DocLearly
Get Started Free

Security & Compliance

Last updated: May 2026

How we protect your documents

DocLearly processes sensitive legal documents on your behalf. We take that responsibility seriously. Your documents are encrypted in transit and at rest, never used to train AI models, and automatically deleted after 30 days. Below is a plain-English summary of the technical and operational controls that keep your data safe.

TLS encryption in transit

All data transferred between your browser and DocLearly servers is encrypted using TLS 1.2 or higher. Your document text is never sent over an unencrypted connection.

AES-256 encryption at rest

Documents and analysis results stored in our database are encrypted at rest using AES-256, the same standard used by banks and government agencies. This encryption is provided by Supabase, our database infrastructure partner.

Never used for AI training

Your documents are never used to train, fine-tune, or improve any AI model — ours or anyone else's. Document text is sent to Anthropic's Claude API solely to generate your analysis, and Anthropic's API usage policy prohibits training on API inputs.

30-day auto-deletion

Stored analyses and document text are automatically deleted after 30 days. We do not retain your data indefinitely. You can also delete individual analyses at any time from your dashboard.

Supabase SOC 2 compliance

Our database infrastructure is provided by Supabase, which is SOC 2 Type II certified. This means an independent auditor has verified that Supabase's security, availability, and confidentiality controls meet industry standards.

Data processing summary

When you submit a document, the text is transmitted over an encrypted TLS connection to our servers, then forwarded to Anthropic's Claude API to generate your analysis. The document text and resulting analysis are stored in Supabase (AES-256 at rest) and associated with your account if you are signed in. Anonymous submissions are not stored. Stored data is automatically purged after 30 days. We do not sell your data, share it with third parties for marketing, or use it for any purpose other than delivering the service to you.

Data Processing Agreement

EU and UK customers requiring formal documentation of our data processor commitments can review or request a countersigned copy of our DPA.

View our Data Processing Agreement →

Questions?

If you have security concerns or questions about how your data is handled, contact us at security@doclearly.com.