Security at Quotevolution
Protecting the data entrusted to us by insurance agencies and their clients is foundational to how we build and operate the Quotevolution platform. Below is a plain-language overview of the safeguards we maintain.
Data Encryption
All data transmitted between your browser and the Quotevolution platform is encrypted using TLS 1.2 or higher. Data at rest — including customer records, quote data, and uploaded documents — is encrypted using industry-standard encryption on our cloud infrastructure.
Multi-Factor Authentication
Multi-factor authentication (MFA) is required for administrative and remote access to the platform. We support trusted-device recognition to streamline day-to-day logins while maintaining strong verification for new or unrecognized sessions.
Role-Based Access Control
Access to data and platform functions is granted on a least-privilege basis. User roles determine what each person can see and do within an account. Access is reviewed periodically, and departing personnel are deprovisioned promptly.
Hosting and AI Processing on Microsoft Azure
The Quotevolution platform — including all AI features — is hosted entirely within Microsoft Azure (Azure AI Foundry / Azure OpenAI Service). Customer data and nonpublic personal information are processed within our Azure environment and are not shared with AI model providers for their own training or purposes. No customer data leaves our controlled cloud environment for AI processing.
Written Information Security Program
We maintain a formal Written Information Security Program (WISP) aligned to the GLBA Safeguards Rule (16 C.F.R. Part 314) and the NAIC Insurance Data Security Model Law. The program covers risk assessment, access controls, vulnerability management, employee training, vendor oversight, audit logging, and physical safeguards. It is reviewed and updated at least annually and after any material change or significant incident.
Incident Notification
In the event of a confirmed unauthorized acquisition of nonpublic personal information, we will notify affected customers without undue delay and no later than 72 hours after confirmation, and will make any regulatory notifications required by applicable law.
Additional Safeguards
- Regular vulnerability scanning and periodic penetration testing
- Audit logging of significant platform events
- Written data-protection contracts with all sub-processors
- Business continuity and backup procedures with tested recovery
- Security awareness training for all personnel with access to customer data
A summary of our information security program is available to customers on request at legal@quotevolution.com.