Security

Security & Data Policy

ClearSearch is designed to stay minimalist in the UI while still treating credentials and document data seriously.

Reviewing this before login is encouraged.

Custom API Keys

Custom OpenAI API keys are encrypted at rest with a deployment-managed master key before ClearSearch stores them.

Current key protection mode: Deployment-managed master key

ClearSearch never displays the full saved API key back in the interface. The Settings page only shows a masked version.

Authentication & Sessions

Authentication is handled through Supabase Auth.
Authenticated app sessions use signed session middleware.
Password changes are performed through the authenticated Supabase user flow.

Planned next steps include optional multi-factor authentication and hosted self-serve account onboarding.

Document Data

Document metadata and indexed chunks are stored separately from the app code.
Large document files may be processed from local deployment storage or from an approved company-controlled path.
Deleting an indexed document removes ClearSearch indexing artifacts, but it does not delete the original source file.

This deployment still uses local runtime folders for uploads, processed caches, and some deployment state. That works for the current hosted setup, but it is not the final long-term security model.