Security, privacy, and legal, in one place.
RAgencyOS handles your agents’ personal information, your carrier statements, and your payroll math. We take that seriously. Here are the documents that describe exactly what we do with your data, how we protect it, and what we’re obligated to do if something goes wrong.
Documents
Terms of Service
The agreement that governs use of the Service. Covers your responsibilities, ours, disclaimers, liability, and the rules of the road.
Privacy Policy
What data we collect, why, where it lives, how long we keep it, and the rights you and your data subjects have.
Acceptable Use Policy
What you can and can’t do with the Service, account integrity, insurance-industry conduct, communications, and system integrity.
Data Processing Addendum
Controller-processor terms covering how we handle personal data on your behalf. Applies automatically, give this to your procurement team if they ask.
Security Overview
How we protect your data, hosting architecture, encryption, authentication, tenant isolation, backups, monitoring, and incident response.
Subprocessor List
The third parties that process customer data on our behalf, vendor, purpose, region, and a link to each one’s privacy policy. Subscribe to change notifications.
Master Services Agreement
Counter-signable agreement for customers whose procurement team requires one. Most customers don’t need this, the standard Terms work for everyone else.
Vulnerability Disclosure Policy
Safe-harbor terms for security researchers. How to report a vulnerability, what we’ll do with it, and how we handle credit.
Accessibility Statement
Our WCAG 2.1 AA commitment, what we do today, known gaps, and how to report an issue.
Compliance posture
We’re honest about where we are. No marketing-speak certifications we don’t actually have.
| Framework | Status |
|---|---|
| CCPA / CPRA, VCDPA, CPA, CTDPA | Honored |
| Magic-link auth, RLS isolation, TLS 1.2+ | In production |
| 72-hour breach notification | Committed (DPA §11) |
| SOC 2 Type II | Roadmap, when customer demand justifies the audit cost |
| ISO 27001 | Not pursued |
| HIPAA (BAA) | Out of scope, service not designed for PHI |
| GDPR (EU/UK) | Not applicable, US-only customer base |
| Penetration test (third-party) | Roadmap |
Security, audit, or compliance questions?
Email us. We typically respond within one business day. Procurement-team counter-signed copies of the DPA available on request.
support@ragencyos.com