Security.
Insurance data demands the highest standard of protection. Security is not a feature. It is the foundation every line of code is built on.
Infrastructure
Encryption
TLS 1.3 in transit. AES-256 at rest. All secrets managed via hardware-backed key stores. Zero plaintext secrets in code or configuration.
Tenant Isolation
Row-level security enforced at the database layer. Every query is scoped to the authenticated organization. Cross-tenant access is architecturally impossible.
Authentication
SSO via SAML 2.0 and OIDC. Multi-factor authentication enforced for all admin accounts. JWT tokens with short-lived expiration and automatic rotation.
Authorization
Fine-grained permission modeling with relationship-based access control. Role hierarchies with least-privilege defaults. Full audit trail on every permission check.
Compliance
Type II In Progress
Compliant Architecture
Model Law Ready
Vulnerability Disclosure
We welcome responsible disclosure of security vulnerabilities. If you discover a potential issue, please report it to security@openinsure.dev. We commit to acknowledging reports within 24 hours and providing an initial assessment within 72 hours.
For security inquiries or to request our SOC 2 report, contact security@openinsure.dev