RAgencyOS · Trust Center

Security, privacy, and legal, in one place.

RAgencyOS handles your agents’ personal information, your carrier statements, and your payroll math. We take that seriously. Here are the documents that describe exactly what we do with your data, how we protect it, and what we’re obligated to do if something goes wrong.

Quick look
We do NOT sell or share Customer Data
We do NOT train AI models on Customer Data
We do NOT use analytics or marketing cookies
We do NOT sign HIPAA Business Associate Agreements (not in scope)
Encrypted in transit (TLS 1.2+) and at rest (AES-256)
Row-level security isolates every agency's data
Magic-link sign-in (no passwords stored)
72-hour breach notification commitment
Audit log with up to 25,000-row XLSX export (Premium)
Daily backups + 7-day point-in-time recovery

Documents

Compliance posture

We’re honest about where we are. No marketing-speak certifications we don’t actually have.

FrameworkStatus
CCPA / CPRA, VCDPA, CPA, CTDPAHonored
Magic-link auth, RLS isolation, TLS 1.2+In production
72-hour breach notificationCommitted (DPA §11)
SOC 2 Type IIRoadmap, when customer demand justifies the audit cost
ISO 27001Not pursued
HIPAA (BAA)Out of scope, service not designed for PHI
GDPR (EU/UK)Not applicable, US-only customer base
Penetration test (third-party)Roadmap

Security, audit, or compliance questions?

Email us. We typically respond within one business day. Procurement-team counter-signed copies of the DPA available on request.

support@ragencyos.com