XactaClaim | AI-Assisted Claims Workspace for Adjusters

1. Commitment to Security

At XactaClaim, we treat the security of your data—and the data of your clients—with the utmost seriousness. Our infrastructure is built upon enterprise-grade cloud providers utilizing modern security practices.

2. Data Encryption

All data processed by XactaClaim is encrypted both in transit and at rest:

In Transit: All communications between your browser and our servers, as well as between our servers and our third-party sub-processors, are encrypted using TLS 1.2 or higher.
At Rest: Databases, document storage, and backups are encrypted at rest using industry-standard encryption managed by Google Cloud Platform.

3. Access Controls: Staff and Client Portal

Staff users authenticate through Firebase Auth with role-based workspace access. Client portal access is PIN-based on a specific claim file and does not use staff Firebase accounts.

Portal sessions may use browser session storage for convenience, expire after approximately twelve (12) hours, and are re-verified with our servers before claim data is shown. Clients and workspace users should not share portal PINs, phone access codes, or portal links broadly.

Claim data is scoped to agency workspaces and claim records according to application access rules. Users should protect staff credentials and portal access details on their devices.

4. Artificial Intelligence (AI) Data Constraints

We utilize configured AI service providers such as Google Gemini to process claim documents, transcribe audio when enabled, and generate assistive summaries. We enforce strict data handling constraints on these AI services:

Zero Retention for Training: We utilize enterprise API endpoints for configured AI providers (such as Google Gemini). Under these agreements, your data is NOT used to train their foundational models.
Ephemeral Processing: When documents or transcripts are passed to AI for analysis, the data is processed to generate a response and handled according to provider retention constraints.
Human Verification Required: AI outputs are assistive only. Users must review and verify AI-generated content before relying on it.

5. Shared Responsibility Model

Security is a shared responsibility between XactaClaim and you, the user. While we secure the infrastructure, you must secure your access:

We are not liable for unauthorized access resulting from compromised user credentials, shared passwords, shared portal PINs or access codes, phished accounts, or unsecured devices on your end. You are strictly responsible for maintaining the confidentiality of your login credentials and portal access details.

6. Infrastructure and Compliance

Our primary infrastructure is hosted on Google Cloud Platform (GCP) via Firebase. GCP undergoes regular independent third-party audits to verify their security, privacy, and compliance controls, including SOC 1, SOC 2, and ISO/IEC 27001.