Scalesz

Trust

Security & HIPAA compliance

You are trusting a payment platform with protected health information and provider financial data. Here is exactly how we protect it — stated plainly, without badges we haven't earned.

HIPAA-aligned operations

Scalesz operates as a business associate under HIPAA. Administrative, physical, and technical safeguards govern how PHI is stored, processed, and accessed across the platform.

BAA with every client

We execute a Business Associate Agreement with every client before any PHI is exchanged — standard, not negotiated as an extra.

Microsoft Azure, US data residency

The platform runs on Microsoft Azure with all data stored and processed in US regions. Your data never leaves the country.

Encryption in transit and at rest

All data is encrypted in transit (TLS) and at rest. File exchanges, database storage, and generated outputs are covered end to end.

Identity via Microsoft Entra

Access is managed through Microsoft Entra ID — enterprise identity, role-based access control, and support for your organization’s single sign-on.

Auditable by design

Every payment traces to its source file, template, and calculation, creating a durable audit trail for CMS reviews, provider disputes, and internal controls.

Security questionnaires & procurement

Evaluating Scalesz through a formal vendor-security review? We respond to security questionnaires and architecture questions directly — including data-flow diagrams, subprocessor lists, and access-control documentation under NDA.

Request security documentation

See Scalesz Pay on your own contracts

Bring one payer file and one payment arrangement — we’ll show you attribution, capitation, and outputs live in the platform. Implementation typically takes six weeks.