Skip to main content

Trust Center

Your data, handled with care. How we protect your information, who we work with behind the scenes, and the commitments we make to keep your data safe.

Last updated: June 18, 2026

When you work with Balboa Insights, you're trusting us with your business. We take that seriously. This page lays out — in plain language — how we protect your information, who we work with behind the scenes, and the commitments we make to keep your data safe. Have a question we don't answer here? Email us at security@balboainsights.com and we'll get back to you.

How We Handle Your Data

We keep this simple: we collect only what we need, we protect it, and when it comes to your engagement data, we don't hold onto it.

  • During an engagement, we work inside your environment. When we analyze your data, we do it where your data already lives — your systems, your databases, your tools. We pull, analyze, and work with your data to deliver results, then we leave it where we found it.
  • We don't retain your engagement data. Once an engagement ends, we don't keep copies of your operational data, databases, or analytics. Your data stays yours.
  • The one exception — and we agree it with you up front. We may keep limited, high-level information about the impact of our work — for example, "improved reporting efficiency by X%" — to use in case studies, whitepapers, and future proposals. We discuss and agree on this with you at the start of every engagement, before any work begins. Nothing is assumed.

Security Practices

  • Encryption. Your data is encrypted in transit (TLS 1.2 or higher / HTTPS) across our systems, and encrypted at rest within our core data platforms.
  • Access controls. Access to any client data is granted only to team members with a genuine need, and that access is defined with you at the start of each engagement — it's one of the first steps in any project. We use multi-factor authentication (MFA) on our systems and integrate it into client engagements wherever the client's environment supports it.
  • Agreements. We sign a Data Processing Agreement (DPA) and Non-Disclosure Agreement (NDA) with every client by default. We're happy to provide ours, or to work from your organization's own agreements.
  • Insurance. Balboa Insights carries liability insurance covering our professional services.
  • Incident response. We maintain a documented incident response plan so that if something does go wrong, we act quickly, contain it, and communicate with affected clients in line with our agreements and applicable law.

Subprocessors

We use a small set of trusted third-party services to operate our business and deliver our work. We share this list in the interest of full transparency, and we update it as our subprocessors change.

Subprocessor What we use it for Type of data
Proton logo Proton Email, documents, spreadsheetsInternal & client communications
Slack logo Slack Internal team messagingInternal data
Baserow logo Baserow Database / internal recordsOperational data
n8n logo n8n Workflow automation (data passes through; not stored)Transient data
HubSpot logo HubSpot Customer relationship management (CRM)Prospect & client contact data
Calendly logo Calendly Meeting schedulingContact data
QuickBooks logo QuickBooks Billing & payment processingBilling & payment data
Google Analytics logo Google Analytics Website traffic & usage analyticsWebsite usage data
Microsoft Clarity logo Microsoft Clarity On-site user behavior (session insights)Website usage data
Anthropic logo Anthropic AI assistance (used only when a client opts in; we are tool-agnostic and can use the client's preferred AI, or none)Client data only when explicitly agreed

A Note on AI

We are a software- and AI-agnostic firm. We can work with whichever AI tools you prefer, or none at all. When an engagement involves AI and your data, we agree on the tools and the data handling with you before we begin. Client data only ever touches an AI provider when you've explicitly opted in.

Privacy

We collect only the personal information we need, we don't sell it, and we honor your privacy rights. For the full detail — what we collect, how we use it, your rights under CCPA/CPRA and other laws, and how to make a request — see our Privacy Policy and Terms of Service.

Cookies. Our site uses cookies and similar technologies for analytics and to understand how visitors use our pages. You can manage your preferences through our cookie consent banner.

Questions or Reporting a Concern

We welcome questions about our security and privacy practices. If you need to report a security concern, email security@balboainsights.com.

Balboa Insights LLC
San Diego, California (operating) · Registered in California
Email: privacy@balboainsights.com
Phone: +1 (619) 752-4885