Security-First

Claimable® is claims management software built with a security-first mindset. We implement security-by-design principles across our platform and operations, maintain SOC 2 Type I audited controls, comply with GDPR requirements and follow operational practices aligned with industry-leading privacy standards and HIPAA security recommendations.

Below is a summary of how we maintain high-standard security controls.

Infrastructure

  • Cloud Infrastructure

    Claimable is hosted on enterprise-grade cloud infrastructure providers with built-in physical and environmental security controls.

  • Environment Segregation

    Production, staging, and development environments are logically separated.

  • Network Security

    • Firewalls and network access controls
    • Principle of least privilege
    • Restricted production access
    • Logging and monitoring of infrastructure access

  • Availability & Reliability

    • Infrastructure redundancy
    • Automated monitoring and alerting
    • Secure deployment workflows
    • Regular maintenance and updates

Access Control

  • Access Management

    Claimable follows least-privilege access principles across internal systems and production infrastructure.

  • Multi-Factor Authentication

    Multi-factor authentication is enforced for internal administrative access.

  • Employee Security Practices

    • Security awareness training
    • Device security requirements
    • Access reviews
    • Joiner / mover / leaver processes

  • Password Security

    Passwords are securely hashed and never stored in plaintext.

Data Protection & Encryption

  • Encryption in Transit

    All data transmitted between users and Claimable services is encrypted using TLS.

  • Encryption at Rest

    Sensitive data is encrypted at rest using industry-standard encryption mechanisms.

  • Data Access Controls

    Access to customer data is restricted to authorised personnel with legitimate business needs.

  • Data Minimisation

    Claimable limits data collection and retention to what is necessary for service delivery and operational requirements.

  • Secure Data Handling

    • Access logging
    • Role-based access controls
    • Internal security policies
    • Employee confidentiality obligations

Trust & Compliance

  • SOC 2 Aligned Security Program

    Our security controls and operational processes are designed in accordance with SOC 2 security principles and best practices.

  • GDPR Compliance

    Claimable complies with GDPR requirements and applies privacy-by-design principles across our platform and operations.

  • HIPAA-Aligned Practices

    We apply security controls aligned with HIPAA security recommendations to support the protection of sensitive health-related information.

  • Security by Design

    Security best practices are integrated throughout our product development lifecycle, infrastructure, and operational processes.

Incident Response

  • Continuous Monitoring

    Claimable maintains logging and monitoring systems to detect suspicious activity, operational issues, and security events.

  • Incident Response

    We maintain documented incident response procedures designed to:
    • Detect and assess incidents quickly
    • Contain and remediate issues
    • Communicate appropriately with affected customers
    • Conduct post-incident reviews

  • Vulnerability Management

    Security vulnerabilities are prioritised and remediated according to risk and severity.

Business Continuity & Backups

  • Backup Procedures

    Critical systems and data are backed up regularly.

  • Recovery Planning

    Claimable maintains recovery procedures designed to support operational resilience and service continuity.

  • Operational Resilience

    We regularly review infrastructure, operational dependencies, and risks to support platform reliability, including annual testing of business continuity plans.

Secure Development Practices

  • Secure SDLC

    Security is integrated into the software development lifecycle.

  • Code Review

    Changes to production systems undergo peer review prior to deployment.

  • Dependency Management

    Dependencies and third-party libraries are regularly reviewed and updated.

  • Change Management

    Production changes follow controlled deployment and review processes.

  • Testing

    • Automated testing
    • Security reviews
    • Monitoring after deployment

Other Resources

Privacy Policy

How Claimable collects, uses and protects your personal information.

Security Code of Conduct

Our commitment to maintaining the highest security and privacy standards.

Terms of Service

The terms and conditions governing your use of Claimable.

Data Processing Addendum

Our Data Processing Addendum outlining how we process and protect customer data in compliance with GDPR.

Claimable Status Page

Real-time information about system uptime, incidents and planned maintenance.

Frequently Asked Questions

Do you encrypt customer data?

Yes. All data transmitted between users and Claimable services is encrypted using TLS. Sensitive data is also encrypted at rest using industry-standard encryption mechanisms.

Who owns my data?

You do. Your data is safely stored in our platform, but you retain full ownership of it at all times.

How can I find your recent incidents and uptime?

You can view our current system status and recent incidents on our Status Page. We also maintain a proven uptime of 99.99% and notify customers in advance of any planned maintenance.

Are you a data processor or a data controller?

Claimable acts as a data processor for Customer Data. The customer is the data controller of Customer Data, and we process your claims data on your behalf.

How do you handle data breaches?

In the event of a security incident, we follow documented incident response procedures designed to detect and assess incidents quickly, contain and remediate issues, communicate appropriately with affected customers, and conduct post-incident reviews. We will notify affected customers without undue delay where a data breach is likely to result in a risk to their rights.

What happens to my data if I cancel my subscription?

You retain full ownership of your data at all times. Upon cancellation, you can export your data manually or we can provide you with a copy of your data upon request. Your data will be then securely deleted from our systems in accordance with our data retention and deletion policies.