Skip to main content
Security & data handling

Your claim is sensitive. We treat it that way.

To fight your claim, Koala handles some of your most personal information: your policy, your address, your denial letter, sometimes your losses in detail. This page is the full account of how that data is protected, where it travels, and (just as honestly) what we haven't built yet.

Last reviewed July 2026Read the Privacy Policy

Security posture at a glance

  • PII-scrubbed logging

    Every log line redacted before it's written

  • Encrypted in transit & at rest

    TLS on the wire, managed Postgres at rest

  • Payment data tokenized

    Card details stay with Stripe, never our servers

  • Data minimization by default

    The browser only ever gets a stripped projection

Independent and early-stage. Everything here is live in the product today. No badges we haven't earned.

01

Your personal details never reach a log in the clear.

Logs are where sensitive data usually leaks: an error message quietly prints an email or a policy number, and now it's sitting in a console somewhere. Koala is built so that can't happen, with two layers working together.

First, by design.Raw claim content and your email address are simply never passed into a log message. When something fails, the code records a claim ID and a typed error, never the contents of your claim. That's the primary guarantee.

Then, as a safety net. Every line the app logs is forced through a single sink that deterministically redacts structured PII: emails, US Social Security numbers, street addresses, ZIP codes, phone numbers, and policy or claim numbers (both numeric and alphanumeric, like POL-4432).

We're honest about the edge: free-form names can't be pattern-matched without wrongly redacting ordinary words, so names are protected by the “never log claim content” rule above, not by the redactor. The scrubber is the backstop, not the only thing standing between your data and a log file.

Redaction, before & after

What a naive log might write

claim POL-4432 for jane.doe@acme.com
at 42 Oak Street failed. Call
back on 555-238-9910

What Koala actually writes

claim [id] for [email]
at [address] failed. Call
back on [number]

The redaction is deterministic rather than probabilistic. The same input always redacts the same way, so there's no model in the loop deciding whether your address counts as private.

02

The controls around your data.

These aren't promises for later. They're enforced in the code that runs your claim today.

  • Data minimization

    The browser never receives your full claim record. Every response is a stripped-down projection: payment identifiers and internal fields are removed server-side before anything leaves the API.

  • Payment isolation

    Card details go straight to Stripe and never touch Koala's servers. We store a payment reference to confirm your order, not a card number, expiry, or CVC.

  • Access control

    A claim ID is an unguessable UUID, and reading a claim additionally requires a signed capability token (HMAC-SHA256) handed to its owner. The operator dashboard sits behind its own gate, verified in constant time.

  • Validated boundaries

    Every response from an AI model is sanitized and re-shaped against a strict schema before it's stored or shown, so a malformed or unexpected output can't slip through into your report.

  • Rate limiting

    Per-IP limits on analysis and chat throttle scraping and abuse, so no single caller can hammer the pipeline or run up cost against another user's claim.

  • Encryption everywhere

    Traffic is served over HTTPS/TLS end to end. Claim records live in managed Postgres (Supabase), encrypted at rest, with row-level security revoking direct access. Secrets are read from the environment, never committed to the repo.

03

The vendors a claim passes through.

Koala isn't a black box. To read, research, and deliver your claim, its data travels through a short list of infrastructure providers, and each one only ever sees the slice it needs.

  • Supabase

    Stores your claim record in managed Postgres, encrypted at rest.

  • Stripe

    Processes your payment. Sees your card data so we don't have to.

  • Google (Gemini)

    The AI models that read your documents and draft your demand: they process claim text to do the analysis.

  • Exa

    Runs the neural web searches for comparable settlements and rulings.

  • Resend

    Delivers your finished report and demand letter by email, if you give us an address.

  • Upstash

    Holds rate-limit counters keyed by IP address (no claim content).

We don't sell your claim data or use it to train our own models; the flat fee is the business model. For the full legal detail on data use, see our Privacy Policy.

04

We won't advertise a certificate we don't hold.

Plenty of early products decorate a security page with compliance logos they haven't actually earned. We think that's worse than saying nothing: it's a claim you can't back up when it matters.

So, plainly: Koala is early-stage and does nothold SOC 2, HIPAA, ISO 27001, or any formal security certification today, and we haven't completed an independent penetration test. When we earn any of these, they'll appear here with real dates and reports behind them, and not one day before.

On the roadmap: not done yet

A commitment, not a credential.

  • SOC 2 Type II reportPlanned
  • HIPAA / ISO 27001 attestationPlanned
  • Independent third-party penetration testPlanned
  • Formal data-retention & deletion controlsPlanned
  • A public bug-bounty programPlanned
05
Responsible disclosure

Found something? Tell us.

We don't have a formal bug-bounty program yet, but we take security reports seriously and we'd genuinely rather hear from you. If you've found a vulnerability or a way your data could be exposed, email us and we'll work with you to confirm and fix it.

Report a security issueWe aim to acknowledge reports quickly and keep you in the loop.
Free mode: no payments, nothing is charged