Privacy Policy

1. Introduction

ClaimReconX ("we", "us", or "our") operates the ClaimReconX platform (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully.

2. Information We Collect

Information you provide directly

• Account registration data: name, email address, organization name, country
• Billing information: processed securely via Stripe (we do not store card details)
• Claims and remittance data you upload for reconciliation
• Support communications and feedback

Information collected automatically

• Usage data: pages visited, features used, reconciliation jobs run
• Device and browser information for security and compatibility
• IP addresses and login timestamps (retained in audit logs)
• API request logs including endpoints, status codes, and response times

3. How We Use Your Information

• To provide, operate, and improve the Service
• To process your claims and remittance data for reconciliation
• To send transactional emails (account, billing, security alerts)
• To respond to support requests
• To detect fraud, abuse, and security incidents
• To comply with legal obligations

We do not sell your data. We do not use your claims or financial data for any purpose other than providing the Service to you.

4. Data Isolation & Multi-Tenancy

Each organization's data is completely isolated. Your claims data, remittance data, reconciliation results, and audit logs are never shared with, visible to, or accessible by any other organization on the platform. All data is scoped by a unique organization identifier at every layer of the application.

5. Data Security

• Encryption at rest: All data is encrypted using AES-256
• Encryption in transit: TLS 1.3 for all connections
• Access controls: Role-based permissions, 2FA support
• Audit logging: Every data access and modification is logged immutably
• Infrastructure: Hosted on AWS with security groups, VPC isolation, and regular security patches

6. Data Retention

We retain your data for as long as your account is active. Upon account deletion:

• Claims and remittance data: deleted within 30 days
• Audit logs: retained for 7 years for compliance purposes
• Billing records: retained as required by applicable tax law

7. Third-Party Services

We use the following third-party services, each with their own privacy policies:

• Stripe — Payment processing
• Amazon Web Services — Cloud infrastructure and file storage
• Mailgun — Transactional email delivery
• Redis Labs — Session and cache management

8. Your Rights

Depending on your jurisdiction, you may have rights to:

• Access the personal data we hold about you
• Correct inaccurate data
• Request deletion of your data ("right to be forgotten")
• Export your data in a portable format
• Withdraw consent for optional data processing

To exercise any of these rights, contact us at legal@claimreconx.io.

9. Cookies

We use essential cookies for session management and authentication. We do not use advertising cookies or third-party tracking cookies. You can disable cookies in your browser settings, but this will affect your ability to log in.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email and an in-app notification at least 14 days before the changes take effect.

11. Contact

For privacy-related questions or to exercise your rights, contact us at legal@claimreconx.io or via our contact page.

ClaimReconX
Westlands Business Park
Nairobi, Kenya