Enterprise-Grade Security

Security & Compliance

Your data security and privacy are our top priorities. Built with enterprise-grade security from day one.

SOC 2 Type II

Annual third-party audit of security, availability, and confidentiality controls

Certified

HIPAA Compliant

Business Associate Agreement (BAA) available for healthcare-related mediations

BAA Available

GDPR Ready

EU data protection compliance with data processing agreements available

Compliant

Security Features

Data Encryption

All data encrypted at rest and in transit with industry-standard protocols

Database encryption using AES-256 encryption at rest
S3 bucket encryption for all uploaded documents
All API calls over HTTPS with TLS 1.3
End-to-end encryption for sensitive PHI data

Access Controls

Multi-layered security with granular role-based permissions

Multi-factor authentication (MFA) available
Role-based access control (RBAC) for all users
Session management with automatic timeout
IP allowlisting for enterprise customers
Single Sign-On (SSO) via SAML 2.0 (Enterprise)

Audit Logging

Complete audit trail of all system actions and data access

3-year retention for standard accounts
6-year retention for HIPAA Basic tier
7-year retention for HIPAA Enhanced tier
Tamper-proof logs with cryptographic checksums
Exportable for compliance reporting
Real-time alerts for suspicious activities

Infrastructure Security

Enterprise-grade cloud infrastructure with redundancy

AWS cloud with 99.9% uptime SLA
Daily automated backups with point-in-time recovery
Disaster recovery tested quarterly
CDN for fast, secure content delivery
DDoS protection and web application firewall
Multi-region data replication

Compliance & Certifications

Meet industry standards and regulatory requirements

SOC 2 Type II certified annually
HIPAA compliance with BAA available
GDPR compliant with DPAs available
Regular third-party penetration testing
Vulnerability scanning and remediation
Security awareness training for all staff

Incident Response

Rapid response to security events

24/7 security monitoring
Dedicated incident response team
Breach notification within 24 hours
Regular tabletop exercises
Coordinated vulnerability disclosure program

HIPAA Compliance

Handle healthcare-related disputes with confidence

HIPAA Basic

Business Associate Agreement (BAA)
Encrypted PHI storage (AES-256)
6-year audit logs
Compliance dashboard
Annual risk assessments

HIPAA Enhanced

Everything in HIPAA Basic, plus:
PHI auto-detection and flagging
Advanced redaction tools
7-year audit log retention
Breach detection and alerts
Dedicated compliance support

When do you need HIPAA compliance? If you handle medical billing disputes, healthcare mediations, or any cases involving Protected Health Information (PHI), HIPAA compliance is required. See pricing →

Data Protection & Privacy

We take your privacy seriously and follow industry best practices

What We Collect

Account information (name, email, organization)
Case data and documents you upload
Usage analytics (anonymized)
Payment information (via Stripe)

What We Don't Do

Never sell your data to third parties
Never use your case data to train AI models
Never share data without your consent
No advertising or tracking pixels

Your Rights

Data Portability

Export your data at any time in standard formats (CSV, JSON)

Right to Deletion

Request complete deletion of your data within 30 days

Data Access

View and download all data we have about you

Opt-Out

Opt out of non-essential data collection anytime

Questions About Security?

Our security team is happy to discuss your specific compliance requirements, provide documentation, or schedule a security review.

Contact Security Team Privacy Policy

Security Disclosure: If you discover a security vulnerability, please contact our security team with "Security Vulnerability" in your message. We have a coordinated disclosure program and will respond within 24 hours.