Your customs data, protected.
How ClearanceGuard stores, processes, and secures your T1 documents.
Last updated: April 2026
This page is the single source of truth for our security posture. We update it in lockstep with our security playbook. Contact info@clearanceguard.nl for a DPA, sub-processor list PDF, or any due-diligence question.
Where your data lives
Primary database, authentication, and file storage run on Supabase in EU (Ireland). Application hosting and edge caching run on Vercel (EU edge; US build infrastructure). The application is delivered over HTTPS with HSTS preload enforcement.
Data in transit is encrypted with TLS 1.2+. Data at rest is encrypted by Supabase (AES-256). Passwords are stored as bcrypt hashes. We never have access to plaintext credentials.
Sub-processors
The following third parties may process Customer Data on our behalf. We have a signed Data Processing Agreement with each. Material changes to this list are communicated to Customers with at least 14 days' notice.
| Provider | Purpose | Region | Transfer safeguard |
|---|---|---|---|
| Supabase | Database, auth, file storage | EU (Ireland) | EU-only |
| Vercel | Application hosting, edge cache | EU edge / US builds | EU-US DPF + SCCs |
| Stripe | Payment processing | EU (Ireland) | EU-only |
| Resend | Transactional email delivery | US | EU-US DPF + SCCs |
| PostHog | Product analytics (consent-gated) | EU (Frankfurt) | EU-only |
| Sentry | Error tracking (PII scrubbed) | US | EU-US DPF + SCCs |
| Upstash | Rate limiting, cache | EU (Ireland) | EU-only |
| TransIP | DNS registrar + email MX | EU (Netherlands) | EU-only |
Static marketing assets (topology maps, images) are fetched at runtime from cdn.jsdelivr.net. No personal data is transmitted to the CDN.
Security controls
Per-tenant row isolation (RLS)
Every user-facing database table enforces row-level security at the engine layer. Service-role access is scoped to authenticated server routes only.
Per-tenant storage isolation
PDF storage is partitioned by tenant. Signed download URLs are short-lived and cannot reach another tenant's files.
SHA-256 signed, append-only audit log
Every import, status change, alert dispatch, and admin action is hashed and persisted. 7-year retention meets Art. 1:32 Algemene douanewet.
HSTS preload + TLS-only delivery
Both clearanceguard.nl and app.clearanceguard.nl are on Chrome's HSTS preload list. No downgrade to HTTP is possible at the browser level.
Content Security Policy + hardened headers
CSP, X-Frame-Options DENY, nosniff, Referrer-Policy, Permissions-Policy. Camera, microphone, and geolocation are off.
Rate limiting + CSRF protection
Upstash Redis sliding-window rate limiting on public endpoints. Origin and Referer checks on every authenticated mutation.
Sentry PII scrubbing
Every error event is passed through a PII scrubber before Sentry sees it. Session replay is disabled. User tokens, emails, and MRNs never reach external logs.
Encrypted backups + point-in-time recovery
Daily encrypted snapshots with up to 7 days of point-in-time recovery on Supabase Pro. Restore drills run quarterly.
Consent-gated analytics
PostHog and other non-essential cookies stay off until the visitor accepts. Refusal is sticky and respected across both subdomains.
Automated security review
Annual security review covering authentication, RLS policies, dependency exposure, and incident playbooks. Summary available on request.
Data residency & transfers
All Customer Data (T1 documents, audit logs, carrier records) lives in the EU. Personal data never leaves the EU for storage purposes.
Processing that happens in the US (Resend for email, Sentry for error tracking, some Vercel edge operations) relies on the EU-US Data Privacy Framework (Adequacy Decision, July 2023) with Standard Contractual Clauses as an additional safeguard.
Incident response
A confirmed security incident follows a documented runbook: detect → contain → remediate → notify. In the event of a personal-data breach affecting Customer Data, ClearanceGuard will notify the affected Customer without undue delay and, where required by GDPR Art. 33, report to the Autoriteit Persoonsgegevens within 72 hours of awareness.
To report a suspected vulnerability, email info@clearanceguard.nl with subject line “Security”. We acknowledge within 48 hours.
Your rights
You can request a copy of the personal data we hold about you (GDPR Art. 15), ask us to correct or delete it (Art. 16, 17), or object to certain processing (Art. 21). Send requests to info@clearanceguard.nl. We respond within 30 days.
Full details are in our Privacy Policy. Customers with processing agreements receive direct routes to the same rights via our Support channel.
DPA & documentation on request
A signed Data Processing Agreement is included in every customer contract. We can also provide:
- Sub-processor list as a signed PDF
- Records of Processing Activities (ROPA) summary
- Security review summary on request
- Controls mapping for procurement & vendor risk teams
Email info@clearanceguard.nl with subject line “DPA request” and we'll share the package within two working days.
Questions not covered here? Email info@clearanceguard.nl. See also the Privacy Policy and Terms of Service.