Beacon now scopes research data per account so one user cannot read another user's briefs, memory, or logs from the app.
Sign-in and sign-up are handled through Clerk routes and themed Beacon auth pages.
Landing, docs, support, trial, and legal pages are public; private data routes stay protected.
Brief records, run logs, and memory are scoped by Clerk user ID for authenticated users. Trial runs are scoped separately by a browser session cookie and IP allowance. This prevents a new signed-in user from seeing prior users' research data through the web app.
Account-scoped surfaces:
/api/briefs
/api/briefs/[id]
/api/logs
/api/memory
/api/memory/[slug]
/api/memory/check
Trial-scoped surfaces:
/api/trial
/api/trial/[id]Slack or other chat-bot style flows still need a dedicated identity mapping pass if you want the same strict per-user privacy outside the signed-in web app.