How We Protect Your Data | CLEAREX.MARKET

Cryptographic and System Safeguards Security is the core operational mandate of CLEAREX.MARKET. Enforcing rigorous, defense-in-depth technical and organizational measures matching the criteria of ISO/IEC 27001 and GDPR Article 32, the Platform deploys the following technical parameters to isolate and shield your personal data footprint: Passwordless System Design: We store zero user account passwords. System access uses exclusively single-use, time-limited cryptographic "magic links" routed directly to verified email boxes, removing standard database compromise vectors. K-Anonymity Scan Infrastructure: External password validation checks convert inputs into SHA-1 hashes locally within your browser. Only the initial 5 characters are routed to our servers. Full text elements or full hash keys are never transmitted. End-to-End Encryption at Rest: High-risk data rows are processed at the application layer using AES-256-GCM prior to storage. Admin accounts use passwordless magic-link authentication — no admin passwords are created or stored. Enforced Transit Routing: All connections mandate Transport Layer Security (TLS 1.3) encryption. Legacy ciphers are blocked at our firewall. We enforce HTTP Strict Transport Security (HSTS) with a 12-month duration and include our domain on global browser preload lists. Zero-Log Volatile Memory Execution: Security check lookups execute completely within volatile RAM. Application routes block request-body logging on lookup endpoints, preventing accidental exposure within engineering traces. PostgreSQL Row-Level Security (RLS): Data isolation is hardcoded at the database engine level. Every active transaction is mathematically restricted to the boundary of the authenticated user's ID, blocking cross-user leakage even if a bugs occurs within the web application code layer.
Advanced Intermediary Content Anonymity Safeguards Data profiles processed via the transactional tracks, user commentary matrices, and donation allocations are subject to enhanced architectural isolation: Anonymous Filings: If you submit a rating, review, or donation record anonymously, your identifier tracking parameters are recorded as NULL. No personal trace, metadata profile, or session variable is ever bound to the report. Disclosed Filings: If you choose to reveal your identity for verification, the display name you explicitly provide is shown publicly on the report page. Your email address is never used as or shown in place of a display name. IP Purging: Network IP addresses mapped to submissions are anonymized within 1 hour of ingest, wiping all persistent server trails. Compelled Demands & False Reporting Exception: Access to the reporter's internal UUID identifier requires authorised admin-level access, which is subject to immutable audit logging. We will legally contest any overbroad or unlawful data surrender demands regarding reporter identities. However, if a competent law enforcement authority or a valid court order establishes that a user has knowingly submitted fraudulent, malicious, or fabricated information, CLEAREX.MARKET will fully cooperate with judicial mandates and will surrender any available system logs, communication footprints, or registration data associated with the fraudulent submission. If a valid, binding court order compels disclosure for legitimate investigations, we will notify the affected user in advance, where legally permissible, to ensure they can seek independent legal advice.
Non-Retention of Identity (KYC) Data To fulfill our strict minimization architecture, CLEAREX.MARKET enforces a non-retention profile for identity documents. Upon account closure or a user-initiated erasure request executed via our DELETE /api/user endpoint, all identity verification (KYC) documentation, personal records, and user identifiers are permanently and instantly purged from our live production databases and system configurations. We strictly do not retain KYC profiles post-termination. The only records preserved are historical financial transactions, Marketplace escrow ledger rows, and subscription references, archived securely and exclusively to satisfy statutory tax, auditing, and corporate accounting laws.