Security
Security Built for
Financial Infrastructure
Every decision auditable. Every credential encrypted. Every tenant isolated.
Security Principles
Data Encryption
All data encrypted at rest using AES-256. All data in transit protected by TLS 1.3. Tenant API credentials encrypted with tenant-specific keys and never logged.
Tenant Isolation
PostgreSQL row-level security enforced on every table. No query executes without tenant scope. Agent instances are fully isolated — one tenant's tools cannot access another's data or tools.
Audit Immutability
Every agent action written to an append-only audit log before the response is returned. Audit rows are never edited or deleted. Full reasoning traces stored without truncation.
Access Controls
Role-based access control enforced at both the application and database layer. All protected routes require server-side JWT verification via Clerk. Least-privilege principle applied to all service accounts.
Compliance
SOC 2 Type II In Progress
Clendan is working toward SOC 2 Type II certification, targeting Q4 2026. Our security controls — encryption, access control, audit logging, and incident response — are designed to meet SOC 2 Trust Service Criteria from day one.
Current Status
Data Handling
What We Store and Why
- —Email address and company name collected at signup
- —Financial document data processed on your behalf and not retained beyond 30 days
- —AI reasoning traces stored for audit purposes per your plan tier
- —No financial data written to application logs — trace IDs used for correlation only
- —Data residency: UK and EU only
- —Account data retained until you delete your account
- —Audit logs retained per plan tier — see your plan details
- —Processed documents purged after 30 days
Vulnerability Disclosure
If you discover a security issue, please report it responsibly. We take all reports seriously.
Report to
security@clendan.com— Acknowledged within 48 hours
— Status update within 7 days