Skip to main content
ClaimScanCheck now

Privacy & Legal

Privacy in plain English, plus the legal documents that govern your use of ClaimScan.

Data Processing Addendum

Effective date

May 25, 2026

Last updated

May 25, 2026

Version

2026-05-25

Processor, service-provider, subprocessor, security, deletion, and AI-processing terms for ClaimScan Pro and firm customers.

Privacy in plain English

  • We do not sell your personal information.
  • We do not use your notices for ads.
  • We do not train AI models on your private notices.
  • Email access is optional and read-only.
  • ClaimScan cannot send, delete, move, or reply to your emails.
  • You can disconnect email access anytime.
  • You can ask us to delete your data.
  • ClaimScan gives information, not legal advice.
ClaimScan is not a law firm and does not provide legal advice. ClaimScan does not decide whether you qualify for a settlement, whether your claim will be accepted, or whether you will receive payment.
1. Scope And Parties

This Data Processing Addendum applies when a ClaimScan Pro, firm, professional, or business customer uses ClaimScan under an order form, workspace agreement, pilot agreement, or other written agreement that incorporates this DPA.

For customer personal data processed on behalf of the customer, the customer is the controller or business, and ClaimScan is the processor, service provider, or contractor as those terms are used in applicable privacy laws. ClaimScan remains an independent controller for account administration, security, billing, product analytics, compliance, and service operations.

2. Processing Instructions

ClaimScan will process customer personal data only to provide the service, comply with documented customer instructions, maintain security, prevent abuse, support users, comply with law, and perform other processing permitted by the agreement.

The customer instructs ClaimScan to process customer personal data for scanner workflows, evidence preservation, source matching, OCR, AI-assisted extraction where enabled, saved searches, exports, attorney-review triage, candidate workflows, issue analytics, and support operations selected by the customer.

3. Customer Responsibilities
  • The customer must have a lawful basis, notices, permissions, and consents needed to submit customer personal data to ClaimScan.
  • The customer must not submit prohibited, unlawfully obtained, or unnecessary sensitive information.
  • The customer must configure workspace access, exports, and user roles appropriately.
4. Security And Confidentiality

ClaimScan will maintain reasonable administrative, technical, and organizational measures designed to protect customer personal data against unauthorized access, disclosure, alteration, and destruction.

Personnel and contractors with access to customer personal data must be bound by confidentiality obligations. Access is limited based on role and operational need.

5. Subprocessors

Customer authorizes ClaimScan to use subprocessors for hosting, database, object storage, authentication, email, logging, analytics, security, OCR, AI model access, customer support, and infrastructure operations.

ClaimScan will impose written obligations on subprocessors designed to protect customer personal data at a level materially consistent with this DPA. ClaimScan remains responsible for subprocessor performance as required by applicable law and the agreement.

  • Current functional categories include cloud hosting, serverless compute, private blob storage, database hosting, authentication, AI Gateway or model routing, OCR or document extraction, email delivery, logging, monitoring, and security tooling.
  • ClaimScan will provide subprocessor information on request or through the Legal Center when a public list is maintained.
6. Regulated And Sensitive Data

ClaimScan is not designed to receive regulated health information, children's information, financial account credentials, Social Security numbers, government ID images, or attorney-client privileged materials unless the agreement expressly authorizes that data type and the customer has implemented appropriate controls.

ClaimScan does not agree to act as a HIPAA business associate unless a separate business associate agreement is signed by ClaimScan.

7. AI And Automated Processing

If AI-assisted extraction or classification is enabled, ClaimScan may route selected text, images, metadata, or derived facts to AI Gateway, model, or OCR providers for the limited purpose of providing the service. ClaimScan will record model identifiers and prompt versions where feasible.

Customer should not use AI output as legal advice or as the sole basis for decisions that produce legal or similarly significant effects. Human review is required for attorney-review, candidate routing, and public publication decisions.

8. Assistance With Privacy Requests

Taking into account the nature of the processing and information available to ClaimScan, ClaimScan will provide reasonable assistance for verified access, deletion, correction, portability, opt-out, and similar privacy requests that relate to customer personal data.

If ClaimScan receives a request directly from an individual concerning customer personal data, ClaimScan may direct the individual to the customer unless applicable law requires another response.