Transport
Security and document handling
Built for sensitive broker work.
Advanced Underwriters protects authorized broker documents through controlled upload, source-backed review, organization access boundaries, and time-limited retention.
Storage
AES-256 at rest
Convex-managed encryptionAccess
Organization role checks
Workspace boundariesRetention
30-day cleanup
Scheduled sensitive-data removalDocument lifecycle
Protection follows the file through the workflow.
Security is a series of concrete controls applied from upload through reviewed output and retention cleanup.
01 · Upload
Bind the source package to the session.
TLS protects transport. Upload-session binding and server-side validation limit what enters the workflow.02 · Review
Request access only when needed.
Signed storage URLs are issued for source review and audited access requests record protected-file access.03 · Work
Keep activity inside organization boundaries.
Organization role checks protect review, comparison, and deliverable actions.04 · Retention
Drain sensitive data on schedule.
Sensitive source material follows a 30-day retention policy and scheduled cleanup path.Verified controls
Specific safeguards. Plain language.
These are controls implemented for the current broker workflow. No certification theater and no claims that outrun the product.
Transport
TLS in transit
Browser and service traffic uses encrypted transport while authorized broker files and application data move through the system.Storage
Convex-managed AES-256 at rest
Stored broker material is protected by the encryption controls provided by the application’s managed Convex infrastructure.Access
Organization role checks
Workspace membership and roles gate access to broker review workflows, records, and protected actions.File intake
Upload-session binding
Upload requests are tied to the active session and validated server-side before files enter the review path.Source access
Signed storage URLs
Bearer-accessible source URLs are requested only when needed and are not designed for durable storage or sharing.Operations
Audited access requests
Requests for protected source-file access are captured for operational review without persisting the signed URL itself.Default AI boundary
Source review does not depend on sending raw documents to an external AI provider.
Verified Source Review uses deterministic parsing, evidence, broker mapping, and review as the default path. AI remains optional acceleration, not the trust boundary.
Raw source documents are not sent to external AI providers in the default Verified Source Review path.
Files are still uploaded to Advanced Underwriters cloud storage for parsing and review.
- External AI is not required for default source review
- Evidence and broker review remain visible
- Organization access boundaries still apply
Operational boundaries
Designed to reduce durable exposure.
The product treats file access, signed source links, and sensitive-data retention as bounded activities rather than permanent background state.
30-day retention
Sensitive data is scheduled for cleanup.
Retention work drains due source rows and related review material on a scheduled path.Time-limited source access
Signed source URLs are requested only when needed.
The signed URL itself is not persisted for durable storage or sharing.Audited requests
Protected-file access leaves an operational record.
Source-file access requests are captured for operational review.Security questions
Start with the controls that exist today.
Review the platform with one authorized client package, or contact us to discuss document handling and workspace boundaries.
