BindFlowBindFlow

Security

Your data is safe with BindFlow

Built with enterprise-grade security for licensed insurance professionals. Because your clients trust you with sensitive information, and you need to trust us with it too.

AES-256 encryption for all sensitive data including SSN
All data transmitted over HTTPS/TLS — no plain text
Role-based access control — agents only see what they're authorized to see
NIPR integration for license verification at onboarding
Regular security audits and penetration testing
No data sold to third parties — ever
Encrypted database backups with restricted access
SSNs encrypted end-to-end before storage

How We Protect Your Data

Security features

AES-256 Encryption at Rest

All sensitive data — including Social Security numbers, NPN data, and personally identifiable information — is encrypted at rest using AES-256, the same standard used by financial institutions.

HTTPS / TLS in Transit

Every piece of data transmitted between your browser and BindFlow servers travels over HTTPS with TLS encryption. No data is ever transmitted in plain text.

Role-Based Access Control

Users only see what they are authorized to see. Agency admins, agents, and CSRs each have distinct permission levels. No agent can access another agency's data.

NIPR License Verification

Agent NPN numbers are verified against the NIPR database during onboarding. BindFlow is a producer-only platform — unlicensed users cannot access the system.

Data Privacy

What we collect, how it's protected, and your rights

We believe in being completely transparent about how we handle your data. Here's the full picture.

What we collect

  • Name, email, and phone number
  • Insurance license number (NPN)
  • SSN for 1099 reporting (encrypted end-to-end)
  • Agency and business address
  • Lines of business and carrier appointments
  • Client and policy data you enter into the platform

How it's protected

  • All data stored in encrypted databases
  • SSNs encrypted before storage — never stored in plain text
  • Database access restricted to authorized services only
  • Regular automated backups with encrypted storage
  • No third-party analytics tools with access to PII
  • Data never sold to third parties, period

Your rights

  • Request a full export of your data at any time
  • Request correction of inaccurate information
  • Request deletion of your account and data
  • Data portability — your book is yours, not ours
  • Contact us at bindflowsupport@bindflowsoftware.com for any data request
  • Response to data requests within 5 business days
Read our full Privacy Policy

Compliance

Built with compliance in mind

Insurance is one of the most regulated industries in the US. BindFlow is designed around those requirements — not bolted on after the fact.

HIPAA Awareness

For agents handling health plan data, BindFlow is designed with HIPAA-awareness in mind. Protected Health Information (PHI) is handled with appropriate access controls and encryption.

CAN-SPAM Compliance

All outbound communications from the BindFlow platform comply with CAN-SPAM requirements. Users retain full control over their communication preferences.

State Insurance Regulation Awareness

BindFlow is built to support agents operating under state insurance department regulations. License tracking and NPN verification are core platform features, not add-ons.

SOC 2 (In Progress)

We are currently pursuing SOC 2 Type II certification. In the interim, we follow SOC 2 security principles across our infrastructure, access controls, and monitoring practices.

Responsible Disclosure

If you discover a security vulnerability in BindFlow, we want to hear about it. Please report it to us directly so we can address it before it can be exploited.

bindflowsupport@bindflowsoftware.com

Have security questions?

Our team is happy to walk through our security practices with your agency or IT team before you sign up.

Contact Us Privacy Policy