Send a message to the 11Foundry team. We'll reply to your account email.
Beacon receives CC'd emails via a secure webhook. Attached documents are uploaded to your organization's connected Google Drive and sent to Atlas for structured data extraction. Beacon then runs AI-powered validation to identify inconsistencies, missing compliance data, and potential risks across your trade documents.
Beacon compares new documents against your organization's previous captures (within a 90-day window) to detect changes in HS classifications, supplier details, and certifications for the same purchase orders or products. This cross-email comparison is performed entirely within your tenant's data — no data is shared across organizations. Historical findings are presented separately from validation findings and do not feed into the AI training feedback loop.
Beacon's findings are generated in part using artificial intelligence and automated rule-based checks. Findings are informational and should not be treated as legal advice or a guarantee of regulatory compliance. All findings — including inconsistency alerts, missing value warnings, and historical change notifications — should be independently verified by qualified trade compliance personnel before being relied upon for customs declarations, regulatory filings, or business decisions. 11Foundry is not a law firm, customs broker, or licensed compliance advisor. Beacon supports — but does not replace — your organization's due diligence obligations under the Lacey Act, EUDR, TSCA, CARB, or other regulatory frameworks.
Beacon stores email metadata, extraction results, and validation findings in a PostgreSQL database. Original document files are stored in your organization's Google Drive — not on Beacon's servers. Beacon retains only file references and extracted data. Email attachment content is temporarily cached for processing resilience, then cleared after successful upload to Drive. The database is backed up nightly with 7-day retention. Backups contain tenant metadata and extraction results but not original document files.
Beacon uses Anthropic's Claude API for document validation analysis. Your documents are processed under Anthropic's commercial API terms — they are not used to train AI models. Extracted component data and email body text (not raw document files) are sent to the validation LLM for inconsistency detection. Tenant-specific false positive feedback is included in prompts to improve accuracy but is scoped to your organization.
All data in transit is encrypted via TLS (HTTPS). Passwords are hashed using bcrypt. Tenant secrets (Atlas API keys, Google Drive credentials) are encrypted at rest using Fernet symmetric encryption. Session cookies are HTTP-only, secure, and SameSite=Strict.
Each account is protected by password authentication and JWT-based session tokens with 24-hour server-side expiry and 60-minute client-side inactivity timeout. Login attempts are rate-limited (8 per 5 minutes per IP). Tenant data is fully isolated — users can only access their own organization's captures, tickets, and settings. Administrative functions are restricted to tenant admins and platform superadmins.
Inbound emails are received via Postmark's secure webhook with token-based authentication. Email content is sanitized (HTML-escaped) before storage to prevent XSS. Attachment sizes are capped (25 MB per file, 50 MB per email). Inbound email rate limiting prevents abuse (10 per minute per tenant). Sender whitelists can be configured per tenant.