Back to Home

Data Security

At Clearly, protecting your financial data is our top priority. Here's how we keep your information safe.

Encryption

Data encrypted in transit (TLS) and at rest via our cloud infrastructure providers.

No Bank Credentials

We never ask for or store your bank login credentials. All financial data is manually entered by you.

Secure Infrastructure

Hosted on cloud infrastructure from SOC 2 compliant providers with enterprise-grade security.

You Control Your Data

Export your data to JSON or delete your account and all data at any time.

Last Updated: January 1, 2025

Our Security Commitment

We understand that you're trusting us with sensitive financial information. That's why we've implemented comprehensive security measures to protect your data at every level. We continuously review and improve our security practices to stay ahead of evolving threats.

Data Encryption

All data transmitted between your device and our servers is encrypted using TLS. Data stored in our database is encrypted at rest. Infrastructure encryption is managed by our SOC 2 compliant cloud hosting providers.

Infrastructure

Clearly is hosted on cloud infrastructure from SOC 2 compliant providers (Vercel, Neon) that deliver automatic TLS, DDoS protection, encryption at rest, and automated backups.

Application Security

Security measures we implement in our application code:

Authentication

  • Password hashing with Argon2id (memory-hard algorithm resistant to GPU attacks)
  • Google OAuth integration for secure third-party authentication
  • Passkey/WebAuthn support for passwordless login
  • Distributed rate limiting on login attempts via Redis
  • Secure session tokens with HTTP-only cookies and automatic rotation
  • Remember me functionality with extended 30-day sessions

Data Protection

  • CSRF tokens on all state-changing requests
  • Input validation with Zod schemas
  • User data isolation (all queries scoped to user_id)
  • No storage of bank credentials—all data is manually entered

Data Integrity

Clearly uses a hash-chained ledger system for financial data. Each entry links to the previous via SHA-256 hashes, creating a tamper-evident audit trail. This allows verification that your transaction history has not been modified.

Database backups are handled automatically by our cloud provider with point-in-time recovery.

Reporting Security Issues

If you believe you've discovered a security vulnerability, please report it tosecurity@clearly.money. We take all reports seriously and will investigate promptly.

Your Security Responsibilities

While we work hard to protect your data, you also play an important role:

  • Use a strong, unique password for your Clearly account
  • Enable two-factor authentication in your account settings
  • Keep your devices and browsers up to date
  • Be cautious of phishing attempts
  • Log out when using shared devices
  • Report any suspicious activity immediately

What We Implement

No storage of bank credentials (manual entry only)
Secure password hashing with Argon2id
Passkey/WebAuthn passwordless authentication
Google OAuth for secure third-party login
Account deletion with complete data removal
Full data export (JSON format, GDPR Article 20 compliant)
CSRF protection on all forms
Distributed rate limiting via Redis
Hash-chained audit ledger for data integrity

Infrastructure security (TLS, encryption at rest, backups) is provided by our SOC 2 compliant cloud hosting providers.

Questions?

If you have any questions about our security practices, please contact our security team:

Related Policies

© 2026 Clearly. Decide. Don't react.