Insurance client data is sensitive: names, DOBs, SSNs for underwriting, vehicle info, property details, policy numbers. Here is exactly how Agent Lead Engine stores, encrypts, and protects it.
The CRM platform powering ALE runs SOC 2 Type II attested, reviewed and audited annually.
TLS 1.2+ on every connection, HTTPS everywhere, no plain text traffic across the platform.
AES 256 encryption on stored data including contact records, messages, documents, and attachments.
AWS backbone with segmented databases per subaccount. Isolated tenants.
Daily automated backups with point in time recovery. Geographically redundant.
24/7 infrastructure monitoring, anomaly detection, intrusion alerts.
Third party pen tests performed annually on the platform.
Role based access limits which staff touch which data.
Admin, user, agent roles with granular permissions. Producers see only their contacts by default.
2FA available and recommended on every user account. Required for admin logins.
Every login, every record view, every export logged and queryable.
Session timeout enforced, IP restrictions available on request.
No lock in, no hostage data.
Full CSV export of contacts, conversations, opportunities, tasks any time from your dashboard.
If you cancel, we deliver a complete data export package within 5 business days at no charge.
Permanent deletion of your account and all stored records upon written request.
We do not sell, rent, or share your client data with third parties. Ever.
Your client records are not used to train third party AI models.
List of processors (Twilio for SMS, SendGrid for email, etc.) disclosed on request.
| Data Type | Retention | Reason |
|---|---|---|
| Contact Records | Life of account | Active CRM use |
| Consent Records | 5 years minimum | TCPA compliance |
| SMS Conversation History | 5 years | Consent and audit trail |
| Call Recordings | Configurable, default 90 days | Training and dispute resolution |
| Email Archives | Life of account | Conversation continuity |
| Account After Cancellation | 30 days grace, then purged | Allows export or reactivation |
No system is breach proof. Here is what happens if one is attempted against us.
Platform monitoring flags unusual activity. Security team investigates within hours.
Affected accounts isolated immediately, credentials rotated, access restricted.
Affected clients notified within state breach notification windows, typically 72 hours or less.
We take this seriously. If you need docs for a carrier review or E&O audit, we will provide them.