Privacy
Last updated: April 2026
The honest version.
The 30-second version
- • Your stuff stays yours. The data and AI configuration we build for you lives in a folder you own. If you leave us, you walk with the folder.
- • We tell you exactly which companies see your data. There's a plain-English list below — no legalese.
- • Nobody trains their AI on your business. Your conversations don't become someone else's training data.
- • We follow California privacy law (CCPA / CPRA).
- • We won't sell your information. Ever.
- • You can request export or deletion of your data at any time.
- • Three things we explicitly don't do yet — see the "What we won't do" section below.
Overview
Bearing builds AI operating systems for small businesses. We operate the getbearing.co website and deliver managed AI services to local business owners — restaurants, dental offices, wedding services, entertainment venues, trades, and similar.
This privacy policy explains what we collect from visitors to this website, what we promise the businesses we work with about their data, and the things we explicitly won't do until our architecture can safely support them.
What We Collect From Website Visitors
When you visit getbearing.co, we collect the minimum needed to run the site and respond to people who reach out:
- Contact info you give us — if you sign up for the free 7 Steps of AI training, send a message through the chat widget, or reach out by email or text, we collect your name, email, phone (if you share it), and what you wrote to us.
- Basic web analytics — pages visited, time on page, referring source. Standard stuff. We use this to understand which parts of the site are working and which need rewriting.
- Conversation context — if you talk to the chat widget on the site, we keep a record of that conversation so we can pick up where we left off if you come back.
We do not use third-party advertising trackers, do not sell visitor data, and do not share visitor data with anyone outside the small list of vendors below.
What We Promise the Businesses We Work With (4 Parts)
When a business hires Bearing for managed services or any other engagement, here's what we commit to about their data:
1. Your stuff stays yours.
All your customer data, your notes, your instructions for the AI — they live in a folder that you own. If you ever stop working with us, you take the folder with you. No export needed. No migration fee. No hostage situation. Like switching banks without losing your account history.
2. We tell you everyone who touches your data.
The list below names every company whose tools we use to make your AI work — what they see, how long they keep it, and whether they can use it for anything else. You can read the whole list in 90 seconds. No legal jargon.
3. Nobody trains their AI on your business.
The AI we use comes from Anthropic. Their terms say they don't use customer conversations to improve their models. Same goes for every other tool in the stack. Your conversations with your customers stay between you and your customers — they don't become someone else's training data.
4. Sensitive info gets stopped at the door.
Before any customer message reaches the AI, our system scans for phone numbers, emails, addresses, medical record numbers, bank account numbers, and other private stuff. You decide what counts as sensitive for your business, and we enforce it automatically.
What We Won't Do Yet (3 Exclusions)
These are use cases our current architecture cannot safely serve. We say so publicly because the worst thing an AI vendor can do is promise what it can't deliver and get caught later.
1. HIPAA-governed medical data.
Patient records, treatment notes, diagnosis information. Marketing and scheduling for a dental office? Fine. Patient medical records? Not yet — we're building a separate "Bearing Local" tier for that.
2. Attorney-client privileged communications.
We can help a law firm with marketing, intake triage, and general inquiries. We cannot route privileged client communications through our current architecture. Bearing Local will unlock this.
3. Strict-privacy financial verticals.
Anything under GLBA (banking, insurance), GDPR special-category data, or similar frameworks. Not yet — Bearing Local.
For everything we do cover: we follow California privacy law, including CCPA and CPRA. Customer data handled through Bearing stays inside those guardrails.
Third Parties We Use
Here's the full list. If we add a new vendor, this page gets updated before the change ships.
Anthropic (Claude)
The AI model
Supabase
Database + auth
Vercel
Website hosting
GitHub (private)
Source-of-truth storage for client data
Resend
Email delivery
Braintrust
AI quality monitoring
ElevenLabs
Text-to-speech (when applicable)
The promise behind the list: every row above is replaceable without losing your business data. Your data lives in a folder you own. If any vendor on this list goes away or changes their terms, we swap them out and your data is intact.
Data Storage and Security
Your data is stored using industry-standard encryption at rest and in transit. Customer data, voice configurations, and AI workflows are kept in secure systems with access limited to people directly involved in delivering your engagement.
All data sent to AI providers is sanitized first. Input fields are length-limited, content is filtered for sensitive information, and AI responses are validated before they reach your customers. These measures protect against prompt injection attacks and keep AI outputs predictable.
Aggregated Insights
We may use anonymized, aggregated patterns from across our work to improve our methods and develop industry insights — for example, "most restaurants get more catering inquiries on Mondays" or "dental offices that respond to reviews within 4 hours see X% more bookings." This data is stripped of all identifying information and cannot be traced back to any individual business or their customers.
Your Rights Under California Law
Bearing operates from California and follows the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). You have the right to:
- Know what personal information we have collected about you
- Request deletion of your personal information
- Request correction of inaccurate information
- Opt out of any sale or sharing of your personal information (we don't do either, but you can confirm)
- Limit the use of sensitive personal information
- Receive copies of any data we hold about you
- Not be discriminated against for exercising any of the above rights
To exercise any of these rights, email us at nick@getbearing.co and we'll respond within 45 days, as required by California law.
Data Retention
For active customers: we retain your data for the duration of our work together and for 90 days after the engagement ends. After that, all customer data, configurations, and conversation history are permanently deleted unless you ask us to keep it.
For website visitors: we retain analytics data for 24 months. Conversation history from the chat widget is retained for 12 months unless you ask us to delete it sooner. Email signups are retained until you unsubscribe.
You can request immediate deletion at any time.
Changes to This Policy
We may update this policy as our architecture evolves. When we do, we'll update the "last updated" date at the top of this page and — for material changes — notify customers by email. Trivial wording changes (typo fixes, phrasing improvements) don't trigger a notification.
The honest commitment behind this policy: when we add a new vendor, when we change what data we collect, or when we expand into a vertical that requires different protections — we update this page first, before the change ships. No surprises.
Contact
For privacy questions, data requests, or anything else you want to ask in plain English, email us at nick@getbearing.co.
See also our Terms of Service.