ClaimScale Privacy & Data Security Policy

Last Modified: [12/1/2025]

ClaimScale provides claims estimate writing and quality assurance services for insurance carriers and independent adjusting firms. We operate as a data processor—you send us inspection data, we return settlement-ready estimates. This policy explains how we handle information throughout that process.

The Data We Handle

ClaimScale's scope is narrow by design. We receive inspection photos, field measurements, and scope notes. We produce Xactimate estimates documenting property damage. That's it.

    We do not receive or process:

  • Policyholder names, addresses, or contact information
  • Social security numbers or dates of birth
  • Financial records, bank accounts, or payment information
  • Medical information or injury details
  • Any data that identifies the person behind the claim

Our work describes damaged roofs, siding, and interiors. Not the people who own them. This limited scope reduces risk for everyone involved.

Your Data, Your Ownership

You retain full ownership of everything you submit and everything we produce on your behalf. ClaimScale does not claim rights to your claim files, inspection materials, or completed estimates. We process data solely to deliver contracted services, then return the finished product for your approval and use.

Security Infrastructure

SOC-2 Type I Certified
Our controls have been independently audited. Certification documentation is available to clients upon request.

US-Based Hosting
All data resides on AWS infrastructure located in the United States. Data is never transferred, stored, or processed outside the US.

Encryption
Industry-standard encryption protects data in transit and at rest.

Access Controls
Role-based permissions ensure only personnel required for service delivery can access client data. Every user has unique credentials. Access is logged.

No Outside Vendors
All ClaimScale operations are internal. We do not use third-party subprocessors or external contractors to handle your claim data.

What We Collect From Platform Users

    When authorized users access our systems, we collect:

  • Account information (name, email, company, phone) provided during setup
  • Login activity, IP addresses, and browser information for security monitoring
  • Platform usage data to maintain service quality

This operational data helps us secure accounts, troubleshoot issues, and improve the platform.

What We Will Never Do

Sell your data. Under no circumstances do we sell, rent, or trade client information.

Share externally. Your claim data stays between us. We don't share it with third parties, partners, or affiliates.

Repurpose for development. We don't use your data to train models, build new products, or benefit other customers.

Hold data hostage. There are no data locks. Your information is accessible to you and deletable on your timeline.

Data Retention

We retain data only as long as needed to deliver services and meet contractual obligations. Specific retention periods are determined by your agreement with us. When the engagement ends or you request deletion, data is purged according to agreed timelines.

We may retain minimal records where required by law or to resolve disputes, but claim files themselves are removed per your direction.

When We May Disclose Information

    Disclosure happens only in limited circumstances:

  • Service delivery. Completed estimates return to you, the contracting client.

  • Legal obligation. Valid court orders, subpoenas, or legal process may require disclosure.

  • Business transition. If ClaimScale is acquired or merged, data transfers to the successor under equivalent protections. We would notify affected clients in advance.

Platform Security Practices

    Beyond infrastructure, we maintain operational security through:

  • Background screening for personnel with data access
  • Security awareness training for all team members
  • Regular vulnerability assessments and remediation.
  • Incident response procedures tested and ready
  • Session timeouts and automatic logoff controls
  • Audit trails for accountability
Your Responsibilities

    Security is shared. We protect data on our end. You protect access on yours.

  • Use strong, unique passwords for platform accounts
  • Limit credentials to personnel who need access
  • Report suspected unauthorized access immediately
  • Secure any data you download to local systems
Incident Response

If we identify a security incident affecting client data, we act immediately to contain and investigate. Affected clients are notified promptly with details on scope, impact, and remediation steps. We coordinate directly with your team throughout resolution.

External Links

Our platform may link to third-party websites or services. We are not responsible for their privacy practices. Review their policies independently.

Children

ClaimScale services are for business use by insurance professionals. We do not knowingly collect information from anyone under 13. If we learn such data exists in our systems, we delete it immediately.

Policy Updates

We may revise this policy as practices or requirements evolve. Changes are posted here with an updated modification date. Continued use of services after updates constitutes acceptance.

Contact

This structure leads with ClaimScale's differentiator (limited data scope), consolidates security into fewer sections, and uses a more direct voice throughout. Different bones than ProfileGorilla while covering equivalent ground.

Want me to adjust anything or create a designer brief from this?