Free tools run in your browser
The free file check processes your file entirely on your machine — there is no upload. The only external request is for map tiles when your plots render. The full privacy model is documented.
Compliance data is evidence — it has to survive an audit years after it was written, and it has to be erasable when the law says so. Both properties are built into the architecture, not bolted on. This page states plainly how your data is handled.
The free file check processes your file entirely on your machine — there is no upload. The only external request is for map tiles when your plots render. The full privacy model is documented.
Data is processed and stored in EU regions. EU-region hosting is an architectural rule of the platform, not a deployment preference.
Personal fields — producer names, plot geometry — are encrypted with a key per data subject from the first database migration. A GDPR erasure request is honoured by destroying that key: the ciphertext everywhere, including history, becomes unreadable.
Every compliance-relevant change — a fact, a repair, a verdict, a filing, a consent — is written to an append-only event ledger in the same transaction as the change itself. Records are corrected by new entries, never rewritten.
Every compliance verdict comes from versioned, cited rules run by a deterministic engine: the same input and the same rule-pack version produce the same answer, today and in front of an authority years later.
AI reads messy files and explains rules in plain language. It never validates, never repairs, never decides — the deterministic engine does. A verdict you cannot reproduce is not a verdict.
Every tenant's data is isolated by row-level security enforced in the database itself, not just in application code — the database refuses cross-tenant reads even if a query forgets to filter. Data crosses a tenant boundary only through an explicit, recorded consent grant.
Supply-chain files carry personal data: a producer's name and the geometry of their land identify a person. Those fields are envelope-encrypted per data subject before they touch storage. The append-only ledger stores ciphertext, so the audit trail and the right to erasure stop conflicting — history survives, the person's data does not have to.
The free tools sidestep the question entirely: a file checked in the browser is never in our possession to begin with.
Security questions, data-protection requests, or something you believe we should know about — write to hello@clearlane.eu. Reports are read by the people who build the system.