Trust
Security & HIPAA compliance
You are trusting a payment platform with protected health information and provider financial data. Here is exactly how we protect it — stated plainly, without badges we haven't earned.
HIPAA-aligned operations
Scalesz operates as a business associate under HIPAA. Administrative, physical, and technical safeguards govern how PHI is stored, processed, and accessed across the platform.
BAA with every client
We execute a Business Associate Agreement with every client before any PHI is exchanged — standard, not negotiated as an extra.
Microsoft Azure, US data residency
The platform runs on Microsoft Azure with all data stored and processed in US regions. Your data never leaves the country.
Encryption in transit and at rest
All data is encrypted in transit (TLS) and at rest. File exchanges, database storage, and generated outputs are covered end to end.
Identity via Microsoft Entra
Access is managed through Microsoft Entra ID — enterprise identity, role-based access control, and support for your organization’s single sign-on.
Auditable by design
Every payment traces to its source file, template, and calculation, creating a durable audit trail for CMS reviews, provider disputes, and internal controls.
Security questionnaires & procurement
Evaluating Scalesz through a formal vendor-security review? We respond to security questionnaires and architecture questions directly — including data-flow diagrams, subprocessor lists, and access-control documentation under NDA.
Request security documentationSee Scalesz Pay on your own contracts
Bring one payer file and one payment arrangement — we’ll show you attribution, capitation, and outputs live in the platform. Implementation typically takes six weeks.