Skip to content

Now building: SERA, SubCheck & Polk Sponsor Exchange See the product roadmap →

Summit Labs

Security & data controls

Designed for the hesitation, not against it.

Most owners pause before connecting financial or customer data to a new vendor. Summit Signal is built so that pause is honored — defaults are restrictive, every level above the default is opt-in, and you control what we see and how long we hold it.

Controlled by design

We ask for the least data that produces a useful insight.

Most owners hesitate to connect sensitive systems to a new vendor. Summit Signal is designed for that hesitation, not against it.

Upload-only by default
You provide the data we analyze. No system credentials. No deep integrations required to begin.
Read-only integrations are optional
If you choose to connect QuickBooks or a CRM, the access is read-only and scoped to the data the diagnostic needs.
No write-back without explicit authorization
We do not modify your invoices, your customer records, or your CRM. Ever, by default.
Audit logs on every action
Every file uploaded, every analyst review, every report generation is logged with actor and timestamp.
Findings are human-reviewed
AI assists analysis. A Summit Labs analyst reviews and approves every finding before it reaches your report.
Your data is not used to train AI models
Anthropic's commercial terms confirm customer data is excluded from training. We pass that commitment to you.
Delete-on-request, with a documented timeline
Request deletion at any time. Data is purged after a 7-day grace window. Audit logs are retained for 90 days for compliance.

AI governance

The AI is implementation detail, not a marketing claim.

AI assists, doesn't decide
Numbers come from typed TypeScript calculations against your normalized data — never from the model. The AI generates narrative, recommendations, and explanations.
Every finding cites its data
Each finding includes the metric and the record set behind it. If a number appears in the body, the validator confirms it traces back to your data.
Human review before publication
An analyst reviews every finding. Confidence is set explicitly. Findings without sufficient evidence are demoted to 'area for review' rather than presented as confirmed.
No model training on your data
Anthropic's commercial terms exclude customer data from training. We pass that contractual commitment to you.
Hedged language, never overpromise
Findings use 'likely,' 'appears to,' and 'review recommended' — not 'definitely' or 'confirmed.' Estimates carry ranges, never single-point savings claims.

Your data, your rights

Built to GDPR / CCPA standards, even though most clients are US-based.

Right to access
View every file, every normalized record, every finding, and every report we hold for your organization at /data-controls inside the client portal.
Right to portability
Export everything as a zip — JSON for normalized data, original file copies, PDF report — at any time.
Right to deletion
Request deletion at any time. Data is purged after a 7-day grace window. Audit logs are retained for 90 days for compliance, then deleted.
Right to correction
Re-upload corrected files at any point. Mappings revalidate; analysis re-runs on request.

A complete list of data subprocessors (Vercel, Supabase, Clerk, Anthropic, Resend, Stripe, Cal.com, Sentry, PostHog) is published in our Privacy Policy. A signed Data Processing Agreement is available on request — see the DPA link in the footer.

Summit Guide AI

Ask our AI assistant anything about Summit Labs, Summit Signal, Funder IQ, Client Check, pricing, features, or how we can help your business.