Security overview
Clearform is designed for sensitive business documents, so the security plan starts with least privilege, careful retention, auditable changes, and secure storage. This page tracks the target posture while the product is still a prototype.
Security principles
- Collect and retain only what is needed for the service.
- Limit access by workspace membership and role.
- Protect documents and exports in object storage.
- Keep audit trails for sensitive workspace actions.
- Plan for incident response before production launch.
Access control
The prototype currently has a dev session and workspace membership table. The production pass should add HttpOnly cookies, session rotation, logout, invite flows, role enforcement, rate limits, and account recovery.
Storage and retention
The local app records object keys for originals, page renders, and exports. In Cloudflare, those map to R2 buckets with D1 metadata. Production should include deletion controls, retention policies, backup expectations, and object access checks.
AI and document processing
The AI worker is not connected yet. When local GPU processing is added, jobs should receive only the files and recipe metadata they need, write results back through authenticated APIs, and avoid sending customer documents to third-party model providers unless explicitly configured.
Monitoring and audit
The app already writes audit records for field updates, uploads, exports, and contact messages. Production should expand this with authentication events, administrative changes, export downloads, and security alerting.
Security roadmap
- Production session cookies and CSRF protection.
- Workspace role checks on every API route.
- Signed upload and download URLs for object storage.
- Data deletion controls for uploads, exports, and workspaces.
- Incident contact and vulnerability disclosure process.