Our Security Approach
clarife is built with security at every layer. From encryption to access controls, your data is protected at rest and in transit.Security Architecture
| Layer | Protection |
|---|---|
| Data in transit | TLS 1.2+ encryption on all connections |
| Data at rest | AES-256 encryption on databases and file storage |
| Database | Row Level Security (RLS) on every table |
| Authentication | Bcrypt password hashing, TOTP 2FA, OAuth providers |
| API | Rate limiting, input validation (Zod), timing-safe comparisons |
| Webhooks | HMAC-SHA256 signature verification |
| File storage | Private buckets with presigned URLs (no public access) |
Key Security Features
Encryption everywhere
All data is encrypted in transit (TLS) and at rest (AES-256). Database connections use SSL. File storage uses server-side encryption.
Row Level Security
Every database table has RLS policies ensuring users can only access their own data. Team members access workspace data according to their role.
Authentication security
Passwords are hashed with bcrypt. Two-factor authentication (TOTP) adds an extra layer. OAuth with Google, Apple, and GitHub is supported.
Infrastructure
| Component | Provider | Region |
|---|---|---|
| Application hosting | Vercel | Global edge |
| Database | Supabase (PostgreSQL) | EU |
| File storage | Backblaze B2 | EU |
| Video rendering | AWS Lambda | EU (eu-west-1) |
| Email delivery | Amazon SES | EU |
All primary data storage is located in the European Union, ensuring compliance with EU data residency requirements.
Audit History
clarife has completed multiple comprehensive security reviews:- Internal audit — 327 findings identified and resolved (321 fixed, 4 accepted risk, 2 architectural)
- Independent third-party audit — 136 findings (all critical and high findings remediated)
Is my data encrypted?
Is my data encrypted?
Yes. All data is encrypted in transit (TLS 1.2+) and at rest (AES-256) across all storage systems.
Where is my data stored?
Where is my data stored?
Primary data storage (database, files) is located in the EU. Application edge servers are distributed globally via Vercel.
How do I report a security vulnerability?
How do I report a security vulnerability?
Email security@clarife.app with details. We take all reports seriously and aim to respond within 24 hours.
Does clarife have SOC 2 certification?
Does clarife have SOC 2 certification?
Not currently. Our infrastructure providers (Supabase, Vercel, AWS) hold SOC 2 certifications. clarife follows industry best practices and undergoes regular audits.