Bindflow is built for the data handling standards commercial agencies live by.
Agencies are custodians of insureds’ PII, financials, and loss history. Our controls are built around that responsibility from day one, not bolted on later.
Each agency tenant is logically isolated. Submissions, ACORDs, loss runs, and declinations are never commingled across customers. Production access is least-privilege and audited.
We do not fine-tune or train foundation models on agency submissions, policy documents, or loss runs. Anthropic Claude is invoked over API with zero data retention beyond the request lifecycle.
TLS 1.3 in transit. AES-256 at rest for documents and database. Keys managed in AWS KMS with quarterly rotation.
SSO (Okta, Azure AD, Google) for Agency & Enterprise tiers. Role-based access: producer, CSR, ops, principal. Complete audit trail per user action.
Type I audit in progress (target close: Q3 2026). Type II observation window begins immediately after. Happy to share our Vanta trust page under NDA.
Uploaded PDFs are virus-scanned, parsed, and retained only as long as the agency configures (default 90 days, configurable 7-730 days). Deletion is permanent and verifiable.
Primary: AWS us-east-1 and us-west-2. Multi-AZ Postgres (RDS) with daily snapshots and 30-day point-in-time recovery. DR RTO: 4 hours. RPO: 15 minutes.
Anthropic (LLM), AWS (infrastructure), Stripe (billing), Postmark (transactional email). Full list available on request; 30-day notice on any additions.
Our standard response packet covers: data flow diagrams, DPA, BAA (if HIPAA-adjacent), penetration test summary, incident response runbook, vendor risk questionnaire responses. Email security@bindflow.co.