← Back to home

Privacy Policy

Last updated: June 24, 2026

This policy explains what information Beacon Accreditation Consulting ("Beacon," "we," "us") collects through our client portal ("Beacon Harbor") and how we handle it.

No patient or client health information — ever

Beacon Harbor is designed to track organizational accreditation-preparation work: your policies, plans, documentation status, and CARF standards conformance. It is not a health record system. Do not enter any protected health information (PHI), patient records, or individually identifiable client-health details into the portal. If your team needs to reference such information, keep it in your own compliant systems and share only de-identified, organizational details with us.

What we collect

• Account information: the name and email address used to create and access your account.
• Content you provide: organizational documents, policies, plans, notes, task updates, and standards-tracking entries that you upload or enter.
• Usage information: basic technical and activity data needed to operate the portal.

Information you submit through this website

When you use the contact or quote form on our website, we collect the name, agency name, email address, and any message you provide. We use it only to respond to your inquiry and discuss whether and how we can help — we do not sell it or use it for unrelated marketing.

How your data is stored

Beacon Harbor stores your account and your organization's content on a hosted cloud backend (Supabase, which provides managed PostgreSQL databases and file storage on established cloud infrastructure) — not in your local browser. Data is encrypted in transit (HTTPS/TLS) between your device and our servers and encrypted at rest on the hosting infrastructure. Uploaded files are kept in a private, access-controlled storage bucket and are reachable only through short-lived signed links issued to authorized users.

How your data is kept separate and access-controlled

Beacon Harbor is a multi-user system with per-user authentication and row-level security: database rules enforce that each organization can see and modify only its own records, so one client can never access another client's data. Administrative access is limited to Beacon staff who need it to deliver your engagement, and sessions automatically sign out after a period of inactivity. Beacon Harbor remains an organizational accreditation-preparation tool — please continue to keep PHI and individually identifiable health information out of the portal.

Third-party processors

We use trusted vendors to operate our business, which may include website and portal hosting (Vercel), our application backend and storage (Supabase), and, where applicable, payment processing (Stripe). Payment-card details, if any, are handled by the payment processor and not stored by us.

We do not sell your data

We do not sell, rent, or trade your information. We share it only with the processors above as needed to provide services, or as required by law.

Data retention and your rights

You may request a copy (export) of your data, or ask us to delete it, at any time. We retain data for the duration of your engagement and a reasonable period afterward, then delete or anonymize it.

Contact

Privacy questions: beaconaccreditation@gmail.com.

See also: Privacy Policy · Terms of Service · Disclosures & No-Guarantee Notice