Security & Compliance

Security at ClaimBuddy.

A complete view of how we protect carrier data, claims documents, and PHI.

Compliance and audits

SOC 2 Type II in progress. HIPAA Business Associate Agreement available. Annual third-party penetration testing.

AES-256 encryption at rest. TLS 1.3 in transit. Customer-managed encryption keys available on request.

SSO via SAML 2.0 and OIDC. SCIM provisioning. Role-based access control with audit logging on every action.

Hosted on AWS US-East and US-West. Single-tenant deployments available. VPC peering supported.

No customer data used to train foundation models. All model providers accessed under zero-data-retention enterprise agreements.

24-hour breach notification commitment. Documented runbook. Customer-facing post-mortems within five business days.

Listed publicly with 30-day advance notice on any change.

For a security questionnaire response, SOC 2 report, or to request our subprocessor list, email security@claimbuddy.ai.