Security and document handling

Built for sensitive broker work.

Advanced Underwriters protects authorized broker documents through controlled upload, source-backed review, organization access boundaries, and time-limited retention.

Transport

TLS in transit

Encrypted service traffic

Storage

AES-256 at rest

Convex-managed encryption

Access

Organization role checks

Workspace boundaries

Retention

30-day cleanup

Scheduled sensitive-data removal

Document lifecycle

Protection follows the file through the workflow.

Security is a series of concrete controls applied from upload through reviewed output and retention cleanup.

01 · Upload

Bind the source package to the session.

TLS protects transport. Upload-session binding and server-side validation limit what enters the workflow.

02 · Review

Request access only when needed.

Signed storage URLs are issued for source review and audited access requests record protected-file access.

03 · Work

Keep activity inside organization boundaries.

Organization role checks protect review, comparison, and deliverable actions.

04 · Retention

Drain sensitive data on schedule.

Sensitive source material follows a 30-day retention policy and scheduled cleanup path.

Verified controls

Specific safeguards. Plain language.

These are controls implemented for the current broker workflow. No certification theater and no claims that outrun the product.

Transport

TLS in transit

Browser and service traffic uses encrypted transport while authorized broker files and application data move through the system.

Storage

Convex-managed AES-256 at rest

Stored broker material is protected by the encryption controls provided by the application’s managed Convex infrastructure.

Access

Organization role checks

Workspace membership and roles gate access to broker review workflows, records, and protected actions.

File intake

Upload-session binding

Upload requests are tied to the active session and validated server-side before files enter the review path.

Source access

Signed storage URLs

Bearer-accessible source URLs are requested only when needed and are not designed for durable storage or sharing.

Operations

Audited access requests

Requests for protected source-file access are captured for operational review without persisting the signed URL itself.

Default AI boundary

Source review does not depend on sending raw documents to an external AI provider.

Verified Source Review uses deterministic parsing, evidence, broker mapping, and review as the default path. AI remains optional acceleration, not the trust boundary.

Raw source documents are not sent to external AI providers in the default Verified Source Review path.

Files are still uploaded to Advanced Underwriters cloud storage for parsing and review.

  • External AI is not required for default source review
  • Evidence and broker review remain visible
  • Organization access boundaries still apply

Operational boundaries

Designed to reduce durable exposure.

The product treats file access, signed source links, and sensitive-data retention as bounded activities rather than permanent background state.

30-day retention

Sensitive data is scheduled for cleanup.

Retention work drains due source rows and related review material on a scheduled path.

Time-limited source access

Signed source URLs are requested only when needed.

The signed URL itself is not persisted for durable storage or sharing.

Audited requests

Protected-file access leaves an operational record.

Source-file access requests are captured for operational review.

Security questions

Start with the controls that exist today.

Review the platform with one authorized client package, or contact us to discuss document handling and workspace boundaries.

Get started[email protected]