Security trust center

ClareMesh is built for regulated financial data. Every component is designed with security, compliance, and data sovereignty as first-class concerns — not bolted-on features.

Three-layer perimeter

JWT authentication at the edge, RLS enforcement at the database, org-level isolation at the application. Every request passes through all three layers.

Customer-owned data

Enterprise customers can deploy ClareMesh to their own Supabase project. They own the database, the backups, and the encryption keys. ClareMesh has service access, not ownership.

Zero trust by default

No shared secrets between orgs. No cross-org data access possible even with admin keys. RLS policies are applied at the PostgreSQL level — they can't be bypassed by application code.

Security controls

CM-EN-001AES-256 encryption at rest

EncryptionAUTO

CM-EN-002TLS 1.3 in transit

EncryptionAUTO

CM-EN-003Field-level encryption for PII

EncryptionAUTO

CM-AC-001Row-level security on all tables

Access controlAUTO

CM-AC-002JWT + API key authentication

Access controlAUTO

CM-AC-003Role-based permissions (RBAC)

Access control

CM-AU-001Immutable audit log

AuditAUTO

CM-AU-002Actor + action + timestamp on every write

AuditAUTO

CM-DR-001Data residency per jurisdiction

Data residencyAUTO

CM-DR-002Cross-border transfer controls

Data residencyAUTO

CM-RT-001Configurable retention policies

Retention

CM-RT-002Automated data subject request processing

Retention

Supported frameworks

SOC 2

GDPR

CCPA

PCI DSS

SOX

PDPL

LGPD

APPI

UK-GDPR

PIPL

Security inquiries

For security questions, vulnerability reports, or compliance documentation requests, contact security@claremesh.com. We respond to all security inquiries within 24 hours.

ClareMesh

Pricing Schema Get started

Security trust center

ClareMesh is built for regulated financial data. Every component is designed with security, compliance, and data sovereignty as first-class concerns — not bolted-on features.

Three-layer perimeter

JWT authentication at the edge, RLS enforcement at the database, org-level isolation at the application. Every request passes through all three layers.

Customer-owned data

Enterprise customers can deploy ClareMesh to their own Supabase project. They own the database, the backups, and the encryption keys. ClareMesh has service access, not ownership.

Zero trust by default

No shared secrets between orgs. No cross-org data access possible even with admin keys. RLS policies are applied at the PostgreSQL level — they can't be bypassed by application code.

Security controls

CM-EN-001AES-256 encryption at rest

EncryptionAUTO

CM-EN-002TLS 1.3 in transit

EncryptionAUTO

CM-EN-003Field-level encryption for PII

EncryptionAUTO

CM-AC-001Row-level security on all tables

Access controlAUTO

CM-AC-002JWT + API key authentication

Access controlAUTO

CM-AC-003Role-based permissions (RBAC)

Access control

CM-AU-001Immutable audit log

AuditAUTO

CM-AU-002Actor + action + timestamp on every write

AuditAUTO

CM-DR-001Data residency per jurisdiction

Data residencyAUTO

CM-DR-002Cross-border transfer controls

Data residencyAUTO

CM-RT-001Configurable retention policies

Retention

CM-RT-002Automated data subject request processing

Retention

Supported frameworks

SOC 2

GDPR

CCPA

PCI DSS

SOX

PDPL

LGPD

APPI

UK-GDPR

PIPL

Security inquiries

For security questions, vulnerability reports, or compliance documentation requests, contact security@claremesh.com. We respond to all security inquiries within 24 hours.