01
Access
Workspace access is role based.
Dashboard access uses Supabase Auth with workspace roles and auditable ownership boundaries.
- Owner
- Admin
- Member
Live stateRBAC
Security
A security posture built for procurement review.
TrueClara keeps the security story in the same product language: what is collected, where it is processed, who can access it, and how incidents are handled.
Security packetreview ready
SOC 2in progress
Regionus-east-1
Disclosure48h ack
Operating model
The page keeps one record moving.
Each product surface follows the same loop: define the route state, compare the release window, carry evidence into the decision.
02
Data
Transport and storage are encrypted.
Traffic is encrypted in transit, and managed providers encrypt application and warehouse data at rest.
- TLS
- AES-256
- Managed providers
Live stateencrypted
03
Vendors
Subprocessors are published.
Hosting, warehouse, auth, cache, billing, and email vendors are listed in the legal packet and updated as they change.
- Vercel
- Tinybird
- Supabase
Live statepublic list
04
Response
Material incidents have owner and notification rules.
Incident response uses severity classification, on-call ownership, and customer notification for material workspace impact.
- Severity
- Owner
- Notification
Live state72h notice
Before / after
Every surface moves from vague signal to attributed decision.
The redesign keeps comparison visible because the product promise is not more charts. It is a cleaner handoff from release to action.
Procurement
Security details live across scattered pages.
Security, DPA, privacy, and subprocessors form one packet.Operations
Incident response is implied.
Disclosure, acknowledgement, and notification windows are stated.Vendors
Managed service dependencies are unclear.
Subprocessors are published for review.Get started
Need the full security packet?
Use the DPA, subprocessors page, and security contact together for procurement review.