🛡️
Security isn't a feature.
It's our foundation.
ChatBeacon was born in banking. We built for credit unions, healthcare, and government agencies before we built for anyone else. Security and compliance aren't afterthoughts — they're why we exist.
SOC 2 Type II · HIPAA · GDPR · On-Premise Available · 256-bit TLS · US Data Centers
🔒
SOC 2 Type II
Independently audited annually for security, availability, and confidentiality controls.
✓ Certified
🏥
HIPAA Compliant
Business Associate Agreements available. PHI protection built in for healthcare customers.
✓ BAA Available
🇪🇺
GDPR Ready
Full EU data privacy compliance with Standard Contractual Clauses for international transfers.
✓ Compliant
🇺🇸
CCPA / CPRA
California Consumer Privacy Act compliance. We do not sell personal information. Ever.
✓ Compliant
Platform Features
Bank-grade protection for every
conversation.
🔐
256-bit TLS Encryption
Trained on your bank's FAQs, rates, policies, and product guides. Sounds like your brand, not a robot.
👤
SSO / SAML 2.0
Single sign-on with Microsoft Entra ID (Azure AD), Okta, OneLogin, and Active Directory. No more passwords to manage.
🔑
Multi-Factor Authentication
2FA enforced for all agent and admin accounts via Entra ID, Okta, or any SAML 2.0 provider. Blocks unauthorized access.
🛡️
PII Data Masking
Automatically detects and masks credit card numbers, SSNs, Medicare IDs, phone numbers, emails, and custom regex patterns in real time.
📝
Complete Audit Trail
Every admin action, configuration change, and user login is logged with timestamps, IP addresses, and user identity. Fully exportable.
🚫
Visitor Banning & IP Blocks
Ban disruptive visitors by IP, block entire ranges, and configure rate limiting to prevent abuse and DDoS-style attacks on your widget.
👮
Role-Based Access Control
Granular permissions for agents, supervisors, and admins. Control who can see transcripts, change settings, or access billing.
🔍
Content Filtering
System-level, domain-level, and user-level content filters block sensitive data, profanity, and custom patterns before they enter or leave chat.
📊
Real-Time Monitoring
Live server dashboards with graphs, active session counts, CPU/memory usage, and failed login alerts. Monitor from any Windows desktop.
Data Architecture
Your data stays exactly where
you put it.
ChatBeacon's architecture is designed for organizations that take data sovereignty seriously. Whether you choose our cloud or deploy on-premise, you control where your data lives.
🇺🇸
US-Based Azure Data Centers
All cloud data stored in Microsoft Azure regions within the United States. No offshore processing.
🗄️
Your Own SQL Database
On-premise deployments use your own MS SQL Server. Complete data ownership and control.
🔄
Data Export & Portability
Export all chat transcripts, visitor data, and configurations at any time. Your data is never locked in.
🗑️
Configurable Retention
Set custom retention periods per data type. Auto-delete transcripts, visitor records, or training content on your schedule.
🌐
Visitor Browser
256-bit TLS encrypted connection
🛡️
ChatBeacon Edge
WAF · DDoS protection · Rate limiting
⚙️
Application Layer
PII masking · Content filtering · Auth
🤖
AI Processing (OpenAI)
Enterprise API · No model training · Encrypted
🗄️
Data Storage
Azure US / On-premise MS SQL · AES-256 at rest
AI & Your Data
How ChatBeacon's AI handles your
data responsibly.
🔒
OpenAI Enterprise Agreement
ChatBeacon uses OpenAI's API under an enterprise data processing agreement. OpenAI does not use your data to train their models. API calls are encrypted in transit and not stored by OpenAI beyond the request lifecycle.
✓ Zero model training on your data
🧠
Your Content Trains Your Bot Only
When you upload documents, connect your website domain, or paste FAQs to train your chatbot, that content is used exclusively for your chatbot. It is never shared with other customers, used for other models, or accessible outside your account.
✓ Complete content isolation
👁️
You Control What AI Sees
Configure exactly which content your AI chatbot can access. Set boundaries by page, document, or topic. Exclude sensitive sections from AI training. You decide the scope — the AI respects it.
✓ Granular AI access controls
📋
AI Response Review
Every AI-generated response can be logged, reviewed, and audited. For regulated industries, enable human-in-the-loop approval flows where agents review AI suggestions before they reach visitors.
✓ Full auditability
Deployment Options
Cloud, dedicated, or on your servers.
☁️
Managed Cloud
Multi-tenant cloud hosted on Azure US. Fastest setup, automatic updates, zero maintenance.
Setup in 5 minutes
Automatic updates
99.9% uptime SLA
SOC 2 & HIPAA ready
🏢
Dedicated Cloud
Single-tenant Azure instance. Your own isolated environment with dedicated resources and IP.
Isolated environment
Dedicated IP & resources
Custom retention policies
BAA for HIPAA
Most Popular
🏛️
On-Premise
Full installation behind your firewall on your own Windows servers with your own MS SQL database.
Complete data sovereignty
Your SQL Server database
Full AI capabilities
Air-gapped option
Security FAQ
Common questions from
security teams.
Where is my data stored?
Cloud deployments use Microsoft Azure data centers in the United States. On-premise deployments store all data on your own servers using MS SQL. You choose — we never move your data without your explicit authorization.
Does OpenAI train on my data?
No. We use OpenAI's enterprise API under a data processing agreement that explicitly prohibits model training on customer data. Your conversations and training content are processed for real-time responses only and are not retained by OpenAI.
Can I get a BAA for HIPAA compliance?
Yes. We offer Business Associate Agreements for healthcare customers on Dedicated Cloud and On-Premise plans. Our platform supports PHI protection, audit logging, and access controls required for HIPAA compliance.
Do you support SSO and 2FA?
Yes. We support SAML 2.0 single sign-on with Microsoft Entra ID (Azure AD), Okta, OneLogin, and other providers. Multi-factor authentication is enforced through your identity provider — we recommend requiring it for all agents and admins.
What happens to my data if I cancel?
You have a 30-day window after cancellation to export all data. After 30 days, all Customer Data — including chat transcripts, training content, and visitor records — is permanently and irreversibly deleted from our systems.
Can I run ChatBeacon behind my firewall?
Absolutely. Our On-Premise deployment installs on your Windows servers with your own MS SQL database. You get full AI capabilities, all platform features, and complete data sovereignty — nothing leaves your network unless you configure it to.
How do you handle PII in chat conversations?
ChatBeacon automatically detects and masks credit card numbers, SSNs, Medicare/Medicaid IDs, phone numbers, email addresses, and custom regex patterns in real time. Only the last digits necessary for identification are displayed. Masking operates at the system, domain, and user level.
Talk to Security
Need to vet us for your security team?
We're happy to walk through our security architecture, provide SOC 2 reports, execute BAAs, or schedule a technical deep-dive with your InfoSec team. We've been through the process with banks, credit unions, and healthcare providers — we know the drill.
SOC 2 reports available under NDA · BAAs executed within 48 hours · On-premise POC available
AI-powered live chat and chatbot platform. Built in the USA. Trusted since 2005. Cloud or on-premise deployment.
Made in the USA
© 2026 SmartMax Software, Inc. All rights reserved. SmartMax does not own any of the third-party trademarks, all represented brands own their respective copyrights and trademarks, and their use does not imply any endorsement or affiliation.
