Claimory protects shop and customer data with TLS 1.2 or higher, AES-256 at rest, workspace-isolated Postgres row-level security, daily backups with 7-day point-in-time recovery, and 72-hour incident notification. SOC 2 Type II readiness review is planned. Our controls are modeled after the SOC 2 trust services criteria.
All traffic uses TLS 1.2 or higher with HSTS preload. Data at rest is AES-256 encrypted. Every workspace is isolated by Postgres row-level security on every table, so one shop cannot read another shop's claims, customers, or financials.
Email and password authentication with bcrypt hashing and HTTP-only Secure session cookies. Role-based permissions cover Owner, Manager, Estimator, Technician, and Front Desk. Two-factor authentication is available on every account.
Daily automated backups with 7-day point-in-time recovery. Incident notification within 72 hours. Audit log on every sensitive action: claim creation, supplement submission, customer access, role change, secrets change, integration connect, and disconnect.
Data is stored in Supabase-managed Postgres in the United States. Backups are stored in the same region with point-in-time recovery for 7 days.
Not yet. SOC 2 Type II readiness review is planned. Our current controls (encryption, access review, audit logging, incident response) are modeled after the SOC 2 trust services criteria so we can pass audit when we engage one.