Security Policy
ClearPlan is a planning tool for financial advisors. We help advisors generate client-facing financial plans (a Standard 1-Pager, a Detailed 1-Pager, a Two-Pager, or a multi-page Full Plan) from inputs they type in. We are not a custodian, not a financial advisor, and not a data aggregator. This page describes how we handle data, where it lives, and what we do (and don't) do with it.
What data ClearPlan handles
Your account data (advisor)
- Email address (for login and account notifications)
- Firm name, advisor name, advisor title
- Logo image and brand colors
- Subscription status and billing identifier (managed by Stripe)
Plan content you enter
- Summary numbers: net worth, asset allocation percentages, tax-rate estimates (marginal and effective), savings rate, projected income, retirement targets, debt balances, cash flow components, and similar planning figures
- Net worth history (year and dollar value pairs the advisor records over time) and net worth breakdown by category (business, real estate, retirement, taxable, cash, 529s, debt, other)
- Free-text fields: overview, family values, goals, per-area recommendations, completed-tasks notes, implementation timeline phases, and your closing note
- Free-form pages (Full Plan only): up to four additional pages with a title and rich-text body. If you paste images into a free-form page body, the browser embeds the image inline as a base64 data URI in the plan record. There is no separate image file store.
- The plan label you assign to identify each plan
What we do not collect
The following fields do not exist anywhere in the ClearPlan interface and have no place to be entered:
- Social Security numbers or government-issued IDs
- Bank account or brokerage account numbers
- Passwords or login credentials for any third-party system
- Custodian access or read-only credentials
- Account-level statements or position-level holdings
- Client home addresses, dates of birth, phone numbers, or email addresses
Where data is stored
| Data | Provider | Region |
|---|---|---|
| Account, profile, plans, firm settings | Supabase (Postgres on AWS) | United States |
| Application hosting and request handling | Vercel | United States |
| Subscription billing and payment | Stripe | United States |
All data is encrypted in transit using TLS 1.2 or higher. All data is encrypted at rest by the underlying provider (Supabase via AWS-managed encryption; Stripe via PCI-DSS compliant infrastructure).
Access controls
- Each advisor's data is isolated by user ID using Supabase Row-Level Security (RLS) policies. RLS enforces isolation at the database level, independent of application code.
- The application server enforces user-scoped queries on every read and write as a second line of defense.
- No ClearPlan staff has routine access to plan content. Access for support requires a written request from the advisor.
- Database admin credentials are restricted to ClearPlan's founder and stored in a managed password vault.
Data retention and deletion
- Plans, firm settings, and profile data are retained for the life of your subscription.
- You can delete individual plans at any time from your dashboard. Deletions are immediate and irreversible.
- You can delete your entire account at any time from Firm Setup → Delete Account. This permanently removes your profile, all plans, all firm settings, and cancels your active Stripe subscription. Subscription management (payment method, invoices, billing cadence) is handled through Firm Setup → Manage Account, which opens the Stripe-hosted customer portal.
- After account deletion, residual backup data is purged from our systems within 30 days.
AI and third-party APIs
ClearPlan does not currently send any plan content to third-party AI services such as Claude or OpenAI. Plan generation, calculations, and PDF rendering happen entirely in your browser or in our own server. If we add AI-assisted features in the future, this page will be updated and the relevant subprocessor added before any plan data leaves ClearPlan's infrastructure.
Client share links
Advisors can optionally create a view-only link to a single plan to send to that client. Share links are off by default and per-plan. When created: the link token is 256-bit random and stored only as a SHA-256 hash (a database compromise exposes no working links); links expire automatically after 30 days; each plan has at most one active link, and creating a new one revokes the old; the advisor can revoke instantly from the Clients screen. The shared page is read-only, requires no client login, collects nothing from the viewer, and is excluded from search-engine indexing.
Vulnerability disclosure
We welcome good-faith security research. If you believe you've found a vulnerability, email hello@getclearplan.com with reproduction steps. We will acknowledge within two business days, keep you informed as we remediate, and will not pursue legal action for good-faith research that respects user data and avoids service disruption. Please do not access data that isn't yours, and give us reasonable time to fix before public disclosure. A machine-readable contact is published at /.well-known/security.txt.
Breach notification
In the event of a confirmed data breach affecting customer data, ClearPlan will notify affected customers by email within 72 hours of confirmed discovery, with a description of the data involved, the cause, and the steps being taken to remediate.
Compliance posture
ClearPlan is designed for advisors operating under SEC Regulation S-P and state-equivalent privacy rules. The product's data minimization — no SSNs, no account numbers, no client contact details — is a deliberate design choice to reduce your firm's regulatory exposure when using the tool.
We are a small, focused team and do not currently hold SOC 2 or ISO 27001 certification. We maintain documented security practices appropriate to the data we hold and are happy to provide additional documentation for vendor due diligence on request.
Questions
For any security or privacy questions, contact us at hello@getclearplan.com.