Trust & Privacy
How we protect your data, what we'll never do with it, and the architecture that keeps minors safe across every surface of the app.
We never sell your data. No advertising profiles. No third-party trackers. Your trip details stay between you and the people you invite.
Layered minor protections: hard age floors, default-deny cross-workspace data flow, audit-logged consent grants, and silent enforcement that never advertises adult features to minors.
EU-US, UK Extension, and Swiss-US Data Privacy Framework self-certification in progress. COPPA-aligned design. NDPA template signing available on request for school districts.
Every consent grant, content-tier change, and minor-protection action is recorded in immutable audit logs. Schools and guardians can see exactly what was shared, with whom, and when.
What we'll never do
- We never sell personal data. Not your email, not your trip history, not your Kit inventory. Period.
- We never use your data for advertising. No retargeting, no profile-building for ad platforms, no third-party advertising cookies.
- We never share dietary, medical, or health information without your explicit per-item consent. Even within the same trip, sensitive fields stay private until you opt them in.
- We never auto-share data with anyone you didn't invite. Trip data is visible only to people on the trip; organization data is visible only to verified org Packers.
- We never store payment card numbers. All payment processing is handled directly by Stripe (PCI-DSS Level 1 certified).
- We never train AI models on your private data for use by other users. AI inference uses your data to generate your Packlist β not to improve general models.
How we keep minors safe
Children's safety isn't a feature flag we toggle on for school customers β it's the foundation we built the platform on. Every surface in the app respects layered protections that activate automatically:
Hard floors
Age < 18, missing date of birth, an explicit minor flag set by a school administrator, or an organization-wide minor-safety mode will each independently force adult-content suppression β no path unlocks them. These checks run before any tier-promotion logic.
Anti-beacon design
The system never advertisesthe existence of adult content to a curious minor. Hidden categories produce no βlockedβ placeholder, no βshow moreβ affordance, and no error message that reveals what was blocked. A curious minor probing for adult features finds nothing to latch onto.
Default-deny cross-workspace data flow
When PackCleared is used by a school, district, or youth organization, every cross-workspace read of minor user data is gated by a per-workspace consent record specifying who consented (parent, guardian, foster, district-attested, or self-thirteen-plus), which fields they authorized, and the language of the consent prompt at granting. Absence of a consent record is treated as a denial. Every grant, modification, and revocation is logged in an immutable audit log accessible to the consenting party at any time and to the user upon reaching adulthood.
Silent enforcement
Adult-content suppression for minors is invisible β no banner announcing βyou're a minor so we're hiding things.β The same principle applies if vendor age verification reveals a mismatch between declared and actual age: protections engage silently, internal flags raise for human review, and the user receives no feedback that could help them attempt to circumvent the protection on a future account.
Compliance & certifications
Data Privacy Framework (DPF)
Self-certification under the EU-US Data Privacy Framework (including the UK Extension to the EU-US DPF) and the Swiss-US Data Privacy Framework is currently pending review by the U.S. Department of Commerce. Once approved, EU, UK, and Swiss users will have a recognized adequacy mechanism for data transfers to PackCleared in the United States.
Children's privacy (COPPA)
Our consumer service is not directed to children under 13. When schools or youth organizations use PackCleared, the participating organization is responsible for obtaining appropriate parental or guardian consent under COPPA and applicable state student-data privacy laws. Our minor-safety architecture (above) provides the enforcement layer.
Student Data Privacy Consortium (SDPC) / NDPA
PackCleared is prepared to sign the SDPC National Data Privacy Agreement (NDPA) standard template and any state-specific exhibits upon request from a procuring district. Reach out via contactand we'll turn around the signed agreement promptly.
Payment security (PCI)
All payment processing is handled by Stripe, Inc. (PCI-DSS Level 1 certified). We never see, store, or transmit raw payment card numbers, security codes, or full card details.
HIPAA-readiness for medical fields
PackCleared's optional medication and health-context features collect data that may be considered Protected Health Information (PHI) in some contexts. Our infrastructure providers (Vercel, Neon) operate under Business Associate Agreements compatible with HIPAA. We do not currently offer a signed BAA to consumer users; for organizations needing one as part of procurement, contact us.
What's coming next
We're actively working toward additional certifications including Common Sense Privacy evaluation (school-procurement signal), iKeepSafe COPPA Safe Harbor, and SOC 2 Type II as we scale. This page will be updated with concrete certification numbers and dates as each program completes.
How we secure your data
- Encryption in transit β TLS 1.2+ on all connections.
- Encryption at rest β database and blob storage encrypted at the storage layer.
- Role-based access control β five layered permission tiers (Super Admin, Workspace Role, Trip Role, Entitlement, Policy).
- Audit logging β sensitive operations (consent grants, minor-protection changes, admin actions) recorded with timestamp and actor.
- Secret management β credentials stored in environment-managed secret stores; never committed to source control.
- Dependency review β automated security scanning on every deploy.
- Multi-factor authentication β supported via Clerk for all user accounts.
Sub-processors
We rely on a small set of carefully selected service providers, each bound by written data-processing agreements:
| Provider | Purpose | Region |
|---|---|---|
| Vercel, Inc. | Application hosting + edge network | USA |
| Neon, Inc. | Managed Postgres database | USA |
| Clerk, Inc. | Authentication + identity | USA |
| Stripe, Inc. | Payments + identity verification | USA |
| Resend | Transactional email | USA / EU |
| Anthropic, PBC | AI inference (packing recommendations) | USA |
| Pexels | Destination imagery search | Germany |
| Google Maps Platform | Geocoding + mapping | USA |
| Upstash, Inc. | Rate limiting + caching | USA |
Your rights
You can request access to, correction of, or deletion of your personal data at any time. Visit contact to make a request. Full details on user rights and how to exercise them are in our privacy policy.
Questions?
Privacy, security, school procurement, or compliance questions: packcleared.com/contact.