Clearvo stores all invoice data in the EU, encrypts everything at rest and in transit, and is fully GDPR compliant. Here is exactly what we do — no vague claims.
These are the actual controls in place — not marketing assertions. If you need more detail for a vendor assessment, email security@clearvo.io.
All traffic between your systems and Clearvo is encrypted using TLS 1.2 or higher. Older protocols are disabled. Connections that do not meet the minimum are rejected.
Invoice data, customer records, and credentials are encrypted at rest using AES-256. Database encryption is handled at the storage layer — encrypted before it touches disk.
All data is stored in Azure West Europe (Netherlands region). No invoice data is replicated outside the EU. Our infrastructure runs entirely within the European Economic Area.
Clearvo acts as a data processor under GDPR. A Data Processing Agreement (DPA) is available on request for Growth and Enterprise plan customers — see pricing plans for details. We do not sell or share personal data.
Invoice records are retained for 7 years, in line with the EU VAT Directive requirement. You can export your full invoice archive at any time from your Clearvo dashboard.
We are working toward SOC 2 Type II certification. In the meantime, we are happy to complete security questionnaires and provide our current controls documentation for enterprise evaluations.
We chose Azure West Europe as our sole cloud region deliberately. Every invoice submitted through Clearvo — including the raw payload, the authority response, and any linked attachments — is stored in the Netherlands (Azure West Europe).
We do not use US-based services that would transfer data outside the EU. Our database, blob storage, and message queues are all provisioned in West Europe.
Clearvo is a certified Peppol Access Point, which means we have passed the formal compliance testing required to connect to the Peppol network and route invoices between buyers and suppliers in any participating country.
Peppol certification is not self-assessed — it is granted by OpenPeppol after an independent testbed evaluation. Our Access Point ID is publicly registered in the Peppol SMP directory.
EU VAT rules require businesses to retain invoice records for a minimum of 7 years (10 years in some member states). Clearvo automatically retains all submitted invoice data for 7 years from the invoice date, at no additional cost.
This includes the original invoice payload, the authority clearance response (where applicable), any rejection notices, and the full submission audit trail. You can search and export this data at any time from your dashboard.
If your jurisdiction requires a longer retention period, contact us — we can configure extended retention for Enterprise plan customers.
If you have a specific security question, need us to complete a vendor questionnaire, or want to request a copy of our controls documentation, email our security team directly.
We aim to respond to security questionnaires within 2 business days.
Email security@clearvo.io →Sign up and have your first invoice submitted in minutes. No credit card required.
Start for free →