Trust Center
RenewalFlow is built with security and privacy at its core. Insurance renewal documents contain sensitive personal and health information, and we take that responsibility seriously.
Compliance
| Framework | Status | Details |
|---|---|---|
| PIPEDA | Compliant | Canadian privacy law compliance for personal information handling |
| NB PHIPAA | Compliant | New Brunswick Personal Health Information Privacy and Access Act |
| HIPAA | Ready | Technical safeguards in place; BAA available upon request for US clients |
Encryption
In Transit
- TLS 1.2+ enforced on all connections (HTTPS only)
- HSTS enabled with 1-year max-age, includeSubDomains, and preload
- Strong cipher suites enforced by infrastructure providers
At Rest
- Database: Server-side encryption via Supabase (PostgreSQL)
- Document storage: Server-side encryption via Cloudflare R2
- Sensitive identifiers: Application-level AES-256-GCM encryption with unique initialization vectors per operation and authentication tags for tamper detection (e.g., Social Insurance Numbers)
Access Controls
- Authentication: Managed by Clerk with support for multi-factor authentication (MFA), brute-force protection, and session management
- Role-based access: Three roles — Admin (full access), Agent (scoped writes), Viewer (read-only) — enforced at every API endpoint
- Multi-tenant isolation: Every database query is scoped to the authenticated organization. Cross-tenant access is architecturally prevented at the application layer
- Principle of least privilege: Users receive the minimum access required for their role
Data Protection
- PHI identification: Protected Health Information field patterns automatically identified and handled across 30+ categories including personal identifiers, health information, and financial data
- Log redaction: All PHI and secrets automatically stripped from logs before storage. 17 secret patterns (API keys, tokens, SINs, database URLs, credit card numbers) are redacted
- Ephemeral AI processing: AI sandbox environments are destroyed after each operation. No persistent storage in execution environments
- Zero-retention AI: Anthropic (Claude AI) processes data with zero data retention under BAA
Audit and Monitoring
- Comprehensive audit trail: All data access and modifications logged with user identity, IP address, user agent, and timestamps
- Structured logging: Centralized JSON logging with automatic secret/PHI redaction
- Error tracking: Sentry integration for real-time error monitoring with sensitive data scrubbing
- AI pipeline observability: Every extraction phase logged with correlation IDs, timing metrics, and token usage tracking
Application Security
- Input validation: Zod schema validation on all API endpoints; magic byte verification for file uploads
- Rate limiting: Distributed Redis-based rate limiting with per-endpoint configuration
- Content Security Policy: Comprehensive CSP headers preventing XSS, clickjacking, and content injection
- Security headers: HSTS, X-Frame-Options (DENY), X-Content-Type-Options (nosniff), strict Referrer-Policy, restrictive Permissions-Policy
- No hardcoded secrets: All credentials managed via environment variables; pre-commit protections in place
Sub-Processors
The following third-party service providers process data on behalf of OAZO Technology Inc. in the delivery of RenewalFlow. This list is maintained in accordance with our Data Processing Agreement and updated as sub-processors change.
| Provider | Purpose | Data Processed | Compliance |
|---|---|---|---|
| Supabase | PostgreSQL database | All application data including encrypted PHI | SOC 2 Type II, HIPAA |
| Cloudflare | R2 object storage | Uploaded documents (renewal PDFs, booklets) | SOC 2 Type II, ISO 27001 |
| Clerk | Authentication and identity | User credentials, organization structure | SOC 2 Type II |
| Vercel | Application hosting | Application code, request metadata | SOC 2 Type II, ISO 27001 |
| Anthropic | AI document processing (Claude) | Document text during extraction (zero data retention) | SOC 2 Type II |
| E2B | Ephemeral sandbox execution | Document content during processing (destroyed after use) | Secured access, ephemeral |
| Sentry | Error monitoring | Error reports (PII automatically scrubbed before transmission) | SOC 2 Type II, ISO 27001 |
| Upstash | Rate limiting, job queue | Operational metadata only (no PHI) | TLS + AES-256 |
Last updated: April 2026. We notify customers at least 30 days before adding new sub-processors. Contact privacy@oazo.ca for questions about our sub-processor arrangements.
Data Residency
Primary application data (database and compute) is hosted in Canada. Document storage and supporting services are hosted in North America. AI processing uses zero data retention — no customer data is stored after the API response is returned. Sandbox environments are ephemeral and destroyed after each operation. Please contact us for specific data residency requirements.
Incident Response
We maintain incident response procedures covering detection, containment, eradication, recovery, and post-incident review. Affected Subscribers will be notified promptly in accordance with applicable law and contractual obligations.
Vulnerability Disclosure
If you discover a security vulnerability, please report it responsibly to security@oazo.ca. We take all reports seriously and will respond promptly.
Contact
For security questions, vulnerability reports, or to request compliance documentation:
security@oazo.ca
For privacy-related inquiries:
privacy@oazo.ca