ClarifyDocuments

Security Statement

Last Updated: October 8, 2025

ClarifyDocuments (“we,” “us,” or “our”) is committed to protecting the security and integrity of user data. This Security Statement outlines the measures we take and the responsibilities of users to help maintain a secure environment.

1. Data Protection Measures

We implement multiple layers of security, including:

  • Encryption: All traffic is encrypted using TLS in transit and AES at rest.
  • Access Controls: Only authorized personnel have access to sensitive data.
  • Regular Assessments: Security audits, vulnerability scans, and penetration tests are conducted regularly.
  • Rate Limiting: We enforce rate-limiting on upload endpoints to prevent abuse.

Security Headers

We set appropriate HTTP response headers across our services:

  • Strict-Transport-Security (HSTS): at least 6 months, with includeSubDomains and preload.
  • Content-Security-Policy (CSP): may be applied selectively where compatible with required functionality and trusted third-party providers (e.g., Google AdSense, Google Analytics, TinyMCE CDN).
  • X-Content-Type-Options: nosniff.
  • X-Frame-Options: DENY.
  • Referrer-Policy: strict-origin-when-cross-origin.
  • Permissions-Policy: denies access to sensitive browser APIs (camera, microphone, geolocation, and others).

2. File Upload Security

All uploaded files (including documents uploaded through the Upload page and attachments sent via Support tickets) undergo security checks:

  • MIME Type Validation to ensure the file matches expected types.
  • Antivirus/Malware Scanning.
  • Size and Format Validation.
  • Immediate Rejection of files that fail validation or scanning. Such files are not processed.

3. Backups and Disaster Recovery

  • Encrypted Backups: Backups are encrypted and retained for 30 days.
  • Recovery Point Objective (RPO): 24 hours.
  • Recovery Time Objective (RTO): 12 hours.

4. Incident Response

  • ClarifyDocuments has a documented incident response plan.
  • In case of a security breach, we investigate promptly and mitigate risks to the extent possible.
  • Users affected by a data breach will be notified via the support ticket system or other registered contact method as required by law.

5. User Responsibilities

Users play a role in maintaining security by:

  • Using strong, unique passwords.
  • Not sharing login credentials with others.
  • Reporting suspicious activity immediately via a support ticket at our Support Page.
  • Following best practices for safe usage of the Platform and AI features.

6. Data Breach Notification

  • If a data breach occurs affecting your personal information, we will notify affected users promptly.
  • Notifications will include:
    • Nature and scope of the breach.
    • Data involved.
    • Recommended steps to mitigate risks.
  • Notification will comply with applicable data protection laws in your country or territory.

7. Transparency

Every uploaded file is automatically scanned for viruses and malware before processing. Files that fail scanning are rejected and deleted.

8. Updates to Security Statement

  • This Security Statement may be updated at any time.
  • Continued use of ClarifyDocuments constitutes acceptance of updates.