Security Policy

Your account is walled off from every other account. Risky moves get a second pair of eyes before they go out. And we keep a record of every action so you can always see what happened and when.

Logging in requires a signed token tied to your account, which expires on a short clock. Anything sensitive — sending email, posting to a channel, changing billing — is checked against your permissions before it runs. Everything we write down gets a timestamp and stays put.

If you're a security researcher and you spot something, we want to hear about it. Tell us what you saw, where, and how to repeat it — please don't poke at other people's data while you test. We don't go after researchers who play by these rules.

Send security reports to support@cleargarment.com.