How Claripass handles your data
Claripass processes sensitive security documentation — SOC 2 reports, internal policies, and completed questionnaires. We take the responsibility of handling this data seriously. This page explains what we do and do not do with it.
Uploaded documents
Encryption
Documents uploaded to Claripass are encrypted in transit using TLS 1.2 or higher. At rest, documents are stored in encrypted cloud storage provided by our infrastructure provider (Supabase / AWS). Encryption keys are managed by the infrastructure provider's key management service.
Data isolation
Your documents are logically isolated from other customers. Documents uploaded by your team are only used to generate answers for your team. They are never mixed with, shared with, or made accessible to other users or organizations.
Not used for model training
Your documents and generated answers are never used to train or fine-tune AI models. Your data is used solely to provide the questionnaire response service to your team.
Retention and deletion
Your documents and generated answers are retained for as long as your account is active and you choose to keep them. You can request deletion of individual documents or your entire dataset at any time.
- To request deletion, email founder@claripass.com with your account email and what you want deleted.
- We will confirm deletion within 48 hours of receiving your request.
- Deleted data is removed from active storage. Backups are purged within 30 days.
Infrastructure and hosting
Claripass is hosted on cloud infrastructure through Vercel (frontend) and Supabase (backend and storage). Supabase runs on AWS infrastructure. Data is stored in data centers that maintain industry-standard physical and logical security controls.
We do not currently hold SOC 2 or ISO 27001 certification for Claripass itself. As we grow, we intend to pursue formal security certifications. In the meantime, we rely on the certifications and security practices of our infrastructure providers.
Access and control
Access to production systems and customer data is restricted to the Claripass founding team. We follow the principle of least privilege. Customer data is only accessed when necessary to provide the service or respond to a support request.
What Claripass does NOT do
- We do not sell, share, or license your data to third parties.
- We do not use your data for advertising or marketing purposes.
- We do not use your documents to train AI models.
- We do not store payment information directly — payment processing is handled by third-party providers when applicable.
- We do not make your documents publicly accessible under any circumstances.
Questions about our security practices?
If you have questions about how Claripass handles your data, or if you need to complete a vendor security review before using Claripass, contact us at founder@claripass.com. We are happy to answer questionnaires about our own practices.
Ready to get started?
Request early access and we will follow up within 48 hours.
Request Early Access