Security Practices

Data Infrastructure & Encryption

We utilize Amazon Web Services (AWS) to host our infrastructure, leveraging their world-class security protocols and HIPAA-eligible services.

• Encryption at Rest: All sensitive data—including client records, medical data, and quotes—is stored in AWS RDS using AES-256 encryption. This covers all primary databases, snapshots, and backups.
• Encryption in Transit: Every byte of data moving between your browser and our servers is protected using TLS 1.3 (Transport Layer Security) to prevent interception or tampering.
• Secure Key Management: We use AWS KMS (Key Management Service) for centralized management of encryption keys. No plain-text keys are stored within the application code or environment.

Identity & Access Management (IAM)

• Mandatory Multi-Factor Authentication (MFA): In alignment with 2026 cybersecurity standards, MFA is strictly enforced for all administrative access. We provide and require MFA for all Agent accounts to block unauthorized access from credential theft.
• Role-Based Access Control (RBAC): We follow the "Principle of Least Privilege." Users are granted access only to the specific data sets and tools required for their professional roles within the agency.
• Modern Authentication: We use industry-standard identity providers that hash and salt passwords using high-entropy algorithms. QuoteDeck never stores passwords in plain text.

Auditing & Monitoring

• Immutable Audit Logs: QuoteDeck maintains detailed, tamper-proof logs of all access to sensitive data (PII/ePHI). This includes login attempts, record views, data modifications, and export actions, satisfying 2026 "Information System Activity Review" requirements.
• Proactive Threat Detection: We employ automated threat detection (via AWS GuardDuty) to monitor for suspicious activity, unauthorized API calls, or potential breaches 24/7.
• Session Security: To protect data in shared environments, we enforce automatic session timeouts after 30 minutes of inactivity.

Resilience & Recovery

• Point-in-Time Recovery (PITR): Our databases are backed up continuously. We maintain a 7-day rolling window of backups, allowing us to restore data to any specific second within that period.
• 72-Hour Restoration Objective: Our infrastructure is designed for rapid restoration. In the event of a critical failure, our recovery protocols are tested to restore core services within a 72-hour window, meeting the latest contingency planning standards.

Compliance & Professional Standards

• HIPAA-Ready Architecture: While QuoteDeck serves the insurance industry, we build our systems to satisfy HIPAA technical safeguards, including the 2026 updates to the Security Rule that transitioned "addressable" items to "required" status.
• Business Associate Agreements (BAA): We maintain signed BAAs with our core infrastructure providers (AWS) to ensure a chain of legal accountability for your data.
• Administrative Safeguards: Our internal security program includes annual risk assessments, designated security responsibility, and workforce security training to ensure total data integrity.