BackClauseInk Logo

ClauseInk Security Overview

Last updated: July 2025

ClauseInk is built for legal professionals who demand security and confidentiality. While we don't claim certifications we haven't earned, we follow modern best practices to protect your data across authentication, storage, and AI interaction.

✅ What We Actually Use

  • Authentication: Clerk.dev — session-based login with secure token handling
  • Data Storage: Supabase — encrypted PostgreSQL backend
  • Hosting: Frontend on Vercel, backend API on Replit
  • Payments: Stripe — fully PCI-DSS compliant billing
  • AI: OpenAI GPT-4 — prompts sent securely, no data retention

🔐 How We Keep Your Data Safe

🔄 Data in Transit and at Rest

  • All traffic is encrypted via TLS 1.3
  • Stored data is encrypted using AES-256 on Supabase
  • AI prompts are sent over encrypted connections, and not retained by OpenAI

👤 Authentication & Access

  • Clerk provides secure session management and token handling
  • User sessions are isolated by design
  • MFA is optional via Clerk — enabled by some users, not enforced globally
  • Role-based access control (Free vs Pro) is implemented at the feature level

📄 Document Security

  • We do not access your documents unless explicitly granted for debugging
  • Clause content is saved only to your private account in Supabase
  • You can delete your data and account at any time

🤖 AI & Privacy

  • Your clauses are sent to OpenAI's API temporarily for processing (Rewrite, Simplify, etc.)
  • We do not use your data to train AI models
  • OpenAI does not store or learn from ClauseInk data
  • All AI prompts are encrypted during transmission
  • We never store AI input/output after the session ends

📤 Backups & Continuity

  • Supabase provides automated daily backups
  • Backend is deployed with redundancy and can be restored quickly
  • Our frontend (Vercel) has global edge delivery with high availability

🚨 Incident Response

  • While we don't have a 24/7 SOC, we monitor service health and security risks
  • In the event of a breach, we commit to notifying affected users within 72 hours
  • You can report concerns to support@clauseink.com

⚖️ Compliance Status

We currently follow the principles of:

  • GDPR: Users may export or delete their data anytime
  • CCPA: We do not sell user data or use it for advertising
  • ABA Rule 1.6 (Confidentiality): We honor legal expectations of privacy, but are not a law firm

We are not yet SOC 2 or ISO 27001 certified, but plan to pursue SOC 2 Type II in the future.

🙋‍♀️ User Security Tips (Shared Responsibility)

  • Use strong, unique passwords
  • Enable MFA in your account settings
  • Log out from shared devices
  • Avoid sharing login credentials
  • Delete sensitive documents when no longer needed

🛠️ Contact Our Security Team

Email: support@clauseink.com

Urgent issue? Use the subject: SECURITY - URGENT

Response time: Critical issues within 24 hours