Security & Trust

How we protect your business and your data — in plain language.

Built secure by architecture, not by promise

These are not policies bolted on afterwards. They are how the platform is engineered — and we are happy to demonstrate every one of them in a technical session.

A private database per tenant

Your data lives in its own dedicated database — physically separated from every other customer. No shared tables, no row filters, no co-mingling. Ever.

Encryption everywhere

Data is encrypted in transit with TLS. Database credentials are encrypted at rest with AES-256. Passwords are hashed with BCrypt — never stored, never readable.

Strict access control

Short-lived access tokens, fine-grained permissions checked on every request at two independent layers, optional two-factor authentication, and automatic lockout after failed logins.

An append-only audit trail

Every significant change is recorded — who, what, when, and from where. The platform exposes no interface to edit or delete audit records, and sensitive values are never written to them.

EU data residency

Your tenant's data is hosted in the European Union. Because every tenant has its own database, your data is portable by design.

No lock-in by design

A documented export path for all your data, per-tenant database portability, and source-code arrangements for enterprise clients. You always own your exit.

Compliance

GDPR-native, with the paperwork to match

CleverInit was built in the Netherlands for European businesses, with the GDPR as a design requirement — not an afterthought. Data minimisation, the right to erasure, and full audit trails are part of the platform's architecture.

Procurement or privacy team reviewing us? We will complete your vendor questionnaire and provide our security documentation — usually within two business days.

Request our trust pack

Available on request

  • Signable Data Processing Agreement (DPA)
  • Sub-processor list
  • Data-residency and hosting statement
  • Security architecture documentation
  • Completed vendor security questionnaires

An honest note on certifications

We do not yet hold an independent certification such as ISO 27001 — the controls described above are built into the platform, and independent certification is on our roadmap. We would rather tell you that plainly than imply otherwise.

Found a security issue, or want to go deeper than this page? Write to us directly: hello@cleverinit.com

Build smarter. Launch faster. Scale effortlessly.

Tell us where you want to take your business. We'll show you the fastest path to get there — whether you want a fully managed platform, a custom module built exclusively for your tenant, or a fully branded product to sell to your own clients.