You are giving Before Noon access to private parts of your thinking.

Before Noon learns about your life through the conversations you have with it, on calls and in the portal. We hold:

• The audio recordings and transcripts of your voice conversations.
• The text of your portal conversations.
• The structured model the agent builds from those conversations: your priorities, your patterns, what you have committed to, what keeps coming up.
• Account information: email, payment information through our processor, and basic usage metadata like timestamps and session length.

You can choose to connect external accounts to give the agent more context. Today, that includes calendar. Calendar data is pulled in real time when the agent needs it. It is not stored on our servers. When we add new integration types in the future, we will update this page to describe how they work.

The agent learns what you tell it and what you have explicitly given it access to. Nothing else.

Your data is used for two purposes. To respond to you in conversation, and to build the private model of your life that makes the product work over time. That is it.

To deliver those purposes, we use third-party providers as part of our infrastructure. These include providers for language model capability, cloud hosting and storage, voice infrastructure, and voice synthesis, as well as our wearable-capture partner Omi, which provides the device, app, and live-transcription pipeline used by customers who pair an Omi device with Before Noon. Audio, transcripts, and related metadata captured through Omi may be processed and stored by Omi as part of providing that capability. The complete list of our current sub-processors is maintained at our sub-processors page and is updated when our vendor relationships change.

Each provider operates under privacy policies that prohibit using customer data to train their underlying models. We have selected providers with strong privacy practices. As Before Noon grows, we will pursue additional contractual protections and disclose them here when we have them in place.

What we do not do with your data:

• We do not sell it. We will never sell it.
• We do not share it with advertisers. We do not run advertising on this product, and we do not have plans to.
• We do not use your private conversations to train language models, ours or anyone else's.
• We do not let employees read individual conversations except for documented, narrow purposes: investigating a reported abuse or safety issue, debugging a problem you have raised, or where required by law.

Our infrastructure is hosted on Amazon Web Services in the AWS US West (Oregon) Region. All user data is stored in the United States. Data is encrypted in transit and at rest.

AWS maintains independently audited infrastructure controls and compliance programs across major global security and privacy frameworks, including SOC 2, ISO 27001, and GDPR-aligned standards. The full list of AWS's compliance attestations is published by AWS.

Our responsibility extends to everything we build on top of AWS: our application, your data, access controls, configurations, monitoring, and operational practices. This is known as the Shared Responsibility Model. AWS handles security of the cloud infrastructure itself. We handle security of how we operate within it.

Backup data is retained for 10 days, then purged.

SOC 2 certification is a future commitment as Before Noon scales. We will note here when we begin that work.

Access to user data is limited to authorized members of the Before Noon team, and only for the specific reasons listed in the section above. Any such access is documented. We do not browse user data, and we do not access it for any other purpose.

You can delete your account at any time by contacting us at security@beforenoon.ai. Deletion removes your data from our active systems immediately. Residual data in encrypted backups is purged within 10 days.

Today, data export and direct model inspection are handled through our team rather than self-serve. If you would like a copy of your data or want to know what the agent has stored about you, contact us at security@beforenoon.ai and we will work with you directly. Self-serve tools for both are on our roadmap.

You can disconnect any external integrations at any time. Disconnecting stops new data from flowing in. For calendar, which is not stored on our servers, no further action is required.

Before Noon — including ambient capture through our partner Omi and any call recording done in connection with the service — can result in the recording and transcription of conversations between you and other people.

Recording laws are not uniform. The federal standard and most U.S. states follow a one-party consent rule, meaning at least one person on the conversation must consent to the recording (which can be you). A smaller group of states — including California, Florida, Illinois, Maryland, Massachusetts, Montana, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington — generally require all-party consent (sometimes called two-party consent), meaning every person on the conversation must be informed and must consent before the recording is made. The exact scope of each state's law varies, can change, and may reach conversations with people located in other states.

As between you and Before Noon, you are solely responsible for knowing the laws of the jurisdictions where you and the other parties to your conversations are located, and for giving any notice and obtaining any consent those laws require before you have a conversation recorded or transcribed through Before Noon, an Omi device, or any other capture tool we provide. We do not provide legal advice on which rules apply to you. If you are not sure whether your jurisdiction is one-party or all-party, talk to a lawyer before recording other people.

These are the specific commitments and capabilities we are actively building toward. We are sharing them now so you know what to expect, and when we have them in place we will update this page.

• Custom data handling agreements with our AI providers. We currently operate under their standard privacy terms, which prohibit training on customer data. We will pursue additional contractual protections as we scale.
• SOC 2 certification. A formal third-party audit of our security practices. We will pursue certification as Before Noon's user base and operational maturity grow.
• Per-user encryption keys. Our current architecture uses centralized encryption, which is standard for products at our stage. We are exploring per-user encryption as part of our long-term architecture roadmap.
• Self-serve data export and model inspection. Currently handled by our team directly upon request. Self-serve tools are on our product roadmap.

A note on legal requests: If we receive a valid legal subpoena or court order, we will comply with the law. We will notify you when we are legally permitted to do so, and we will challenge requests we believe are overbroad.