Trust center

Trusted by thousands worldwide

EsperSure Trust Center

To meet your data governance requirements, our solution can run in a Docker container behind your firewall — ensuring your data never leaves your environment.
‍
All outputs, including model results and IP, remain fully within your control.
This setup has been used successfully by clients with strict compliance needs and can support your internal security and risk discussions.

View Services

EsperSure Security

Practices & Policies

Our security strategy is built around transparency, proactive controls, and compliance with leading industry standards. Here’s a detailed look at how we manage and secure data across our platform.

Access Control:

Role-based permissions, SSO, and strict identity verification practices to limit data exposure.

Encryption Standards:

Data is encrypted in transit and at rest using AES-256 and TLS 1.2+ protocols.

Compliance & Certifications:

We align with frameworks like ISO 27001, SOC 2 Type II, and HIPAA where applicable.

Penetration Testing:

Annual third-party pentests are conducted, and critical findings are remediated swiftly.

Third-Party Risk Management:

We vet vendors rigorously, ensuring they meet our security expectations.

Security Awareness & Training:

Employees undergo mandatory security training and periodic phishing simulations.

EsperSure Security

Connect With Our Security
& Compliance Team

We’re here to help. Whether you have questions, need documentation, or want to report a concern,
our team is available to assist you.

General Inquiries

security@espersure.com
Responds in 1–2 business days
‍
‍

EsperSure Solutions

Our Commitment to
Data Protection

We embed privacy and security at every step—from data collection to deletion—ensuring control, compliance, and protection throughout the data lifecycle.

Data Minimization

We collect only what’s necessary- no more,  no less.

Privacy by Design

Security and privacy controls are embedded throughout the development lifecycle.

Data Lifecycle Management

We support your data retention and deletion policies with configurable automation.

Monitoring and Logging

Real-time detection and audit logging ensure accountability.

Incident Response

We operate under a tested, structured playbook for prompt response and disclosure

End-to-End Data Protection

We use layered security with least privilege, monitoring, and proactive response.

ESPERSURE FRAMEWORK

Your Cloud, Your Rules

Focuses on data ownership, transparency, and running inside the client’s infrastructure,
with EsperSure providing support.

ESPERSURE FRAMEWORK

Trusted, Managed Cloud Security

Focuses on scalability, privacy, and compliance, describing the experience of using
EsperSure’s hosted platform.

ESPERSURE FRAMEWORK

Your Cloud, Your Rules

Focuses on data ownership, transparency, and running inside the client’s infrastructure,
with EsperSure providing support.

ESPERSURE FRAMEWORK

Your Cloud, Your Rules

Focuses on data ownership, transparency, and running inside the client’s infrastructure,
with EsperSure providing support.

EsperSure Privacy

Built-In Data Protection & Compliance

EsperSure safeguards your data with built-in masking, access controls, and encryption—ensuring compliance and complete control.

Data Scrambling

Changing the values in a dataset to meaningless characters or numbers.
‍
Example: Turning "Jane Doe" into "Qwerty Xyz" or "123 Main St" into "999 Random Rd.“

Data Obfuscation

Masking data values to hide their true nature.

Example: Obfuscating an email like "jane.doe@example.com" to "xxxx.xxxx@example.com".

Data Substitution

Replacing real data with fictitious but realistic values.

Replacing real employee names with random, realistic names from a name generator.

Encryption

Encoding data into a non-readable format using encryption algorithms.

Example: Turning "1234" into "kF8z9LuW3iP" using encryption.

Field-Level Access

Fine-grained permissions down
to the attribute level.

Role-Based Access

Policy-driven RBAC ensures
least-privilege access.

Audit Logging

Immutable logs across actions, entities,
and users.

Data Retention Policies

Configurable by client, enforced automatically.

EsperSure Security

Security frameworks we follow

Our practices are built on globally recognized frameworks to ensure data protection, risk management, and regulatory compliance at every level.

NIST Cybersecurity Framework – Risk-based approach to managing cybersecurity

OWASP Top 10 – Secure coding & web application best practices

SOC 2 Compliance – Data privacy, confidentiality & availability assurance

GDPR Guidelines – Personal data protection for EU citizens

Zero Trust Architecture – “Never trust, always verify” access control

Certifications and Compliance Standards

(CSA)

SOC 2 Type II

Esper Shield

Certification Information

Get in-depth information on safety standards, certifications, and technical compliance documents.

Privacy Policy

Committed to privacy, transparency, and data protection at every step

We collect only essential user data with explicit consent, ensuring transparency and respect for privacy.
All data is encrypted both in transit and at rest to maintain security. Users have full control over their personal information, and we never share data with third parties without permission.
Our practices comply with GDPR, CCPA, and all relevant local data protection laws.

Practices & Policies

Connect With Our Security & Compliance Team

Our Commitment to Data Protection​

Your Cloud, Your Rules

Trusted, Managed Cloud Security

Your Cloud, Your Rules

Your Cloud, Your Rules

Built-In Data Protection & Compliance

Security frameworks we follow

Privacy Policy

Privacy Policy

Transform Your Claims Management with AI

Connect With Our Security
& Compliance Team

Our Commitment to
Data Protection