How We Isolate Every Client Instance (Without Shared Resources)

Most "secure" hosting providers claim privacy while secretly sharing databases, CPU cycles, and network paths among dozens of clients. If one client is compromised, the others are at risk. At Clear Practise, we don't just promise privacy—we engineer it.

The Problem with "Shared" Hosting

In traditional shared hosting environments, multiple clients reside on the same operating system process space. Even with "schema separation" in databases, the boundary is purely software-based. A vulnerability in one site's code can lead to a "container escape" or database cross-talk, potentially exposing sensitive patient or client data.

For mental health professionals, journalists, and legal experts, this is unacceptable. Your data deserves more than a software promise; it needs a hardware-enforced boundary.

The Clear Practise Solution: Sovereign Container Isolation

We have architected a Multi-Tenant Container Platform where every client gets their own sovereign universe:

• Dedicated Container: Your application runs in a hardened Docker container with --cap-drop=ALL (no root privileges) and strict AppArmor profiles. You cannot access the host, and the host cannot access your private data without authorization.
• Private Databases: Every client receives a dedicated PostgreSQL database instance. Your data is physically separated from Client B's data. There are no shared schemas.
• Network Air-Gap: We utilize Docker User-Defined Networks. Your container exists in a network where no other client exists. It is a true air-gap. Client A cannot ping, scan, or connect to Client B.
• Multi-Layer Defense: Your traffic passes through our proprietary Proxy Chain (Nginx → HAProxy → Rust → Privoxy → Squid → Dante), ensuring no single point of failure and maximum obfuscation.

Transparency & Scalability

Currently, our first 15 clients share the same physical server infrastructure. However, thanks to our containerization, they do not share resources. Client A cannot see Client B's memory, CPU, or disk. As we scale, we will migrate to dedicated physical servers, but the isolation guarantees remain identical.

Why This Matters for Your Practice

When you host with Clear Practise, you aren't just renting space; you are deploying a sovereign instance. This architecture is the perfect foundation for a privacy-first workflow:

• Secure Communication: Pair your isolated instance with Proton Mail for end-to-end encrypted client correspondence.
• Private Storage: Store sensitive session notes in Proton Drive, ensuring your data is encrypted before it ever leaves your device.
• Identity Protection: Use Proton Pass to manage credentials for your practice without risking a breach.