Built for sensitive claim data.
Field photos, addresses, carrier names, and loss details run through Mensuria. We treat each as the sensitive record it is — isolated per account, encrypted in transit and at rest, never used to train a model, and never the final word over a licensed adjuster. Below is an honest account of what's built today and what's still on the roadmap.
Protections that are actually built in.
These are live in the product right now — ownership checked on every request, encryption you can't turn off, and location metadata stripped from photos. What isn't built yet is in the roadmap section below, labeled honestly.
Per-account isolation
Every claim, photo, and export is tied to your account, and that ownership is re-checked on every request — in the API, not just the UI. A non-owner gets a not-found, never another adjuster's file.
Encrypted in transit & at rest
All traffic runs over TLS, and data is encrypted at rest by our cloud provider. Photos are served only through authenticated, access-controlled requests — no public buckets, no anonymous file URLs.
Location metadata stripped
Field photos are re-encoded to remove EXIF/GPS metadata before they're stored or sent for processing, so we never persist or transmit the insured's location.
AI drafts, you approve
Mensuria proposes line items against a verified code base and never invents a selector it can't ground — it flags it instead. A licensed adjuster reviews and clears every flag before anything is final.
Deletable on request
Ask us to delete a claim or your whole account and we remove the photos, drafts, and exports within 30 days. Self-serve deletion and data export are on the roadmap below.
Least data, least access
We collect only what's needed to draft and bill — card details go straight to Stripe, never to us. It's a small team with minimal production access, and we don't sell your data.
Where your claim data lives, end to end.
Follow a single claim from the field to deletion. At every stage: encrypted, scoped to your account, and never mined into a training set.
See the full pipelinePhotos upload over TLS into account-scoped storage, and EXIF/GPS metadata is stripped on the way in.
Vision and drafting run via Anthropic's API. Inputs draft your scope, are not used to train models, and are retained by the provider only transiently.
Drafts live in your account only. The original AI draft is preserved separately from your edits, so you can always see what the AI proposed versus what you approved.
Active claims persist for as long as you keep the file, so history and exports stay available for your records and any rework.
Ask us and we purge the photos, drafts, and exports within 30 days. Automated self-serve deletion and backup purging are on the roadmap.
Your claims are inputs, not training data.
The biggest fear with an AI tool is “where do my photos go?” The straight answer: they're sent to our AI provider once, to draft your claim, are never used for training, and are retained by the provider only transiently.
Never used to train models
Your photos, claims, and estimates are not used to train, fine-tune, or improve any AI model. Per our provider's (Anthropic's) API terms, API inputs are not used for training.
Used once, for your draft
Each photo is read only to draft that claim's line items. No cross-claim mining, no shared embeddings pool, no secondary use of your inputs.
Provider retention is transient
Anthropic may retain inputs briefly for abuse monitoring, then deletes them. A separately-contracted zero-retention agreement is on our roadmap — we won't claim it until it's signed.
No human eyes by default
We don't read your claim content to operate the product. We'd only look at a specific file with your explicit request to help troubleshoot.
AI drafts. A licensed adjuster approves.
Mensuria is a drafting tool, not a decision-maker. It accelerates the write-up and shows its work — but export stays locked until a human clears every flag. Your license, your judgment, your name on the estimate.
Mensuria reads the photos and proposes Xactimate-ready line items against a verified code base. It never invents a selector it can't ground — it flags it instead.
Every line carries the exact photos behind it and a confidence band. Anything uncertain surfaces as an open question rather than a silent assumption.
Export stays locked until a human clears every low-confidence line and flag. The estimate ships under your license, with your judgment on every line.
Only you reach your files.
Owner-scoped access
Every claim and photo is checked against its owner on each request. Ask for a file that isn't yours and you get a not-found — never another adjuster's data.
MFA available
Multi-factor sign-in is available through our auth provider (Clerk), and we recommend enabling it. Sessions are revocable if a device is lost.
Minimal production access
It's a small team. Production access is limited, and we'd only view a specific claim with your explicit request to help — not as standing access.
Honest about where we are.
We'd rather show you the real status than flash a badge we haven't earned. Here's every vendor that may touch claim data, and exactly what's done versus planned.
AI model inference — reads photos + notes to draft line items
Authentication & account management
Subscription & payment processing (card data never touches our servers)
Cloud hosting & data storage (United States)
Sub-processor list
A current list of every vendor that may process claim data — shown on this page and in our Privacy Policy, updated as it changes.
Data Processing Addendum
A DPA for firm accounts is being prepared. If your firm needs one to get started, contact us and we'll work through it.
Off-site encrypted backups
Automated off-instance backups (and deletion that propagates to backups) are being set up to harden durability before scale.
Formal certifications
We're an early, focused team and have not yet pursued SOC 2 or a third-party penetration test. We'll be transparent about timing as we grow — and won't flash a badge we haven't earned.
Found something? Tell us.
If you believe you've found a vulnerability, email us and we'll respond quickly. We don't pursue good-faith researchers who report responsibly, and we'll keep you posted through remediation.
Questions before a real claim?
We'll share our sub-processor list and answer anything your firm needs to know before you run sensitive data through Mensuria.