What protects claimant data.
The architecture below is contractual under our design-partner agreements. SOC 2 Type 1 audit in progress; Type 2 follows.
HIPAA-architectedSOC 2 Type 1 in progressBAA available on request
HIPAA architecture
Architected to be HIPAA-compliant before customer one. BAA executed with every tenant under whose contract PHI flows. TLS 1.3 in transit, AES-256 at rest, per-tenant encryption keys for the most sensitive surfaces.
Per-tenant isolation
Every tenant-scoped table carries firm_id. Row-level security enforces that no firm can read another's data, ever. Service-role keys are reserved for legitimate cross-tenant background jobs and audited.
Audit logging
Immutable, timestamped, append-only audit trail of every PHI-access event. Available on request to the customer's compliance officer.
Subprocessor disclosure
Current subprocessors disclosed in the BAA addendum. 30-day advance notice on any subprocessor change so your compliance team can evaluate before data flows.
Reporting a vulnerability
Report security issues directly to security@claimpros.ai. We acknowledge within one business day and aim to resolve critical issues within 72 hours.
For your compliance officer
Need the BAA, the SOC 2 update, or the subprocessor list?
Email hello@claimpros.ai with the firm name and we’ll route the documents within one business day.