Built for the Business That Can't Afford a Breach

Your Data Never Touches Another Company’s

Every CoverageShield account operates in a completely isolated environment. Row-level security enforces organization isolation at the database layer. Your queries can only return your data. Company A’s policies, gaps, and contracts are architecturally inaccessible to Company B. This is not a permission setting. It is enforced at the database engine level on every query.

Hosted on AWS in the United States

CoverageShield runs entirely on AWS infrastructure in the US East region (Northern Virginia). The application layer is deployed via Vercel on AWS. The database layer runs on Supabase, also hosted on AWS us-east-1. All data resides in the United States. All data in transit is encrypted via TLS 1.2+. All data at rest is encrypted using AES-256, enforced at the infrastructure layer by AWS.

CoverageShield currently operates in a single-region architecture with 7-day automated backups. Multi-region redundancy is on the product roadmap. Recovery time objective (RTO) and recovery point objective (RPO) targets are 4 hours and 24 hours respectively under current architecture.

Enterprise-Grade Authentication

Users authenticate via email/password, Google OAuth, or Microsoft OAuth. All passwords are hashed using bcrypt. Sessions are JWT-based with configurable expiry. Within an organization, role-based access controls distinguish between account owners and standard users. Account owners can invite team members and manage permissions. All authentication events are logged with timestamp and IP address.

Policy Documents Stored in Isolated Buckets

When you upload a policy PDF, it is stored in a storage bucket scoped exclusively to your organization ID. No shared storage. No cross-account access. Your documents are never commingled with another company’s files.

Claude AI Processes Your Documents in Isolation

CoverageShield does not retain raw prompts. Prompts are constructed at request time, sent to the API, and the structured response is stored. The prompt itself is never persisted.

CoverageShield uses Anthropic’s Claude API for policy document analysis. Anthropic does not use API submissions for model training. Under Anthropic’s standard API terms, inputs may be temporarily retained for up to 30 days for trust and safety monitoring. For customers with zero-retention requirements, Anthropic enterprise agreements with zero data retention are available. Contact us to discuss enterprise data handling arrangements.

Our Intelligence Comes From Public Data, Not Your Submissions

The industry benchmarks, coverage requirements, and gap intelligence that power CoverageShield’s analysis are sourced entirely from public third-party data: NCCI workers’ compensation data, Insurance Information Institute (III) claims statistics, NAIC complaint ratios, and Hiscox SMB insurance reports. Your policy submissions are never used to train our models or build our intelligence database. Your data informs your analysis only.

We Take No Money From Carriers or Brokers. Ever.

CoverageShield’s business model is entirely subscriber-funded. We accept no referral fees, commissions, affiliate revenue, or payments of any kind from insurance carriers or brokers. This independence is not a marketing claim. It is the architectural foundation of everything we build. Our analysis serves you, not the insurance industry.

Full Audit Trail of Data Access

CoverageShield maintains a complete audit log of all key actions including policy uploads, gap analysis runs, contract scans, report generation, settings changes, and account deletions. Each log entry records the user, action type, resource accessed, timestamp, and IP address. Users can view their organization’s activity log under Settings > Security.

Administrative access to audit logs is restricted to security and operations personnel, is itself logged, and exposes only metadata (who performed what action, when, from what IP address). No customer policy documents, gap analysis content, or business data is accessible through the administrative audit interface.

You Control Your Data

Users can delete individual policies, documents, and contracts directly from the dashboard. Full account deletion is available as a self-service option under Settings > Data & Privacy. Account deletion permanently removes all organization data including policies, gap analyses, contracts, documents, audit logs, and the associated user account. Backups are retained for 7 days before permanent deletion.

Commitment to Transparency

Application performance and error rates are monitored continuously. Automated alerting is configured for anomalous error rates, authentication failures, and unusual access patterns. Logs are aggregated and retained for security review. In the event of a confirmed data breach, affected customers will be notified within 72 hours of discovery with a description of the incident, data involved, and remediation steps taken.

SOC 2 Type II Roadmap

CoverageShield is targeting SOC 2 Type II certification within 12 months. This third-party audit will independently verify our security controls, availability, and confidentiality practices. We will publish our audit results publicly when complete. Current security controls are designed with SOC 2 trust service criteria in mind. Customers requiring accelerated timelines or specific compliance documentation should contact us directly.