Security
We take the security of your financial and personal data seriously. Here is how we protect it.
Encryption in transit
All traffic between your browser and ClaimStation is encrypted with TLS (HTTPS). Your data is never sent in plain text.
Row-level security
Data is stored with row-level security (RLS) so you only ever see your own data — or your household’s, if you use sharing. The database enforces this at the server; the app cannot bypass it.
Hashed API keys
Developer API keys are stored as hashes. If a key is ever exposed, it cannot be reversed to recover the original key.
Masked bank account numbers
Full bank account numbers are never shown in the interface. Only masked identifiers (e.g. last four digits) are displayed for matching; the full values are stored securely and used only for matching.
AI opt-in and anonymisation
AI-assisted matching is off by default. If you enable it, data sent to AI providers is automatically anonymised: account numbers, names, emails, policy IDs, and other identifiers are removed or replaced with placeholders. Only anonymised descriptions, amounts, and dates are used. You can disable AI at any time.
MFA (two-factor authentication)
You can enable TOTP-based two-factor authentication (e.g. with an authenticator app) and use recovery codes to regain access if you lose your device.
Infrastructure
ClaimStation runs on Supabase, a trusted platform with enterprise-grade security and compliance (including SOC 2). Your data is stored in secure, access-controlled environments.
Data retention controls
You choose how long to keep your data. Retention settings in Profile let you archive or delete data after a set period, so you stay in control.
Get started
Sign in or create an account at ClaimStation. No installation — it runs in your browser.