How we protect your data
- Encryption in transit: all traffic is protected with modern TLS.
- Encryption at rest: your data is encrypted on disk, and sensitive dilemma content receives an additional layer of encryption.
- Our team cannot read your dilemmas: dilemma content is excluded from internal and support tooling by design.
- Data minimization: email is the only identifier we require. No name, phone, address, age or gender.
- Short retention: dilemma content auto-deletes by default, and you control the retention period.
- Least-privilege access & audit logging: internal access is restricted, protected by multi-factor authentication, and sensitive actions are logged.
- Encrypted, tested backups on a short rotation.
Sub-processors
We work with a small number of carefully chosen providers, each under a data-processing agreement and, where relevant, Standard Contractual Clauses for international transfers:
- Identity / authentication - secure account sign-in.
- AI processing provider - generates your simulations; contractually prohibited from training on your content.
- Cloud hosting & storage - runs the service and stores encrypted data.
- Payment processor - handles payments; we never store your card details.
- Transactional email - account and security emails.
Reporting a vulnerability
If you believe you have found a security issue, please email marta@clarifea.com. We appreciate responsible disclosure and will respond promptly.