MyPolicyShieldMyPolicyShield
Get Started Free
HomePricingGuidesBlogAboutContact

Security

Built to be trusted with sensitive documents

You shouldn't have to take "trust us" on faith. Here is exactly how your insurance documents are protected, and an honest account of how the AI actually works.

How we protect your data

AES-256 encryption

Your documents are encrypted at rest with AES-256, the same standard used to protect financial and government data. Everything traveling between your browser and our servers is encrypted in transit with TLS.

Redaction before AI processing

Before any policy text is analyzed, our system automatically strips out Social Security numbers and credit-card numbers and replaces them with redaction markers. That data never reaches the AI at all.

No training on your data

We use Anthropic's Claude to analyze your policy. Your documents are not used to train any AI model - not by us, and not by Anthropic, per its API terms. Your policy is read only to answer your question.

Your data stays yours

Policies are tied to your account, not pooled or browsable by anyone else. You can permanently delete any policy or your entire account at any time, and you are never locked in.

Under the hood

Where your data lives

The app runs on Vercel, and data is stored in a Neon (serverless PostgreSQL) database hosted on AWS in the US, encrypted at rest. We store no raw policy files– only the redacted extracted text. Every record is scoped to your account and is never pooled or shared across users. Encryption keys are managed by our infrastructure providers, not in our application code.

Account security

Sign-in is handled by Clerk, a dedicated identity provider, with support for multi-factor authentication (MFA) and secure, managed sessions – so your login is protected by infrastructure built specifically for that job. We strongly recommend turning on MFAfor your account – it is the single best step you can take to protect sensitive documents.

Backups & deletion

Our database provider keeps encrypted automated backups for disaster recovery. When you delete a policy or your account, it is removed from active systems immediately, and any residual copy ages out of those rotating backups within a short retention window. We do not keep your data after you have asked us to delete it.

Reporting a security issue

Found a vulnerability? Please tell us– we take security reports seriously and will respond. As an independent, growing product we do not yet carry formal certifications like SOC 2; third-party audits and penetration testing are on our roadmap as we scale.

How our AI actually works

When you ask a question, the AI answers from your uploaded policy first– not from random internet opinion. It is instructed to ground its answers in your actual document and to cite the relevant policy language where it can. Alongside that, it applies general insurance knowledge of how coverage like yours typically works – for example, what a standard policy of your type usually includes – to add context and flag likely gaps. Your policy's own language always takes precedence over any general norm.

It can still be wrong. AI is a powerful reading assistant, not a licensed expert. Insurance policies also contain endorsements and riders that can override the base policy language, and edge cases that require human judgment. We surface what your policy says so you can have an informed conversation - we do not make formal coverage determinations.

AI-generated analysis is for informational purposes only. It is not legal or financial advice. Always verify coverage details with your carrier or a licensed professional before making a decision, and in any dispute consult a public adjuster, insurance attorney, or your state insurance commissioner.

Want the full data picture? Read our Privacy Policy, or contact us with any question.