Who we are
Beacon ("we", "us") provides multi-tenant practice-intelligence software for independent dental practices. This policy describes how we handle information about practice owners, team members, advisors, and visitors to our website.
Privacy Policy
Beacon is built around the principle that you can’t lose patient data you never stored. This page describes what information we do collect, how we handle it, and the rights you have over it.
Last updated: June 2026.
Beacon ("we", "us") provides multi-tenant practice-intelligence software for independent dental practices. This policy describes how we handle information about practice owners, team members, advisors, and visitors to our website.
We collect only what's needed to run the product. Specifically:
By architectural design, Beacon does not store individual patient records. The sanitizer drops PHI columns before parsing, so no patient names, dates of birth, social-security numbers, MRNs, or other patient identifiers are persisted to our database — not even encrypted. We also do not share aggregate practice data with other practices on our platform; tenant isolation is enforced at the database level via Row-Level Security.
We use the information we collect to:
We share information only with the service providers needed to run Beacon, and only the minimum each needs to do its job:
When you connect Google (Search Console, Analytics, or Business Profile), Beacon's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy (https://developers.google.com/terms/api-services-user-data-policy), including the Limited Use requirements. Specifically:
Practice data is stored in databases hosted in the United States. We do not transfer or process EU practice data outside the EU at this time; if we begin offering Beacon to EU practices we will update this section and offer the appropriate transfer mechanisms.
We keep practice operating data for as long as your account is active. If you delete your account or close your practice on Beacon, we remove the practice's aggregate metrics, tasks, goals, and integration tokens from our active databases within 30 days. Anonymized logs (no email, no practice identifier) used for debugging and abuse prevention may be retained longer.
You can:
We take security seriously. Practice data is encrypted in transit (TLS 1.2+) and at rest (Supabase + Vercel managed encryption). OAuth tokens for integrations are encrypted application-side with AES-256-GCM before storage. Access to production systems is restricted, audited, and requires multi-factor authentication. See our /security page for full details on the technical and organizational measures we use.
We use only the cookies needed to keep you signed in (session cookie set by Supabase) and remember your theme preference. We do not run third-party analytics, advertising, or tracking cookies.
Beacon is a B2B product designed for dental-practice teams. We do not knowingly collect information from anyone under 16. If you believe we have, contact us and we will delete it.
If we make material changes, we'll notify account owners by email and post the updated policy here with a revised "Last updated" date. Continued use after a material change constitutes acceptance.
Privacy questions, requests, or concerns: email contact@beaconkpi.com.