ReadyToUnderwrite is built for agencies that handle sensitive prospect data. Here’s how we protect it.
Every piece of data in ReadyToUnderwrite is encrypted both in transit and at rest. Sensitive fields like Federal Employer Identification Numbers (FEIN) receive an additional layer of application-level encryption beyond what the database provides.
All connections use TLS 1.3 with HTTPS enforced. No unencrypted data ever leaves or enters our servers.
TLS 1.3 · HTTPS-onlyDatabase-level encryption for all stored data. Sensitive fields like FEIN are additionally encrypted at the application layer using AES-256.
AES-256 · Application-level PII encryptionUser passwords are hashed using bcrypt with a cost factor of 12. We enforce a minimum of 12 characters and check against known compromised password lists.
bcrypt · cost factor 12 · 12+ charsJWT tokens signed with RS256 (2048-bit RSA). Optional TOTP-based MFA with backup codes. Account lockout after 5 failed attempts.
RS256 JWT · TOTP MFA · Rate limitingEvery agency’s data is completely isolated from every other agency. This isn’t just application-level filtering — it’s enforced at the database level using PostgreSQL Row-Level Security policies on every single table.
Even if there were a bug in our application code, the database itself prevents any query from crossing agency boundaries. Your agency_id is extracted from your authenticated session and enforced by the database engine — not our application logic.
ReadyToUnderwrite uses role-based access control (RBAC) with four permission levels. Every API request passes through authentication and permission middleware before reaching any data.
Four roles (Admin, Manager, Producer Lead, Producer) with granular permissions per resource. Admins control who can access what within your agency.
Sessions tracked per device with IP and user agent binding. Concurrent sessions supported. Automatic expiry (8h default, 30 days with remember-me). Immediate revocation on user deactivation.
Every action in ReadyToUnderwrite is logged to an immutable, append-only audit trail. This includes who did what, when, from which IP address, and what data changed.
Every data access and modification is captured with timestamps, user identity, IP address, and a full JSON diff of changes. Logs cannot be edited or deleted.
Automated error tracking with PII automatically scrubbed before events leave your environment. No personal data reaches our monitoring systems.
PII scrubbing via beforeSend hookReadyToUnderwrite is designed to meet the security requirements of the insurance industry and applicable data protection regulations.
Pursuing SOC 2 Type II certification covering security, availability, and confidentiality trust service criteria.
Article 20 data portability built into the platform. Right to access, correct, and delete fully supported.
§1798.100 right to know and right to delete implemented. Self-serve data export available at all times.
You can export your complete dataset at any time — no support ticket needed, no waiting period, no fees. We believe that if you can’t take your data with you, it’s not really yours.
Full export includes all prospect records, carrier configurations, scores, outcomes, documents, and audit history. Delivered as a ZIP archive with SHA-256 integrity checksums in JSON and CSV formats.
We’re happy to discuss our security practices in detail. Reach out to our team anytime.
Contact Our Team →