Row-level security enforced at the database level on every query, not just in the application layer. Four roles: Owner, Manager, Estimator, and Technician. Complete audit logging of every create, update, and delete action. Workspace isolation so multi-location shops have full data separation between locations. Encrypted storage at rest and in transit.
Owner: full access to all features, settings, billing, and user management. Manager: day-to-day operational access, financial data, reports, and team assignment. Estimator: claim and estimate management, carrier and customer communication, customer QR portal generation. Technician: assigned tasks only, claim context relevant to the job, labor hours logging, no financial data. Role permissions are enforced at the database level on every query so a technician cannot access financial data even by manipulating the URL.
Every operations table, every claim record, every financial entry, and every customer record is workspace-scoped and protected by row-level security. A team member at Location A cannot see Location B's data even if they have the same role. Multi-location owners see data per shop; the reporting layer is what aggregates across shops. Customer A on State Farm cannot see Customer B on GEICO, even by accident. Tenant isolation is enforced in the database, not the app layer.
Authentication uses industry-standard password hashing and session management. Repeated failed login attempts trigger alerts so the owner can respond to potential unauthorized access attempts. All data is encrypted at rest and in transit using standard encryption protocols. Customer portal QR tokens carry a TTL so a forwarded link does not become a permanent access leak. PII never crosses shop boundaries. Mobile and desktop sessions are synchronized and can be revoked instantly.
Role-based access is enforced at the database level with row-level security policies. When a team member is invited, the admin assigns a role: Owner, Manager, Estimator, or Technician. Each role has defined permissions controlling what data they can view, create, edit, or delete. Policies apply to every database query. Even if someone bypasses the UI, they cannot access data their role does not permit.
Yes. Claimory keeps a full audit log of sensitive actions: claim creation, supplement submission, role changes, integration connect and disconnect, and customer portal access. Every entry records user ID, timestamp, and what changed. The audit trail is retained for the life of the account and is searchable in-app.
Role-based security is included on every Claimory plan starting at $49 per month. Row-level database security, complete audit logging, workspace isolation, and encrypted storage ship on every tier. Advanced role permissions unlock on Elite at $349 per month.