ClearPlan Trust Center

How ClearPlan handles advisor and plan data: zero-PII architecture, encrypted US-based storage, and database-level isolation between advisors. Everything you need for vendor due diligence lives on this page.

Security contact  ·  hello@getclearplan.com

Posture

Zero-PII by design
No SSNs, account numbers, client contact details, or custodian credentials — the fields don’t exist.
Encrypted everywhere
TLS 1.2+ in transit; AWS-managed encryption at rest.
Row-Level Security
Advisor isolation enforced in the database, independent of application code.

Legal

Privacy Policy Terms of Service Subprocessors

Documents

Security Policy View
Incident Response Summary View
Data Retention & Deletion Schedule View
Data Processing Addendum View
Vendor Security Questionnaire (we’ll complete yours) Request

Everything above is public — no NDA required. Have your own security questionnaire? Send it over and we’ll complete it, typically within two business days.

Subprocessors

S
Supabase
Postgres database & authentication
United States (AWS us-east)
Vercel
Application hosting & edge request handling
United States
S
Stripe
Subscription billing & payments
United States

Cloudflare CDN and Google Fonts serve static assets (script libraries, web fonts) to your browser and receive no customer data. Additions or removals are published 14 days in advance — see the full notice policy.