Security at PureClaim

Last Updated: March 7, 2025

At PureClaim, Inc., protecting your data is our highest priority. We safeguard the confidentiality, integrity, and availability of your information through layered technical, administrative, and physical controls that meet or exceed industry standards. Below is an overview of our security framework and our ongoing commitment to keeping your information safe across web and mobile platforms.

Our Security Measures

Data Encryption

All sensitive data—personal, financial, and health-related—is encrypted in transit using HTTPS/TLS 1.2+ and at rest within our databases and cloud storage. Encryption keys are rotated and managed securely through our cloud provider's Key Management Service (KMS).

Access Controls and Authentication

Access to user data is restricted to authorized personnel under role-based access control (RBAC).
Multi-factor authentication (MFA) is required for all administrative systems.
Principle of least privilege is enforced across infrastructure, databases, and internal dashboards.
Access logs are maintained, reviewed, and retained for auditing.

Secure Mobile and Application Development

The PureClaim mobile app follows OWASP Mobile Security and OWASP Top 10 guidelines.
All API communication is protected via HTTPS with certificate pinning.
Mobile data stored locally (for offline use) is sandboxed and encrypted.
No health or billing data is written to device caches or shared storage.

Cloud Infrastructure Security

Our infrastructure is hosted on a HIPAA-compliant cloud platform with:

Network segmentation and firewalls,
Intrusion detection and prevention systems,
Continuous vulnerability management, and
Encrypted backups stored in geographically redundant regions.

Continuous Monitoring and Incident Response

We continuously monitor servers, databases, and application logs using automated alerting tools.

If a security event is detected:

The incident-response team is notified immediately.
The event is contained, investigated, and remediated.
Affected systems are reviewed for further hardening.

If any breach involves unsecured Protected Health Information (PHI), PureClaim will notify impacted individuals and regulators in accordance with HIPAA and state-specific breach-notification laws.

Regular Security Assessments

Internal security audits and penetration tests are conducted periodically.
Independent third-party vulnerability scans are scheduled at least annually.
Findings are tracked, prioritized by risk, and remediated promptly.

Artificial Intelligence and Data Handling

When PureClaim uses AI systems to analyze billing data:

Models are trained only on de-identified or synthetic data.
PHI is never used for model training or shared with external AI providers.
All AI workflows run within PureClaim's secure, access-controlled environment.

Mobile-Specific Protections

Permissions: The App only requests permissions (camera, photos, documents) required to upload bills or insurance cards.
Session Security: Tokens are stored in encrypted mobile keychains and automatically expire after inactivity.
Biometric Login: Optional biometric or device-PIN authentication adds an extra layer of protection.
Push Notifications: Contain no sensitive or health information.

Employee Training and Awareness

All PureClaim employees and contractors complete background checks and annual security and HIPAA training. Security awareness campaigns reinforce phishing prevention, data-handling policies, and incident-reporting procedures.

Our Commitment to Security

We continuously enhance our security architecture through monitoring, automation, and third-party review. Our goal is to stay ahead of emerging threats while maintaining the transparency and trust that users expect.

Contact Us

If you have any questions or concerns about our security practices, please contact our security team:

Email: security@pureclaim.com

Mailing Address:
PureClaim, Inc. – Security Team
1234 Main Street
Rochester Hills, MI 48307
United States