Data Security at BindPilot

We take security seriously. Your agency's data and your clients' information are protected with enterprise-grade encryption, compliance standards, and industry best practices.

Encryption & Infrastructure

🔒 Data Encryption

All data is encrypted with AES-256 at rest. In transit, we use TLS 1.3 (the latest TLS standard) to protect all communication between your browser and our servers.

🌐 Cloudflare Network & DDoS Protection

BindPilot is hosted on Cloudflare's global network with automatic DDoS mitigation, edge caching, and Web Application Firewall (WAF) protection.

Authentication & Access Control

🔐 Password Security

Passwords are hashed using bcrypt with salting, making them impossible to recover even if our database were compromised.

🎫 JWT Tokens & Sessions

Authentication uses JWT tokens with short expiration times. We also support Google SSO for frictionless, secure login.

👥 Role-Based Access Control

Each user has role-based permissions (admin, user, viewer). Agency data is isolated by customer — no data cross-contamination.

Data Ownership & Privacy

🏛️ Your Data, Your Property

You own 100% of your data. We don't sell client information, don't access your data for marketing, and don't use your policies for training AI models.

📊 Anonymized Marketplace Data

To power our carrier marketplace, we use fully anonymized quoting data: no agency names, no client PII, no policy numbers. ZIP codes are truncated to 3 digits.

📤 Data Export Window

When you cancel, you have 30 days to export all your data. After that, data is securely deleted from our systems.

Compliance & Certifications

SOC 2 Type II (In Progress)
GLBA Compliant
NAIC Data Security Model Law
🔍
Quarterly Pen Testing (Q3 2026+)

We comply with insurance industry data security standards and are working toward full SOC 2 Type II certification in 2026.

Incident Response & Transparency

🚨 24-Hour Notification Policy

In the unlikely event of a security incident, affected customers will be notified within 24 hours with clear details about what happened and steps we've taken.

🔔 Vulnerability Disclosure

We conduct quarterly third-party penetration testing (starting Q3 2026) and welcome responsible security disclosures. Email [email protected] for vulnerability reports.

Questions? Let's Talk Security.

Have security questions or concerns?

[email protected]

We're happy to discuss our security practices, certifications, and compliance measures in detail.