Security at Chasely
Chasely handles sensitive client documents, so we treat security as part of the product — not an afterthought. Here’s exactly how your data is protected.
Last updated July 2026
- ✓Encrypted in transit (TLS) and at rest (AES-256)
- ✓Documents stored privately — no public links, ever
- ✓Download links expire in minutes and force a download
- ✓Each firm’s data is isolated at the database level
- ✓No client logins — nothing for your clients to have breached
- ✓We never see or store your payment card details
Encryption
All traffic between you, your clients, and Chasely is encrypted in transit using TLS/HTTPS. Your data and uploaded files are encrypted at rest with AES-256.
Access & data isolation
- Private storage. Uploaded documents live in a private store — there are no permanent, public URLs to your files.
- Short-lived download links. When you download a file, we generate a link that expires within minutes and forces the file to download rather than open in the browser.
- Expiring upload links. The links you send clients expire automatically.
- Row-level isolation. Every firm’s data is separated at the database level, so one account can never access another’s.
- No client accounts. Your clients upload without creating a login — fewer passwords in existence means less to phish or leak.
Safe uploads
We accept only common document types (PDF, Word, Excel, CSV, images, ZIP) up to a size limit, enforced at both the application and storage layers.
Your data & deletion
Your data is yours. We do not sell your data or your clients’ data to anyone.
You can permanently delete your account at any time from Settings → Account. When you do, we remove your account, all of your requests and clients, and every uploaded file from storage.
Infrastructure & sub-processors
Chasely is built on established, security-audited providers:
- Supabase (SOC 2 Type II) — database, authentication, and file storage
- Vercel (SOC 2 Type II) — application hosting
- Resend — transactional email delivery
- Dodo Payments (PCI DSS) — billing; card details are handled entirely by the processor and never touch Chasely
Compliance
Chasely runs on SOC 2 Type II–certified infrastructure (Supabase and Vercel), and we are working toward our own SOC 2 report as we grow. We’re built to support GDPR obligations — a Data Processing Agreement (DPA) is available on request.
Reporting a vulnerability
If you believe you’ve found a security issue, please email hello@chasely.co with “Security” in the subject. We’ll acknowledge your report, investigate promptly, and keep you updated. Please give us a reasonable chance to fix the issue before any public disclosure.
Questions
For anything else about how we protect your data, reach us at hello@chasely.co.