How ClaimVyne protects claims data in transit and at rest.
Encryption in Transit
All data transmitted between your CMS, PAS, and ClaimVyne systems is encrypted using TLS 1.3. API connections require mutual TLS for enterprise deployments. No unencrypted channels are used at any point in the pipeline.
Encryption at Rest
Claim data stored within ClaimVyne's processing environment is encrypted at rest using AES-256. Encryption keys are managed through a dedicated key management service with rotation policies.
Data Retention and Deletion
Claim data within ClaimVyne's pipeline is retained only for the processing window defined in your service agreement. We provide deletion procedures and certificates of destruction aligned with your carrier's data governance policies.
Role-based access with a principle of least privilege.
ClaimVyne operates on a role-based access control model. Operations staff, supervisors, and administrators each have distinct permission sets — calibrated to the minimum required for their function.
All production access requires multi-factor authentication. ClaimVyne engineering staff do not have standing access to production systems — access is provisioned for defined maintenance windows and logged comprehensively.
- Multi-factor authentication required for all user access
- Production engineering access is ephemeral and logged
- Service account credentials rotate on a defined schedule
- SSO integration available for Carrier and Enterprise tiers
Designed with insurance regulatory requirements in mind.
Data Privacy Compliance
ClaimVyne's data handling practices are designed to support your carrier's compliance with applicable state insurance privacy regulations, including data minimization and processing limitation principles.
Audit Logging
Every routing decision, override, and configuration change is logged with timestamp, user identity, and change detail. Audit logs are immutable, retained per your retention policy, and exportable for regulatory review.
Data Processing Agreements
ClaimVyne provides a Data Processing Agreement (DPA) as part of every carrier contract — establishing clear roles, obligations, and data handling terms consistent with insurance regulatory expectations.
Infrastructure Segmentation
Each carrier's claims data is processed in a logically segmented environment. No claims data is commingled across carrier tenants. Enterprise deployments support dedicated infrastructure options.
Request our security documentation package for your information security review.
We provide a comprehensive security documentation package — architecture overview, data flow diagrams, access control matrix, and DPA template — for qualified pilot and contract-stage engagements.