Prospekteer is a commercial insurance prospecting platform for independent agents. Here's exactly how we protect your data.
Infrastructure
Hosting
Vercel — SOC 2 Type II certified enterprise edge network. Same infrastructure used by thousands of enterprise SaaS products.
Database
PostgreSQL database — SOC 2 Type II certified. Data encrypted at rest using AES-256. Hosted on AWS US East.
Authentication
Authentication service with JWT tokens. Passwords never stored in plaintext. Supports MFA.
DDoS & CDN
Vercel Edge Network provides global CDN with built-in DDoS mitigation and automatic SSL/TLS.
Data Handling
What we collect
Business contact information (name, phone, address, website) from publicly available databases. We do not collect personal consumer data, financial records, or information governed by GLBA or HIPAA.
What we do not do
We do not sell user data. We do not share prospect data with third parties for advertising. Payment card data is handled entirely by Stripe (PCI DSS Level 1) — we never see or store it.
Data residency
All data is stored in the United States. We do not transfer personal data to international jurisdictions.
Encryption & Access Controls
TLS 1.2+ on all connections
AES-256 encryption at rest
JWT session tokens
Row-level security on all DB tables
API keys never exposed client-side
Secrets managed via Vercel
No plaintext password storage
Automatic HTTPS on all endpoints
Third-Party Services
Stripe
Payment processing. PCI DSS Level 1. Card data never touches our servers.
AI Processing
AI note structuring. Note text only — no account data sent. Not used to train models.
Email Service
Transactional email. SOC 2 Type II certified.
Business Data
Business discovery. Public business information only.
Security Contact
To report a vulnerability or request documentation for vendor evaluation, contact security@prospekteer.com. We respond to all security inquiries within 2 business days. IT teams may request architecture docs, data flow diagrams, and infrastructure certifications upon request.