ClearWork

Security & Privacy

Your business data is sensitive. Here's exactly how we protect it — in plain language, no legalese.

Last updated: May 2026

AES-256

Encryption at rest

TLS 1.2+

Encryption in transit

India

Data jurisdiction

IT Act 2000

E-sign compliance

Data Encryption

  • All data is encrypted at rest using AES-256.
  • All data in transit is encrypted via TLS 1.2+ (HTTPS enforced everywhere).
  • Passwords are never stored — we use secure token-based authentication (JWT).
  • Sensitive fields (GSTIN, bank details) are encrypted at the application layer.

Infrastructure & Hosting

  • Hosted on Supabase (PostgreSQL) with data stored on AWS ap-south-1 (Mumbai) servers.
  • Data does not leave Indian jurisdiction.
  • Daily automated database backups with 30-day retention.
  • Database is never exposed to the public internet — access only via authenticated API.

What We Collect

  • Account info: name, email address, phone number (optional).
  • Business data you create: leads, proposals, contracts, invoices, client records.
  • Usage analytics: page views, feature usage (anonymised, no personal data in analytics).
  • We do NOT collect payment card data — all payments are handled by our PCI-DSS certified payment gateways.

Who Has Access

  • Your data is private to your account. Other users cannot see your clients, invoices, or documents.
  • ClearWork staff access data only when required to resolve support issues, with your explicit consent.
  • We do not sell, rent, or share your data with any third party for marketing purposes.
  • Third-party integrations (payment gateways, Google Calendar) receive only the minimum data required.

Legal Compliance

  • E-signatures are valid under the Information Technology Act, 2000 (India).
  • GST invoice generation follows CBIC e-invoice specifications (IRN format).
  • Designed for compliance with the Digital Personal Data Protection (DPDP) Act, 2023.
  • GDPR-ready for any EU-based clients using your portal.

Your Rights

  • Export all your data at any time from Account Settings.
  • Request permanent account deletion — we will remove all your data within 30 days.
  • Opt out of non-essential communications at any time.
  • Request a copy of any personal data we hold about you.

Questions or concerns?

If you have any security concerns, want to report a vulnerability, or want to exercise your data rights, email us directly. We respond within 48 hours.

security@getclearwork.in

Also see our Privacy Policy and Terms of Service. ← Back to home