Claimable implements security by design and we are committed to keeping your data secure by continuously improving our security posture and strategy.

The team at Claimable adopts security best practices throughout our product development lifecycle and day-to-day operations. Below is an overview of some of the things we do maintain a high standard of security and data protection.

Claimable uses Amazon Web Services (AWS) data centres which have been certified as ISO 27001, PCI DSS Service Provider Level 1, and SOC 1, 2 & 3 compliant.

All employees complete security training and all contracts include a confidentiality agreement. We have robust incident response and business continuity protocols in place to ensure any security event is handled without undue delay and disruption.

Claimable is a fundamental resource for our customers’ business operations and this is something we are proud of and take extremely seriously. For this reason, we operate a failover system across multiple, separate data centres to provide business continuity in case of any serious incidents or disasters.

We enforce the use of two-factor authentication for internal tooling and third-party software as well as a strict password rotation practice.

We implement the principle of least privilege, where users and systems are given the minimum levels of access needed to perform their functions. Data are only accessible to authorised people on a strict need-to-know basis and for the purpose of better customer service and nothing else.

Data is encrypted in transit (TLS 1.3) and at rest (AES-256) and Claimable uses encryption protocols that meet the NIST FIPS 140-2 standard.

Claimable, as data processors, works in line with the EU General Data Protection Regulation (GDPR) and we are committed to assisting our customers in complying with these regulations and similar data protection initiatives around the world.

Claimable is fully GDPR compliant thanks to the implementation of technical and organisational measures such as the minimisation of data processing, pseudonymisation of data and transparency of processes, among other things.

We carefully select third-party vendors and perform regular security reviews on all suppliers, evaluating and minimising potential risks.

We operate security monitoring, data protection, vulnerability scanning and threat prevention systems, using industry-leading specialist cloud security platforms that unify best-in-class API Security, WAF and API Attack Surface Management (AASM) capabilities to protect our APIs and web applications across all our environments.

We employ internal and third-party security tooling to continuously and dynamically scan our applications against common security risks, including, but not limited to the OWASP Top 10 and the OWASP API Top 10 security risks.

We continuously check all the company's exposed assets for typical vulnerabilities and use live attack data to spot current and potential future weak spots.

We perform continuous monitoring and scanning for applications and APIs across all our environments. We leverage internal tooling and security partners to observe and analyse our API traffic to identify threats, assess security risks and remediate them.

The Claimable platform itself offers various features to enhance your data access control and general security posture, helping you to comply with security standards and privacy policies.

Here are some examples: