Skip to main content
TCDS Insurance
Become a Partner
Trust & Compliance

Security at TCDS Insurance

Last updated: May 4, 2026

We handle nonpublic personal information from your borrowers every day — names, addresses, dates of birth, prior-claim history, and loan details. Below is exactly how we keep it isolated, audited, encrypted, and minimized. These are shipped controls in the platform, not aspirations.

Tenant isolation

Every customer-bearing table is scoped by agency_idand gated by Postgres Row-Level Security. Cross-tenant reads are physically blocked at the database layer — an application bug cannot leak agency A’s borrowers to agency B. We test this boundary on every CI run.

Authentication

  • Email + password via Supabase Auth, with optional TOTP multi-factor enrollment.
  • Microsoft 365 SSO available for enterprise tenants.
  • Service-role API keys are scoped to specific feature paths and rotated quarterly.
  • Session cookies are HttpOnly + Secure with SameSite=Lax.

Encryption

  • All traffic served over TLS 1.2+ end-to-end.
  • Application data encrypted at rest by Supabase (Postgres + S3), attachments encrypted at rest in Cloudflare R2.
  • Secrets are stored only in Vercel environment variables and a credential vault, never committed to source.

Audit ledger

Critical events — endorsement requests, automation enrollments, rule changes, customer-facing message sends, and carrier-portal handoffs — are written to an append-only audit_events table with a per-tenant Merkle hash chain. The chain is verifiable on every load of the audit-events browser, which surfaces a tamper warning the moment a row is modified out-of-band.

AI call hygiene & data minimization

Every AI call is gated by a tenant-level spend budget pre-charge and a post-flight reconcile. Direct provider-SDK imports are blocked outside the audited wrapper. PII (SSNs, dates of birth, account numbers, loan numbers) is redacted before any cross-provider boundary.

Backups & recovery

  • Postgres point-in-time recovery, 7-day window.
  • Daily logical backups retained 30 days.
  • Quarterly restore drills.

Reporting a vulnerability

Email security@triageone.io. We acknowledge within 24 hours and aim to triage within 5 business days. Please do not perform invasive testing against production — we will provide a sandbox tenant on request.

Formal SOC 2 attestation and penetration-test reports are available under NDA for enterprise evaluation. See our disclosures page →