Use approved client documents
Only upload information your organization and client allow you to use for this work.
Security and data handling
A plain-English summary for insurance broker teams reviewing how Advanced Underwriters handles client documents, access, retention, and standard source review.
Review summary
Only upload information your organization and client allow you to use for this work.
Remove unnecessary Social Security numbers, dates of birth, license numbers, bank details, medical information, and similar personal data.
The app requires two confirmations before any selected file leaves the browser: authorization to use the files and removal of unnecessary personal information.
These controls support safer use, but brokers still need their employer's approval and must follow applicable client, carrier, and company policies.
Current controls
TLS encrypts data while it moves between a broker's browser and the service.
Convex manages AES-256 encryption at rest for application data and stored broker files.
Time-limited signed file links are created only when an authorized user needs to open a source file.
Organization membership and role checks protect client records and sensitive actions.
Upload URLs are bound to the active organization, project, user, and upload session, then validated by the server.
Sensitive source files and related review data follow a 30-day retention and cleanup schedule.
Standard source review
During standard source review, raw source documents are not sent to an external AI provider.
The service parses supported PDFs and spreadsheets, links reviewed values to the document, page, or worksheet, and keeps broker approval visible.
Service providers
Serves the statically exported public site and security headers.
Provides authentication, server functions, application data, and protected file storage.
Delivers application email. Source documents are not sent through Resend.
Handles billing. Source documents are not sent to Stripe.
Hosts source code and CI workflows. Client source documents are not stored in the code repository.
Removal and retention
Access to a removed source file ends immediately, and its source evidence becomes unavailable in the analysis.
Physical deletion from storage is queued. Non-sensitive audit records may remain so the service can retain an accountable record of the action without retaining the source-file contents.
Other sensitive source and review data follows the stated 30-day retention schedule.
Current limitations
Advanced Underwriters does not currently claim a third-party security certification, regulated health-data compliance, browser-to-recipient encryption, or an on-premise deployment option.
The service does not currently provide end-user MFA or SSO. Teams that require those controls should contact us before approving use.
Need a vendor review?