Security

How we handle your data.

Claim data is protected health information. Here is exactly how we treat it, written in plain language, because if a vendor makes you dig for this page, that tells you something too.

What we store

Claim-level operational records: claim numbers, patient account numbers, dates of service, procedure and diagnosis codes, payer and provider identity, and financial amounts. That is what recovery and prediction require.

We do not request or store clinical notes for recovery work, and documentation review products never send note text to any AI model. Only aggregate findings are processed.

Where it lives

Client data is processed and stored in a dedicated, access-controlled environment with encryption in transit and at rest.

No client data enters our systems before a business associate agreement is executed and production controls are verified. That sequencing is deliberate. We would rather delay a start date than shortcut a control.

Who can see it

Access is limited to the people working your claims, under authentication and audit logging.

Client portals are view-only and protected by cryptographically random tokens. There are no download endpoints on shared views.

How the AI is supervised

Prediction and drafting run inside our environment against your data only. Nothing generated by the system reaches a payer without human review and approval.

Every automated action is logged with its reasons, and anything ambiguous routes to human review rather than a guess. Payments post to your ledger only on an exact, single-claim match, with the source remittance stored as proof.

Agreements

We execute a business associate agreement before onboarding. Our hosting and infrastructure providers operate under BAAs as well.

If your organization has a security questionnaire, send it. Returning it quickly is something we take pride in.

Questions

Write to us through the contact page and ask anything on this topic. The founder answers these personally.