Security & Privacy

Your data is yours

ClearLine is designed for leaders who make sensitive decisions. We treat your simulation data with the same governance discipline we expect from you.

Security controls status

Data encrypted at rest
Active
Data encrypted in transit
Active
Row-level security enabled
Active
No third-party data sharing
Active
GDPR compliance
Enterprise
SOC 2 Type II
Roadmap
ISO 27001
Roadmap
SAML SSO
Enterprise

Data storage and encryption

  • All data encrypted at rest using AES-256
  • All data encrypted in transit via TLS 1.3
  • Simulation data stored in isolated per-user structures
  • No simulation content or decisions shared between accounts
  • Supabase-managed PostgreSQL with point-in-time recovery

Authentication and access control

  • Email and password authentication via Supabase Auth
  • Row-level security (RLS) enforced at the database layer
  • Session tokens with configurable expiry
  • No persistent session cookies — JWT-based authentication
  • Admin access restricted by role — not configurable by users

Row-level security model

  • Every table has RLS enabled by default
  • Users can only read and write their own records
  • Admins can read aggregate platform data but not individual session content
  • Facilitators can view sessions they are assigned to — nothing else
  • Policy violations are blocked at the database layer, not the application layer

Privacy and data use

  • Simulation decisions and preparedness scores are never shared with third parties
  • No behavioral data is used for advertising or profiling
  • AI debrief generation is performed locally — no decisions are sent to external APIs
  • Users can request deletion of all their data at any time
  • GDPR and data residency compliance available for Enterprise tier

Infrastructure and operations

  • Hosted on Supabase cloud infrastructure (AWS)
  • Automated backups with 7-day retention
  • Health monitoring and uptime alerting
  • No third-party analytics or tracking scripts
  • Dependency audit on all npm packages

Responsible Disclosure

If you identify a security vulnerability in ClearLine, please report it responsibly to security@clearline.app. We review all reports within 72 hours and will respond with confirmation and a remediation timeline. We do not pursue legal action against good-faith security researchers.

Have enterprise security requirements?

Contact our team