Security & Privacy
Beacon takes security seriously. Here's how we protect your data.
Account Security
Two-Factor Authentication (2FA)
Enable 2FA for extra security:
- Go to **Settings** > **Security**
- Click **"Enable 2FA"**
- Scan QR code with authenticator app
- Enter verification code
- Save backup codes
Backup Codes
Store your backup codes securely. Each code can only be used once.
Session Management
- View active sessions
- Sign out remotely
- Set session timeout
Password Security
Password Requirements
- Minimum 12 characters
- Mix of letters, numbers, symbols
- No common patterns
- Not previously breached
Changing Password
- Go to **Settings** > **Security**
- Click **"Change Password"**
- Enter current password
- Enter new password twice
- Click **"Update"**
Data Privacy
What We Collect
- Account information
- Brand and competitor data
- Usage analytics
- Support communications
What We Don't Collect
- AI conversation content (only public mentions)
- Personal browsing data
- Third-party tracking
Data Retention
- Active accounts: Data retained while active
- Deleted accounts: Data deleted within 30 days
- Backups: Removed within 90 days
Compliance
SOC 2 Type II
Beacon is SOC 2 Type II certified.
GDPR
We comply with GDPR requirements:
- Data access requests
- Data deletion requests
- Data portability
CCPA
California residents have additional rights under CCPA.
Security Practices
Infrastructure
- AWS hosting with SOC compliance
- Encrypted data at rest (AES-256)
- Encrypted data in transit (TLS 1.3)
- Regular security audits
Application Security
- Regular penetration testing
- Bug bounty program
- Security-focused code reviews
- Dependency scanning
Reporting Issues
Report security issues to security@hellobeacon.ai.
We respond within 24 hours and reward valid reports.