Legal
ClearLine is built for executive leaders handling sensitive governance matters. We take the protection of your data seriously, and this policy explains exactly what we collect, how we use it, and what control you have.
Summary
Section 1
When you register, we collect your email address, chosen display name, and organizational role. We do not require a phone number or physical address. Your password is hashed by Supabase Auth and never stored in plaintext.
Each simulation session records the scenario you ran, the decisions you made at each inject, timestamps, and the resulting scores across eight governance dimensions. This data constitutes your preparedness profile and is required for the platform to function.
We log page views, feature interactions, and session duration to improve the platform experience. This data is aggregated and is not sold or shared with third parties. We do not use third-party analytics trackers.
If you contact us via the contact form or email, we store your name, email, message content, and the subject category to manage the inquiry and track resolution.
Section 2
Your account data and session history are used to generate your preparedness profile, calculate dimension scores, and present accurate debrief reports. This is the primary and necessary use of your data.
Aggregated and anonymized usage patterns help us understand which scenarios are most valuable, where users encounter difficulty, and how the scoring model can be refined. Individual decision data is never used in identifiable form for this purpose.
We may send transactional emails related to your account (password resets, critical security notices). We do not send marketing emails without your explicit opt-in, and you may unsubscribe at any time via the link in any email.
We may process and retain data to comply with applicable law, respond to lawful government requests, enforce our terms, or protect the rights and safety of users.
Section 3
All data is stored in Supabase-managed PostgreSQL databases hosted on AWS infrastructure. Data at rest is encrypted using AES-256. All data in transit is encrypted with TLS 1.3. Our database instances are not publicly addressable.
Every database table uses Supabase Row Level Security (RLS) policies. This means that authenticated queries are scoped to the requesting user by default — your data cannot be accessed by other users, even if they share the same database instance.
Account and simulation data is retained for the life of your account plus 12 months after deletion. Contact inquiry data is retained for 24 months. Aggregate and anonymized analytics data may be retained indefinitely.
Access to production systems is restricted to named personnel using multi-factor authentication. We do not grant third-party vendors direct database access. All access is logged and reviewed quarterly.
Section 5
You may request a copy of all personal data we hold about you at any time. We will provide it in a machine-readable format (JSON) within 30 days of a verified request.
You may update your account information (display name, role) directly in Settings. For corrections to other data, contact privacy@clearline.app.
You may delete your account from Settings. This removes your profile, simulation history, and all personally identifiable data. Aggregate anonymized data derived from your sessions may be retained. Deletion requests are processed within 14 days.
You may request that we restrict processing of your data while a dispute is resolved, or object to processing based on legitimate interests. Contact privacy@clearline.app to exercise these rights. We respond to all requests within 30 days.
For all privacy-related requests, complaints, or questions about this policy, contact our privacy team directly. We are committed to responding within 30 days of any verified request.
Privacy requests and data rights
privacy@clearline.appSecurity vulnerabilities
security@clearline.app