Cloview

Clear insight. Smart reconciliation.

Security & Privacy Whitepaper

Hardened Local Infrastructure Specification

Version: 2025.1.0

Last Updated: Dec 2025

Executive Summary

Cloview is designed for the insurance distribution channel, where data privacy and financial accuracy are non-negotiable. Our security model utilizes a "Defense-in-Depth" strategy, ensuring broker data is protected against physical theft, network intrusion, and unauthorized access.

Concentric Security Layers

1. Hardware Layer

AES-256 Full Disk Encryption (LUKS) protects against physical server theft.

2. Data Layer

Field-level PII encryption (Fernet) ensures data remains ciphertext in SQL storage.

3. Transit Layer

TLS 1.3 high-grade ECC encryption for all traffic between browser and local host.

Application-Level Field Encryption

Sensitive Personally Identifiable Information (PII), including Insured Names and Commission Amounts, are encrypted before being written to the PostgreSQL database. We use the 128-bit AES specification in CBC mode with HMAC authentication.

The "Vault" Storage Protocol

Carrier statements are never stored in plain text. Upon ingestion, every file is:

  • Renamed to a non-identifiable random UUID.
  • Encrypted with a unique system key.
  • Stored in an isolated directory restricted at the OS level.

Carrier & Compliance FAQ

1. Is Cloview SOC 2 Compliant?

Our architecture is built for SOC 2 Type II compliance. We currently follow SOC 2 Trust Services Criteria for Security and Confidentiality, utilizing encrypted environments and audited access logs.

2. How is data protected at rest?

We utilize AES-256 Full Disk Encryption at the hardware level. Additionally, sensitive PII is encrypted at the application level using the Fernet (AES-128-CBC) specification before entering the database.

3. Where is the data physically stored?

Unlike cloud-only startups, Cloview operates on hardened local infrastructure. This provides physical data sovereignty and ensures that your data is not co-mingled in shared public cloud environments.

4. Do you support Multi-Factor Authentication (MFA)?

Yes. Cloview enforces MFA for all administrative access and offers session-based authentication for broker users to prevent unauthorized account access.

5. How are your backups secured?

Encrypted database snapshots are taken daily. These backups are protected with a secondary layer of GPG encryption and stored in a secure offsite location for disaster recovery.

6. What is your data retention and disposal policy?

Users retain full ownership of their data. Upon deletion, Cloview performs a cryptographic shredding of the statement files on the physical disk to ensure no forensic data can be recovered.

7. How do you handle search requests for encrypted fields?

Cloview utilizes Blind Indexing (HMAC-SHA256). We store a cryptographically salted hash of the policy number. This allows for instant lookups by policy ID or the last 4 digits without ever exposing the original data to the database search engine.

8. Who has access to my data at Cloview?

Access is governed by the Principle of Least Privilege (PoLP). Internal access is restricted to senior engineering personnel and is only granted for specific maintenance or troubleshooting tasks.

9. What is your Incident Response Plan?

In the event of a suspected breach, Cloview has a formal protocol for **Containment, Eradication, and Recovery**, including a 72-hour notification window for affected users.

10. Do you perform regular security testing?

Yes. We perform regular internal vulnerability scans and code-level security analysis to identify and patch potential threats before they reach production.