Security

Security & Data Handling

A practical overview of how Santora handles sensitive claim packets, operational failures, and customer-directed data workflows.

Last updated April 20, 2026.

Access Control

  • Claim materials are intended to be visible only to authorized users within the relevant customer account and approved platform personnel.
  • Role-based access is used across platform, org admin, and org user views.
  • Customers are responsible for promptly disabling or rotating access for users who should no longer have access.

Handling Sensitive Claim Packets

Some workflows may include highly sensitive files such as scene photos, death certificates, bodily fluid cleanup documentation, trauma-cleaning photos, or similar remediation evidence. Santora is designed to treat these uploads as protected business records used only for the associated claim review workflow.

Customers should upload only the materials necessary for review and should avoid including unrelated sensitive information that is not needed to evaluate the claim packet.

OCR and AI Processing

  • Uploaded files may be processed through OCR and AI services to extract text and generate review output.
  • Those services are used to support the product workflow, not to replace human claim authority.
  • Generated reviews should be treated as decision support and checked by the customer before action is taken.

Operational Visibility

Santora surfaces failed uploads, failed OCR jobs, failed reviews, and stalled processing states in the platform workspace so support and operations can respond quickly when a customer workflow gets stuck.

Retention and Deletion Expectations

Retention expectations should be agreed with each customer during onboarding or in written commercial terms. Where deletion is requested, Santora will work to remove customer data from active systems within a reasonable operational window, while retaining only what is necessary for backups, security, fraud prevention, accounting, or legal obligations.

Incident Response

If we identify a material security or data handling issue affecting customer data, we aim to investigate promptly, limit the impact, and communicate with affected customers through the appropriate operational channel.