Security & Trust

Security by design, not by accident.

Last Updated: April 24, 2026

CleanPrompt was built with a fundamental architectural constraint: your document content should stay on your machine during the redaction workflow. This page details the technical safeguards, provider boundaries, and disclosure path we maintain to protect your data.
HomePrivacy PolicyTerms of Service

Local-First Architecture

The core of CleanPrompt's security model is local-first document processing. Instead of requiring you to send your document content to a remote model for processing, CleanPrompt runs deterministic evidence collection, policy decisions, aliasing, and rendering directly in the local browser session. As a result, there is no server-side inference and no vendor-side retention of document content by design.

Zero-Upload Workflow

When you import a document, it is loaded into browser memory. Text extraction, entity detection, and redaction run locally on the device CPU or GPU. No document content is sent to CleanPrompt servers or third-party APIs during the redaction loop.

Ephemeral Sessions

Document data is held in active browser memory for the session. Once you close the tab or refresh the page, the unredacted source content is cleared from working memory. CleanPrompt does not persist document content to application-managed browser storage such as localStorage or IndexedDB as part of the redaction workflow.

No Model Asset Delivery

The current redaction engine does not download tokenizer or model files for document redaction. Browser network requests during the workflow are limited to the app, account, billing, diagnostics, analytics, and contact surfaces described below.

Data Flow

The redaction workflow is designed so document processing stays local in the browser. The only browser-to-network flows are for supporting product infrastructure, not remote document inference.

Stays Local In Your Browser

No document egress
1

Import document

TXT, DOCX, and text-based PDF files are opened in the browser. Source bytes and extracted text stay on-device during processing.

2

Run the redaction engine

Structure analysis, deterministic rules, evidence assessment, entity resolution, aliasing, and rendering execute in the local browser session.

3

Review locally

The redacted preview and alias map are rendered locally so you can inspect and refine the output before export.

4

Export locally

Redacted DOCX, audit report, and manifest JSON artifacts are generated in the browser and downloaded to your device.

Leaves The Browser Only For Supporting Flows

Metadata only

Auth and account flows

When you sign in or use account features, auth and account metadata are exchanged with Supabase-backed endpoints.

Billing flows

When you upgrade or manage billing, checkout and subscription metadata are exchanged with Stripe-backed billing endpoints.

Operational and audit metadata

For supported account and admin flows, the browser can send event metadata such as export type, file name, source file name, artifact hash, or session ID. Supported local redaction failure states can also send sanitized runtime diagnostics such as browser family, source kind, pipeline stage, and coarse size buckets. These flows exclude document body content.

Aggregate web analytics

Vercel Web Analytics collects aggregate page-level traffic data. Analytics events are sanitized to strip query strings and URL fragments before send, and the auth callback route is excluded.

Contact form only

On the marketing contact form, submitted contact details and the Turnstile verification token are sent for delivery and anti-spam checks. This is separate from document redaction.

Infrastructure & Encryption

Encryption in Transit

All external communication, such as account authentication and billing, occurs over industry-standard TLS 1.2+ via HTTPS. This protects account metadata such as email addresses while it is in transit between your browser and infrastructure providers.

Authentication & Identity

We use Supabase, built on PostgreSQL and GoTrue, for identity management. Our current authentication flows support passwordless email sign-in and Google OAuth, with session handling managed through Supabase-issued tokens and cookies.

Third-Party Trust Boundaries

To operate the product, we rely on specialized providers for identity, payments, email delivery, and hosting. These integrations are scoped so providers do not receive document content from the local redaction workflow.

  • 1
    Supabase: Manages account identity, auth session state, and account-backed product data. Supabase stores account metadata but does not receive redacted or source document content from the local redaction workflow.
  • 2
    Stripe: Handles PCI-compliant payment processing and customer billing records. We do not store full credit card details on CleanPrompt servers.
  • 3
    Resend: Delivers transactional email such as invitations and account notifications. Those messages can include account metadata, but they do not include document content from the redaction flow.
  • 4
    Vercel: Provides application hosting and aggregate web analytics. Local document redaction still runs in the browser, and document content is not submitted to Vercel for redaction processing.
  • 5
    Cloudflare Turnstile: Loads only on the marketing contact form for spam prevention. It is not part of the document redaction workflow.

Short Threat Model

The main security boundary is the browser session itself. The threat areas below summarize the current controls and the remaining residual risks.

Browser execution

Threat

Malicious extensions, compromised browsers, or shared devices can observe local processing.

Current Control

The redaction loop runs in the browser and avoids server-side inference for document content.

Residual Risk

Your device, browser, and extensions remain part of the trust boundary.

Local storage

Threat

Persistent browser storage can retain sensitive data longer than intended.

Current Control

The redaction workflow keeps document content in working memory rather than persisting it to application-managed localStorage or IndexedDB.

Residual Risk

Browser cache or device-level artifacts outside the app may still exist.

Alias map leakage

Threat

Alias mappings can reveal identities if exposed outside the local review flow.

Current Control

Alias maps stay local by default and are not automatically uploaded during redaction.

Residual Risk

Manifest exports and user sharing choices can expose review metadata.

Exports

Threat

Downloaded artifacts may be copied, synced, or emailed outside the local boundary.

Current Control

Exports are generated locally and require explicit user action.

Residual Risk

Once saved or shared, handling moves to your storage and sharing tools.

Third-party services

Threat

External providers expand the attack surface around auth, billing, contact, hosting, analytics, and spam prevention.

Current Control

Those integrations are scoped to product operations rather than remote document inference.

Residual Risk

Those providers remain relevant for the metadata used in their respective flows.

User error

Threat

Ambiguous text, unusual formatting, or manual edits can still lead to missed or incorrect redactions.

Current Control

CleanPrompt exposes a local preview, alias map, manual refine controls, warnings, and audit-style exports to support verification.

Residual Risk

Human review is still required before downstream use or sharing.

Evidence & Rule Card

CleanPrompt uses a hybrid redaction engine rather than a single remote inference step. The current engine covers these category groups:

PersonOrganizationAddressEmailPhoneDateURLCompany and registration identifiersGovernment and tax identifiersBanking and payment identifiers

This includes specific identifier detections such as ABN, ACN, NZBN, company and file numbers, TFN, SSN, EIN, IRD, NINO, SIN, bank account numbers, routing numbers, BSB, sort code, SWIFT, IBAN, and payment card patterns where the rules match.

How detections are produced

The pipeline combines document-structure analysis, pattern and token rules, span-backed evidence assessment, entity resolution and aliasing, conflict arbitration, post-render leak scanning, and post-processing polish before rendering the final preview.

Known limitations

False-negative risk is non-zero and is highest for scanned or image-heavy PDFs, OCR noise, short or ambiguous references, unusual formatting, and edge cases that remain below the engine’s confidence or rule thresholds.

Review expectation

Treat the output as reviewer-assisted redaction, not autonomous clearance. Inspect the preview, warnings, alias map, and export artifacts before sharing documents downstream.

Local Exports & Handling

Redacted DOCX files, audit reports, and manifest JSON exports are generated locally in the browser and downloaded locally to your device. CleanPrompt does not automatically upload those exports.

Some export formats, especially manifest JSON, can contain sensitive review metadata such as alias mappings, file names, hashes, and redaction inventory. Handle exported artifacts accordingly if you later email, sync, or share them.

Compliance & Governance

CleanPrompt is operated consistent with global privacy standards, including GDPR, CCPA, and the Australian Privacy Act. As an Australian-based company in Victoria, we apply the protections required by our home jurisdiction while extending those privacy boundaries across the product.