How Claimiflo Protects Your Data

We handle sensitive unclaimed property records for businesses across the United States. Security is foundational to our platform, not an afterthought.

Data Protection

  • Encryption at rest — PII fields (EIN, tax identifiers, phone numbers, email addresses) encrypted using AES-256 in the database
  • Encryption in transit — All data transmitted over TLS 1.2+
  • HSTS enforced — Strict Transport Security on all domains prevents protocol downgrade attacks
  • Tenant isolation — Each company's data is completely separated at the database level
  • Encrypted sessions — Session data encrypted at rest with secure, HTTP-only cookies

AES-256 Encryption

The same standard used by banks and government agencies

Role-Based Access

Granular permissions ensure users only see what they need

Authentication & Access Control

  • Two-factor authentication — TOTP-based 2FA enforced for all administrative accounts
  • Role-based access control — Admin, Agent, Client Admin, and Client Member roles with distinct permissions
  • Strong password policy — Minimum 12 characters with complexity requirements
  • Brute force protection — Automatic account lockout after repeated failed login attempts
  • API rate limiting — Throttled endpoints prevent abuse and credential stuffing
  • Session timeout — Automatic session expiration after idle period

Monitoring & Audit Logging

  • Authentication logging — All login, logout, failed attempts, and authorization failures logged with IP address and timestamp
  • Data change tracking — Full audit trail for all status changes and data modifications
  • Daily log rotation — Automated daily rotation with 90-day retention for incident investigation and compliance
  • Quarterly access reviews — Periodic review of user access, MFA enrollment, and inactive accounts

Complete Audit Trail

Every action is logged for accountability and compliance

Isolated Infrastructure

Dedicated servers with resource isolation for maximum security

Infrastructure

  • Dedicated cloud hosting — Hosted on Hetzner Cloud with EU-grade data center standards
  • Resource isolation — Separate application and processing servers
  • Security headers — CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy, and HSTS
  • CSRF protection — Cross-site request forgery prevention on all forms
  • Zero known vulnerabilities — Continuous dependency auditing with zero CVEs across PHP and Composer packages

Code-Level Security Audit

Our codebase undergoes regular 30-point vulnerability assessments covering the OWASP Top 10 and Laravel-specific attack vectors.

  • No SQL injection — All database queries use parameterized statements
  • No command injection — No shell execution functions in the codebase
  • XSS prevention — All dynamic output reviewed and verified safe against cross-site scripting
  • Mass assignment protection — Explicit field whitelisting on all models

30-Point Assessment

Regular vulnerability audits across all attack vectors

Formal Security Policies

Documented controls aligned to SOC 2 Trust Services Criteria

Compliance

Claimiflo follows SOC 2 Trust Services Criteria for security, availability, and confidentiality. We are actively building toward formal SOC 2 Type I certification.

  • Information Security Policy — Umbrella policy covering data classification, acceptable use, and sub-policy index
  • Access Control Policy — Documented controls for tenant isolation, role enforcement, and MFA requirements
  • Incident Response Plan — Severity classification, response procedures, communication plan, and post-incident review
  • Data Retention & Disposal Policy — Defined retention schedules, secure disposal methods, and customer deletion requests
  • Security Awareness Training — Annual training requirements and role-specific security education

For security inquiries or to request our security documentation, contact us at support@claimiflo.com.

Ready to Get Started?

Join businesses that trust Claimiflo to manage their unclaimed property securely.

Start Your Free Trial