Security

You're Handing Us the Keys to Your Carrier Portals. Here's How We Protect Them.

The first question every agency asks: 'What are you doing with my data?' Here's exactly what we do, and what we don't.

Credential Storage

How We Store Your Credentials

AES-256 Encryption

All carrier portal credentials are encrypted at rest using AES-256, the same standard used by banks and government agencies.

Zero Human Access

Your credentials are accessed only by our automation system. No RPA Studio employee can view or retrieve your passwords.

Secure Credential Vault

Credentials are stored in an isolated vault with access logging. Every access is audited and traceable.

MFA Handling

How We Handle Multi-Factor Authentication

Many carrier portals require MFA. Our system handles MFA prompts programmatically where supported, and coordinates with your team for portals that require manual MFA approval. We never store MFA tokens beyond their valid session window.

Client Data Handling

How We Handle Your Client Data

Data in Transit

All data is encrypted in transit using TLS 1.2+. No client data is ever transmitted in plaintext.

Data at Rest

Client data processed during automation runs is encrypted at rest and retained only as long as needed to complete the workflow.

Data Minimization

We only access the data fields required for your specific automation workflows. No bulk data extraction, no data mining.

Data Deletion

When you offboard, all your data (credentials, client records, workflow configurations) is permanently deleted within 30 days.

Compliance

Standards & Compliance

SOC 2 Practices

We follow SOC 2 Type II security practices across our infrastructure, access controls, and monitoring.

HIPAA Awareness

For agencies handling health insurance, we maintain HIPAA-aware data handling practices.

State Regulations

We're built to support compliance with state-level insurance data handling requirements.

Regular Audits

Our security practices are regularly reviewed and updated to address emerging threats.

Cyber Liability Insurance

We carry comprehensive cyber liability insurance. Documentation available upon request.

Due Diligence

Questions to Ask Any Vendor

If you're evaluating any automation vendor, including us, ask these questions:

  1. Where are my credentials stored, and who can access them?
  2. Is my data encrypted at rest and in transit?
  3. What happens to my data if I cancel?
  4. How do you handle carrier portal MFA?
  5. Do you have a security incident response plan?
  6. Can you provide documentation of your security practices?

FAQ

Frequently Asked Questions

Can RPA Studio employees see my carrier passwords?

No. Credentials are encrypted and accessed only by the automation system. No human can view them.

What happens if there's a security breach?

We have an incident response plan that includes immediate credential rotation, client notification within 24 hours, and full forensic investigation.

Do you sell or share my client data?

Never. Your data is yours. We don't sell, share, or use it for anything other than running your automations.

How do you handle carrier portal changes?

We monitor portals continuously. When changes occur, we update automations and re-validate security configurations.

What certifications do you have?

We follow SOC 2 Type II practices and maintain comprehensive security documentation available upon request.

Can I get a copy of your security documentation?

Yes. Contact us at hello@rpastudio.ai and we'll share our security overview and practices documentation.

See how onboarding works →See pricing →

Ready?

15 minutes to see if this fits your agency.

No pressure. No pitch deck. Just a quick look at your quoting flow and whether RPA Studio is a fit for it.

Month-to-month. No contract. About 30 seconds to book.