Security
How your data is handled.
How your file is handled
- Uploaded over HTTPS (TLS 1.2+)
- Encrypted at rest on Supabase Storage (AES-256)
- Processed on Vercel serverless functions (no persistent storage)
- Deleted automatically after 30 days
- You can request immediate deletion at any time by emailing hello@clearsheet.co
What we see
- Your file content during processing (required to clean it)
- Row counts, fix counts, and processing metadata
- We do not see your payment details (Stripe handles all payment processing)
What we never do
- Never use your file to train models, build datasets, or improve algorithms
- Never share your file with other customers or third parties
- Never sell or license your data
- Never store your file longer than 30 days
What Google Places sees
If you choose enrichment, we send business names and partial location data to Google Places to look up verified addresses, phone numbers, and details. Google receives the search query, not your full file. This only happens if you opt into enrichment.
Third-party services
- Stripe (payment processing, PCI-compliant)
- Supabase (database and file storage, SOC 2)
- Vercel (hosting and serverless compute)
- Google Places (address enrichment, only when enrichment is selected)
- PostHog (analytics, consent-gated, no cookies)
- Resend (transactional email)
- Sentry (error monitoring, PII scrubbed)
See the full privacy policy for details.
What we don't handle
- Files containing protected health information (HIPAA)
- Files containing financial account numbers (GLBA)
- Files containing data from children under 13 (COPPA)
If your file contains these categories, contact us before uploading.
Questions? hello@clearsheet.co