Status: legal-review draft. Do not execute without counsel review.
Security Program
Clearance uses a metadata-only hosted data boundary by default, organization-scoped access controls, RBAC, audit logging, TLS, production secret management, and provider-managed database backup controls.
Access Control
- Organization data is scoped by
organization_id. - Product records that belong to a project include
project_idwhere applicable. - Administrative actions require server-side RBAC checks.
- Runner and SCIM bearer tokens are stored as hashes with nonsecret prefixes.
Encryption And Secrets
- TLS is required for production traffic.
- Integration credentials are encrypted before storage.
- Production secrets live in the deployment secret manager.
- Real production secrets must not be committed, logged, or exported.
Audit And Monitoring
- Sensitive actions emit metadata-only audit events.
- Evidence exports include integrity hashes.
- Minimum alert rules are defined in
docs/monitoring-alert-rules.md.
Incident Response
Security incidents follow docs/incident-response.md, including containment, audit/log preservation, customer-notification decisioning, and post-incident regression work.