Claimory protects shop and customer data with TLS 1.2 or higher, AES-256 at rest, workspace-isolated Postgres row-level security, daily backups via our infrastructure provider, and 72-hour incident-notification target. SOC 2 Type II readiness review is planned. Our controls are modeled after the SOC 2 trust services criteria.
All traffic uses TLS 1.2 or higher with HSTS preload. Data at rest is AES-256 encrypted. Every workspace is isolated by Postgres row-level security on every table, so one shop cannot read another shop's claims, customers, or financials.
Email and password authentication with bcrypt hashing and HTTP-only Secure session cookies. Role-based permissions cover Owner, Manager, Estimator, Technician, and Front Desk. Two-factor authentication is on our near-term roadmap.
Daily automated backups via our infrastructure provider. Incident-notification target of 72 hours. Audit log on every sensitive action: claim creation, supplement submission, customer access, role change, secrets change, integration connect, and disconnect.
Data is stored in Supabase-managed Postgres in the United States. Backups are stored in the same region with managed backups retained per the provider's window.
Not yet. SOC 2 Type II readiness review is planned. Our current controls (encryption, access review, audit logging, incident response) are modeled after the SOC 2 trust services criteria so we can pass audit when we engage one.