Trust Center
How CLVR Benefits hosts, encrypts, governs, and shares the data you put in our hands: with the receipts that prove it.
Last updatedMay 21, 2026Versionv1.27.2
Quick facts
Reviewed each release cycle.
- Data residency
- EU / EEA only
- Azure & AWS EU regions. No customer data leaves the bloc.
- Encryption at rest
- AES-256
- Azure storage encryption with platform-managed keys.
- Encryption in transit
- TLS 1.2+
- sslmode=verify-full for the app-to-db link; HTTPS enforced at the edge.
- Staff authentication
- MFA enforced
- No staff access to production without a second factor.
- Incident notification
- 72 hours
- Documented breach process; reviewed after significant changes.
- Compliance posture
- GDPR aligned
- Vendors hold ISO 27001 & SOC 2 Type II. Records on request.
01
Authentication and Security
How we make sure the right people, and only the right people, get in.
Multi-Factor Authentication (MFA)
Enabled for all admin and staff accounts.
Live
Password policies
Aligned with the standards of the relevant provider (e.g., Microsoft for Azure accounts).
Live
Certificate and key rotation
All certificates and keys are rotated regularly, with many handled automatically by cloud providers. Manual credentials updated every 90 days.
Live
BankID integration
Stronger user authentication and identity verification in user application.
Planned
02
Data Hosting and Location
Where your data lives, and the certifications underneath it.
Primary infrastructure
CLVR Benefits runs on Microsoft Azure for virtual machines and managed storage.
Live
Database backup and file storage
Database backups and file storage managed through Amazon AWS S3.
Live
Geographic restrictions
All servers and data hosted exclusively within Europe. No customer data ever leaves the EU/EEA.
Live
Compliance certifications
Both Azure and AWS hold industry-leading certifications (ISO 27001, SOC 2, GDPR compliance).
Live
03
Data at Rest
How customer data is protected once it has landed in our systems.
Database encryption
All customer data encrypted at rest using Azure built-in storage encryption (AES-256 with platform-managed keys).
Live
Database backups
Automated every 24 hours, retained for 7 days. Stored in Amazon S3 with SSE-S3 server-side encryption.
Live
Application-level encryption
AES-GCM encryption for highly sensitive fields using keys in Key Vault.
Planned
04
Data in Transit
How traffic between you, our app, and our database stays sealed.
Network isolation
All app–database traffic restricted to internal network only. Postgres not exposed to internet; port 5432 blocked at Azure NSG.
Live
Database TLS connections
All application–database traffic uses TLS with full certificate verification (sslmode=verify-full).
Live
HTTPS enforcement
All web traffic encrypted using HTTPS.
Live
Secure cookies
All cookies set with HttpOnly, Secure, and SameSite=strict flags to protect session integrity.
Live
05
Data Governance
The paper trail, the retention rules, and the contracts behind the controls.
Records of Processing Activities (RoPA)
Documented internally in codebase and reviewed during each release cycle.
Live
Data retention policies
Deletion and anonymization rules documented internally and reviewed on each release cycle.
Live
Data Processing Agreements (DPAs)
Tracked internally with all third-party vendors; documentation exists and is maintained, pending formal signatures.
In progress
06
Data Subject Rights
Your rights under GDPR, and how to exercise them with us.
Data subject request processes
Established processes for access, correction, deletion, and portability requests with 30-day response time. Contact trust@clvrbenefits.com for any requests.
Live
Privacy Policy
Our privacy policy page is available here.
Live
07
Sub-processors
The vendors we share data with to operate the service, and what each one is used for.
Amazon Web Services
aws.amazon.com
Cloud storage for uploaded files and encrypted database backups, hosted in EU regions.
EU regionsISO 27001SOC 2
Microsoft Azure
azure.microsoft.com
Hosting infrastructure and the identity provider used for organisational sign-in (OAuth via Entra ID).
EU regionsISO 27001SOC 2
Anthropic
anthropic.com
Optional AI receipt scanning and expense auto-approval. Only receipt images and category names are sent. Data is not used to train models.
EU routingSOC 2
PostHog
posthog.com
Product analytics used to understand and improve how the platform is used.
EU regionsSOC 2
HubSpot
hubspot.com
Marketing CRM only. Holds leads captured on our website (form submissions, demo requests). No customer, employee, or payroll data is ever sent to HubSpot.
US (SCC)ISO 27001SOC 2
08
AI and Automation
Where AI touches your data, and the guardrails around each surface.
AI receipt scanning
Optional feature for expense report uploads. When enabled by the company, receipt images are sent to Claude (Anthropic) for extraction of vendor, date, amount, and VAT. Only the receipt image and benefit category names are sent. No employee names, emails, or other personal data. We do not use your data to train models. We retain only what is necessary for the feature and for audit compliance. Companies can disable this feature in AI Settings.
Live
AI automated expense evaluation
Optional feature that evaluates wellness expense reports for automatic approval or decline. HR retains full oversight: every AI decision is visible with confidence scores and reasoning, and any decision can be reverted at any time. Expenses where AI confidence is below 85% are deferred to human review. All decisions are logged with a full audit trail.
Live
09
Product Security
How the code that runs your benefits gets built and shipped.
Secure source code access
Access restricted to authorized team members only. GitHub used with enforced account security.
Live
Version control and release process
Structured Git workflow (git-flow). All changes tracked, reviewed, and merged into dedicated branches.
Live
Environment separation
Separate development and staging environments ensure thorough testing before production deployment.
Live
Test data management
Test data carefully selected, anonymized, and managed to avoid sensitive personal information in non-production.
Live
Modern secure technology stack
Built with industry-standard web technologies, containerized infrastructure, and managed cloud services. Regularly updated with security patches.
Live
Dependency and package vetting
All external packages reviewed before adoption. Monitor for vulnerabilities and update promptly.
Live
10
Security Operations
Day-to-day operations: who can do what, what we log, and what happens when something breaks.
Access control
Internal access limited to authorized staff using principle of least privilege. Administrative access restricted.
Live
Secrets management
Credentials injected as environment variables, never committed to code or stored in plaintext.
Live
System patching
Regular patching of OS, Docker images, and PostgreSQL.
Live
Application-level monitoring
Real-time error detection and anomaly monitoring via PostHog.
Live
System-level monitoring
Postgres authentication logs, firewall events (UFW), and system security logs with alerts for suspicious activity.
Planned
Incident response plan
72-hour breach notification process documented internally, available on request, reviewed after significant changes.
Live