentication is handled entirely by Clerk using industry-standard hashing.

We do not use your customer conversations or business data to train AI models.

We do not share your leads, call recordings, or customer information with other GBI clients.

We do not store payment card information. All billing is handled by Stripe, which is PCI DSS Level 1 certified.

We do not retain your data after account deletion beyond what is legally required.

Transparency

What data we collect and why

We only collect what is necessary to run your AI platform. Here is a plain-English breakdown.

Business profile

Name, industry, website, phone number — used to configure your AI.

Customer contacts

Names and phone numbers of people who contact your business through GBI.

Call recordings & transcripts

Voice calls handled by your AI — stored so you can review them in your dashboard.

Chat conversations

Messages between your AI chatbot and website visitors.

SMS threads

Two-way text conversations initiated through missed-call text-back.

Usage data

Which features you use, error logs, performance metrics — used to improve the platform.

Your Rights

You own your data

GBI is a tool that processes data on your behalf. That data belongs to you and your customers, not to us.

Data export

You can export all your leads, call logs, customer records, and conversation history from your dashboard at any time.

Account deletion

When you close your account, we delete your data from our systems within 30 days, except where we are legally required to retain records.

Customer data requests

If one of your customers asks what data you hold on them, you can pull and delete their record from the Customers section of your dashboard.

Corrections

You can update or correct any data stored in GBI at any time — business profile, customer records, AI knowledge — all editable.

Our own SOC 2 audit — in progress

GBI does not yet hold its own SOC 2 certification. We are honest about that. Every vendor in our stack does — but a SOC 2 report for GBI as a company requires a formal audit by a licensed CPA firm, and we are working toward that.

In the meantime, our entire platform is built on SOC 2 Type II-certified infrastructure, and our internal controls — data isolation, encryption, access management, and logging — meet the standards the audit would require.

If your organization has a specific security questionnaire or requires a vendor security review, reach out directly and we will walk through our controls with you.

Security questions?

If you have a security concern, need to complete a vendor questionnaire, or want to report a potential vulnerability — reach out directly. You will get a response from a real person, not a support bot.

hello@goldenbeaconintelligence.com

To report a security vulnerability responsibly, please email the above address with “Security Report” in the subject line.

Security & Data Safety — Golden Beacon Intelligence