Security & Compliance

Built for the trust requirements of the insurance industry.

A claim packet contains claimant SSNs, health records, and financial details. Claimloom processes that data to run its checks — and stops there. We do not store claim content, we do not retain PII, and we are not a claims record system.

How claim data moves through Claimloom

Four architectural decisions that define how we handle the most sensitive documents your operation produces.

TLS 1.3 data-in-transit encryption
Claim packets are encrypted end-to-end from submission through check processing. All API endpoints and email ingestion paths enforce TLS 1.3 minimum. Connections below this standard are rejected.
Data minimization by design
Claimloom reads claim packets to check; it does not store claim content beyond the active processing window. The check engine extracts the fields it needs, runs the rules, and discards the source documents.
No PII retention after check completion
Claimant names, Social Security Numbers, health data, and other personal identifiers present in claim documents are not persisted after check completion. Only the structured check result — PASS/FLAG/MISSING per check category — is retained and delivered.
Tamper-resistant audit trail
Every check run is logged with a timestamped, tamper-resistant record: claim ID, check run time, check results, delivery confirmation. This log is available for regulatory review and available in the Enterprise tier as an exportable audit log.

On compliance framing: Claimloom is designed with SOC 2 controls in mind and our architecture reflects data-minimization principles consistent with HIPAA's minimum necessary standard. We have not undergone formal SOC 2 Type II certification at this stage. We do not claim HIPAA-covered entity or business associate certification. Carriers and TPAs with specific compliance evaluation requirements should contact us — we share controls documentation during vendor assessments.

Where claim data lives — and where it doesn't.

The claim packet flows in one direction through Claimloom. Structured check results flow out. Raw documents and claimant PII are discarded at the end of the processing window.

Carrier System or TPA / Adjuster TLS 1.3 Claimloom Engine 40+ checks Processing only No PII stored PII Data Not retained Flag Summary Results only Adjuster Queue Structured check results flow forward. Raw claim documents and PII are discarded after processing.

Questions about our security posture?

We share controls documentation and data-handling architecture details with carriers and TPAs during vendor evaluation. Contact us to start the conversation — we respond within one business day.

Contact Us Privacy Policy