Security & Compliance

Enterprise-Grade Security Architecture

CLEARA is built with security-first principles. Every layer — from authentication to database access — is designed to protect your settlement data.

Authentication

Powered by Clerk — enterprise-grade authentication with MFA support, session management, and secure token handling.

  • Multi-factor authentication
  • Secure session tokens
  • OAuth provider support
  • Automatic session expiry

Role-Based Access Control

Four-tier permission model ensures users only access data and actions appropriate to their role.

  • Super Admin: full platform access
  • Merchant: organization-scoped access
  • Supplier: settlement-specific access
  • Viewer: read-only access

Supabase Row-Level Security

PostgreSQL RLS policies enforce data isolation at the database level — organizations cannot access each other's data.

  • Organization-scoped data isolation
  • Policy-enforced access at DB level
  • Service role for server-side operations
  • Anon key for client-side with RLS

Audit Logs

Immutable audit trail records every action, status change, login event, and data modification with timestamps and actor information.

  • All settlement status changes logged
  • Document access tracked
  • User login/logout events
  • Admin action records

Secure Document Storage

All documents stored in private Supabase Storage buckets with signed URL access — no public document exposure.

  • Private storage buckets
  • Signed URL access (time-limited)
  • Document type validation
  • File size limits enforced

API Security

All API routes protected with Clerk authentication middleware. Service role keys never exposed to client-side code.

  • Clerk middleware on all routes
  • Server-side secret key handling
  • No hardcoded credentials
  • Environment variable management

Protected Routes

Dashboard, supplier portal, and admin routes are fully protected. Unauthenticated users are redirected to sign-in.

  • Middleware-enforced route protection
  • Subscription gating for dashboard
  • Admin role verification
  • Supplier access scoping

Non-Custodial Architecture

CLEARA never stores, pools, or custodies funds. All financial data is workflow metadata only — no balance storage.

  • No fund custody
  • No balance storage
  • No internal wallets
  • Workflow coordination only

Security Infrastructure

Clerk

Authentication

Supabase

Database + RLS

Vercel

Deployment

Stripe

Billing Security

Regulatory Positioning

CLEARA is operational workflow infrastructure — not a bank, payment processor, money services business, or custodial financial institution. CLEARA does not hold, transfer, or custody funds. Users are responsible for compliance with applicable financial regulations in their jurisdiction when executing actual fund transfers through their chosen payment rails.

Questions About Security?

Contact our team for a detailed security review or enterprise compliance discussion.

Contact Security TeamGet Started