Security
Last updated: May 27, 2026
Your data is sensitive. The questions you answer, the gaps we identify, the conversations you have with your AI coach — all of it deserves serious protection. Here is how we keep it safe.
Encryption in transit and at rest
All data transmitted between your browser and our servers is encrypted using TLS 1.3. Data stored in our database is encrypted at rest using AES-256.
Authentication and access control
Passwords are hashed using bcrypt before storage. We support email and password authentication with plans to add two-factor authentication. Access to production data is restricted to authorized personnel only.
Infrastructure security
Claridify is hosted on Supabase and Vercel, both of which maintain SOC 2 Type II compliance. Our infrastructure is isolated with strict network access controls and regular security patching.
Data minimization
We collect only the information necessary to provide our services. Assessment responses are used exclusively to generate your personal report and power your AI coach. We do not sell or share your data with third parties for advertising.
Incident response
We maintain an incident response plan to detect, contain, and remediate security incidents. In the event of a breach affecting your personal data, we will notify you within 72 hours of becoming aware.
Key subprocessors
Supabase
Database hosting and authentication
Vercel
Application hosting and edge delivery
Stripe
Payment processing
Anthropic
AI coach inference
Report a vulnerability
If you discover a security vulnerability in Claridify, please report it responsibly. We take all reports seriously and aim to respond within 48 hours.
security@claridifyapp.comQuestions? Contact us or review our Privacy Policy.