Skip to main content
Policy Balance Hub

Insurance data security and compliance

Policy Balance Hub is built from the ground up with the controls insurance agencies need to meet GLBA, NAIC, and state regulatory requirements — and the audit evidence to prove it.

Encryption at Rest and in Transit

All data is encrypted using industry-standard algorithms to protect your sensitive information.

  • AES-256 encryption for all data at rest
  • TLS 1.3 for all data in transit
  • Database-level encryption with rotating keys
  • Encrypted backups with separate key management

Multi-Tenant Data Isolation

Your data is completely isolated from other agencies. There is no cross-tenant data access.

  • Every database query filters by agency_id
  • Row-level security policies on all tables
  • Separate encryption keys per tenant
  • Regular isolation testing and verification

PII Protection

Personal identifying information is handled with the utmost care and never exposed to AI processing.

  • Names and SSNs are tokenized before AI processing
  • PII redaction layer strips sensitive fields automatically
  • No personal data is sent to external AI services
  • Data minimization principles applied throughout

SOC 2 Type II Compliance

We are actively pursuing SOC 2 Type II certification to demonstrate our commitment to security.

  • Security controls mapped to SOC 2 Trust Service Criteria
  • Independent third-party auditor engaged
  • Continuous monitoring of control effectiveness
  • Expected certification timeline: Q3 2026

Insurance Regulatory Compliance

Built to meet the regulatory requirements that govern insurance agencies, with controls mapped to multiple frameworks.

  • GLBA Safeguards Rule — encryption, access controls, and audit trails for financial data
  • NAIC Insurance Data Security Model Law (Model 668) — risk assessments and incident response
  • CCPA / CPRA — consumer data access, deletion, and opt-out rights for California residents
  • NIST Cybersecurity Framework 2.0 — risk-based security program alignment
  • PCI DSS — payment card security delegated to Stripe (PCI Level 1 service provider)

Regular Security Audits

Our security posture is continuously evaluated through automated scanning and manual review.

  • Quarterly penetration testing by third-party firms
  • Automated vulnerability scanning on every deployment
  • Dependency security scanning in CI/CD pipeline
  • Annual comprehensive security review

Audit Logging

Every state-changing action in the system is logged with full context for compliance and forensics.

  • Immutable audit trail for all data modifications
  • User, timestamp, and action recorded for every change
  • Audit logs retained for 7 years
  • Export capability for regulatory compliance

Compliance frameworks we align to

Policy Balance Hub implements technical controls mapped to the regulatory standards that govern insurance agencies handling sensitive policyholder data.

GLBA
Gramm-Leach-Bliley Act
SOC 2
Type II (pursuing)
CCPA/CPRA
California Privacy Rights
NAIC 668
Data Security Model Law
NIST CSF
Cybersecurity Framework 2.0
PCI DSS
via Stripe

Ready to stop drowning in spreadsheets?

See how Policy Balance Hub can automate premium reconciliation for your agency. Start the trial in minutes — or request a personalized walkthrough.

Start Free TrialRequest a Demo

14-day free trial. No credit card required.