GPTBeyond
Architecture · Last updated May 17, 2026

Your data flow,
in plain English.

We make a specific claim: your file's contents never leave your browser. This page documents exactly what that means technically — what stays local, what is sent for AI planning, and how you can verify both yourself in 30 seconds.

The data flow·Verify it yourself·For IT teams
The diagram

Here's exactly what happens when you use it.

YOUR LAPTOPBrowser memory · DuckDB-WASM · Vega rendering1. YOUR FILEbudget_q4.xlsxLoaded into browser RAM only2. DuckDB-WASMExecutes SQL locallyMulti-threaded, no network calls5. RESULTTables, charts, exportsRendered in your browser3. YOUR PROMPT"Build a P&L from this"+ column names onlyOPENAIgpt-5.5 · workflow plannerReturns SQLNo row data ever reaches hereprompt + column names(only data that leaves)4. SQL only
Solid green = stays in your browser
- - -
Dashed amber = crosses to OpenAI
Only column names + prompt text cross
The precise breakdown

No marketing language. Here it is.

Stays in your browser
  • Every row of your file
    Cell values, formulas, names, numbers, dates — never transmitted.
  • Computed results
    Aggregations, totals, joins, pivots — calculated in-browser, stay in-browser.
  • Intermediate node outputs
    Each step of your workflow runs locally. Outputs of one node feed the next without ever leaving.
  • The file itself
    Uploaded files live in your browser's memory only. Cleared on page refresh.
Sent to OpenAI
  • Column names (header row)
    So the AI knows what fields exist. If your header row contains sensitive labels (names, IDs), rename before upload.
  • Column data types
    "date", "number", "text", etc. Inferred from sampling — values themselves stay local.
  • Your prompt text
    The natural-language question you ask. Treat it like a ChatGPT prompt — don't paste sensitive content into it.
  • Generated SQL
    The query the AI writes — it references column names but not values.
Important practical note: If your column headers themselves are sensitive — for example, columns named patient_ssn or salary_jane_doe — rename them before uploading. The column header row is the one piece of your file that does leave the browser. Generic names (id, amount, date) are always safe.
Third parties

Who else sees what.

Every service we use, what they see, and why. Standard SaaS infrastructure — no data brokers, no ad networks, no resale.

ServicePurpose
OpenAI (gpt-5.5)Workflow planning
ClerkAccount / authentication
StripeBilling (when subscribed)
PostHogProduct analytics
RenderHosting infrastructure
View "what they see" details (mobile)
OpenAI (gpt-5.5)
Column names, prompt text, generated SQL (per the table above)
Per OpenAI's enterprise API policy — not used for training
Clerk
Email, name, login events, session metadata
Standard auth records — see Clerk's privacy policy
Stripe
Email, billing details, charge history
PCI-compliant; per Stripe's privacy policy
PostHog
Anonymized page views, click events, performance metrics
No file data — UI events only
Render
Standard web-server access logs (IP, route, timestamp)
Rolling log retention; no file content reaches this layer
What we do NOT do

Four things we never do with your data.

Each one is verifiable by inspecting the architecture or our agreements.

Store your file content
Your files never reach our servers. There is no database, no S3 bucket, no log file containing the rows of any spreadsheet you analyze.
Train models on your data
Nothing about your file is sent anywhere it could be used as training data. The column-name and prompt text we send to OpenAI is processed under their enterprise API terms, which exclude training.
Sell or share your data
We have no data to sell. The only personal info we hold is your account email (via Clerk) and billing info (via Stripe). Neither is sold to anyone.
Log prompt content beyond debugging
Server logs capture prompt text only for short-window error diagnosis. Long-term logs strip prompt content.
Verify it yourself

30 seconds. Browser DevTools. Done.

Don't trust the marketing. Trust the network tab.

  1. 1
    Open the canvas at gptbeyond.com/try
    Use any browser that has DevTools (Chrome, Firefox, Edge, Safari).
  2. 2
    Press F12 to open DevTools
    Cmd+Opt+I on Mac. Click the "Network" tab.
  3. 3
    Clear the log, then drop a file
    Click the 🚫 icon in the Network tab to clear. Drop your CSV/Excel onto the upload zone.
  4. 4
    Watch the Network tab as you drop
    Result: nothing new appears in the log. The file load is purely client-side — no upload request.
  5. 5
    Ask a question in the prompt
    When you submit, you'll see a POST request to /api/chat. Click it.
  6. 6
    Inspect the request payload
    In the request body, you'll see your prompt text and the column metadata being sent to our server (which then calls OpenAI). You will NOT see file rows, cell values, or computed totals.
  7. 7
    Check the response
    The response contains the SQL the AI wrote — referencing column names but not values. The actual workflow execution happens after this, locally in DuckDB-WASM.
Pro tip: Use a file with obviously-unique data like the string ZZZZZ-UNIQUE-MARKER-1234 in a few rows. Then search the entire Network log for that string. If it's not there, your row data is genuinely staying local.
For IT teams

Reviewing this for company use?

Short version for IT review and DLP/whitelisting decisions. Pass this URL to your security team.

Does this product upload company files to a third-party server?
No. File contents (rows, cells, computed values) never leave the user's browser. Only column metadata and the user's prompt are sent to OpenAI.
What data crosses the network boundary?
Column names, data types, the user's prompt text, and the SQL the AI generates. No row data. No file content.
How is data processed?
Client-side via DuckDB-WASM (an in-browser SQL engine, ~10MB Wasm binary). All workflow execution runs in the user's browser tab.
Are there compliance certifications?
Not yet — we're a small team. We can demonstrate the architecture above on request, which is the strongest possible posture for HIPAA / SOC 2 / GDPR data-flow questions.
Can we restrict this to certain users?
Today: paid via individual credit card, no SSO or org-level controls. Enterprise team plan with SSO + admin controls in our roadmap.
A note on formal policies

This page is our technical architecture and data-flow documentation. A formal Privacy Policy and Terms of Service will be published alongside our paid subscription launch.

For privacy questions in the meantime, email privacy@gptbeyond.com. For data-access or deletion requests under GDPR or CCPA, the same address.