Trust & Privacy
How we handle your data
Clean-Core.io is a free, community-built tool. Trust is earned by being specific, so this page states plainly what we store, where, and what rights you have — no legalese padding. (Reflects v1.22.1.)
Data residency — EU only
All data is stored in Google Cloud Firestore in europe-west1 (Belgium, EU). The application runs on Google Cloud Run in the same region. Your data does not leave the EU.
Encryption of sensitive data
S/4HANA credentials (BYOT) and your own Gemini API key (BYOK) are encrypted at rest with AES-256-GCM in a server-only collection that client apps cannot read. Passwords/keys follow a write-only pattern — they are never returned to the browser. MFA backup codes are hashed (scrypt + server pepper).
Server-authoritative evidence
Every analysis is frozen into an immutable, HMAC-signed Run. Audit packs carry a SHA-256 manifest and signature so a third party can verify integrity independently. We label verification honestly: authentic → integrity-only → failed — we never show a green check we cannot back up cryptographically.
Subprocessors
- Google Cloud / Firebase (EU) — hosting, database, authentication.
- Google Gemini API — AI transformation of the code you submit for analysis.
- Resend — transactional email (access approvals/notifications).
We add no advertising or analytics trackers that sell your data.
Security controls
Server-side auth on all mutating routes, admin gating with an allowlist, multi-layer SSRF defense on S/4HANA connections, a strict Content-Security-Policy, DOMPurify sanitization, and server-side quota/rate limiting. Supply-chain hygiene (secret scanning, dependency audit, SBOM) runs in CI. Full detail in how it works and the project's SECURITY documentation.
Your rights — including erasure
You can export your evidence at any time. Under GDPR Art. 17 you can delete your account from Settings; a server-side cascade permanently removes your profile, projects, analysis runs, uploads, encrypted S/4HANA and BYOK credentials, and MFA data. The completeness of this deletion is enforced by an automated test on every build. Residual copies in encrypted backups age out within 30 days.
Operational transparency
A public /api/health probe reports liveness. We keep a documented data-retention registry and an incident-response playbook, including the GDPR 72-hour breach-notification obligation.
Questions about data handling? Reach us via the in-app support form. This page is transparency, not a contract; enterprise procurement documents are available on request.