Fleet operators, P&I clubs, and charterers trust CanalClear to handle sensitive filing data. Here's exactly what that means in practice.
All data is encrypted both in transit and at rest. No exceptions, no exceptions, no environment shortcuts.
All data stored in our managed PostgreSQL database (Neon) uses AES-256-GCM encryption. Database credentials, tokens, and sensitive metadata are never stored in plain text.
Every connection to CanalClear requires TLS 1.2 or higher. We enforce HTTPS across the entire site — no HTTP fallback, no mixed content.
Our application runs on Render — a SOC 2 Type II compliant cloud platform. Infrastructure is fully managed, with automatic security patches applied by the provider.
Application logs and error rates are monitored continuously. Anomalies trigger alerts before they become incidents. We receive automated notifications if any service degrades.
Vessel filing data is sensitive. We capture only what's required for compliance validation, and we keep it only as long as you need it.
We store vessel particulars, filing status, compliance scores, and submission history — the minimum required to provide compliance automation. We do not store cargo manifests beyond what is needed for canal-specific filing forms.
Active filing data is retained for as long as your account is active. Deleted accounts have their filing data purged within 30 days. Soft-deleted filings are removed within 90 days.
We do not sell, share, or transfer your vessel or filing data to any third party — ever. Your data is used exclusively to provide the CanalClear service. Stripe handles payment data separately under Stripe's own privacy policy.
Every user's access to canal filing modules is enforced by their subscription tier — not just the UI, but the API layer itself.
Access control is enforced at two layers: the API gateway (subscription-gated route mounts) and the individual filing engine validators. A user without a Suez Canal subscription cannot hit Suez filing endpoints — the routes don't mount for them.
Each account operates in an isolated data context. Cross-account access is architecturally impossible — your filing data is never accessible to other users.
Third-party credentials (Suez Canal SCA login) are stored with AES-256-GCM encryption and are only decryptable by the application at runtime — never exposed in logs or responses.
User passwords are hashed with bcrypt (cost factor 12). We enforce minimum password requirements and support secure password reset via time-limited tokens.
Enterprise ops desks need fine-grained control. CanalClear enforces role boundaries at the API layer — not just the UI.
Each user is assigned exactly one role. Roles control what canals they can access, what filings they can create, and what they can approve.
Every filing moves through a defined lifecycle. State transitions are logged immutably — no overwriting, no data loss.
We don't reinvent infrastructure security — we rely on providers whose entire business is staying ahead of threats.
CanalClear runs on Render, which provides SOC 2 Type II certified hosting with automatic TLS, DDoS protection, and managed SSL certificates. Services are deployed via CI/CD pipelines — no manual server access.
The operational database is Neon, a fully managed PostgreSQL platform with automatic branching, point-in-time recovery, and row-level security. Database is hosted in AWS us-east-1 with automatic daily backups.
Neon provides continuous backup with point-in-time recovery. We also run application-level export routines for disaster recovery. Backups are retained per Neon's standard policy.
Generated PDFs and export documents are stored in Cloudflare R2 with private access. Signed URLs are used for document retrieval — files are not publicly accessible without authentication.
We're building toward formal security certifications while operating under industry-standard practices today.
All data encrypted at rest and in transit. OAuth tokens and Suez credentials use AES-256-GCM. HTTPS enforced sitewide.
API-gated waterway access per subscription tier. Middleware-enforced on all filing engine endpoints. No cross-account data leakage.
Formal SOC 2 Type II audit in preparation. Target completion: Q3 2026. This will cover security, availability, and confidentiality trust service criteria.
Formal DPA document available for EU-based operators and brokers who require a signed DPA under GDPR Article 28. Contact us to request one.
Third-party penetration testing scheduled for Q4 2026. Results and remediation will be documented and available to enterprise customers on request.
Our target SLA is 99.9% uptime. We publish real-time status and incident history so you always know what you're working with.
SLA metrics reflect production environment data. A dedicated status page with real-time monitoring and incident history is in development and will be available at status.canalclear.org before Q3 2026.
Operational data for CanalClear is hosted in the United States (AWS us-east-1). This may change as we expand regional availability.
Neon PostgreSQL hosted in AWS us-east-1 (Northern Virginia). Point-in-time recovery backed up continuously.
Cloudflare R2 (US region) for PDF documents and export files. Private bucket — no public access.
Stripe processes all payments in the US under Stripe's own privacy policy and PCI DSS Level 1 compliance.
If you operate under GDPR jurisdiction and require data residency in the EU, or need a signed Data Processing Agreement (DPA), contact us at security@canalclear.org. We can accommodate EU data residency requirements for enterprise accounts on request.
We welcome responsible disclosure from security researchers. If you've found a vulnerability, here's how to reach us.
If you discover a security issue in CanalClear, please contact us at security@canalclear.org. Include as much detail as possible — affected URL, description of the vulnerability, and steps to reproduce (if applicable).
Enterprise security reviews, custom DPAs, and dedicated compliance documentation are available for fleet operators and P&I clubs.