For carriers, captive networks and large agencies

Every line of customer data is protected by design, not by promise.

Cadence is built for the agencies whose technology choices have to clear vendor security review. Tenant isolation at the database layer. Full audit logging on every change. Multi-factor auth required by default.

Talk to Sales See compliance roadmap
Built for
Captive Networks Independent Agencies IMOs and MGAs Multi-State Brokerages District Operations
Security posture

What is shipped today.

Six core controls, all in production now.

No claim below is aspirational. Each control is live in production right now.

Shipped
Tenant isolation via Row-Level Security
Postgres-level access controls enforce data separation between agencies. Even with elevated database access, users cannot see other tenants' data.
Shipped
Multi-factor authentication required
TOTP via Google Authenticator, Authy, 1Password, or any RFC 6238 client. SMS fallback. Backup codes. Required for every customer account.
Shipped
Full audit log of every mutation
Every create, update, and delete is captured with user ID, timestamp, IP address, and user agent. Surfaced to admins in-app on Elite and Enterprise plans.
Shipped
Encryption in transit (TLS 1.3)
All endpoints enforce TLS 1.3 with managed certificates. HTTPS-only cookies. HSTS enabled with a one-year max-age.
Shipped
Encryption at rest (AES-256)
Customer data in Postgres is encrypted at rest using AES-256 via Supabase. Backups inherit the same encryption standard.
Shipped
OAuth 2.0 sign-in
Google and Microsoft sign-in are live. SAML SSO for enterprise identity providers (Okta, Azure AD) is in active development.
For agency leadership

Built for district managers and HQ rollouts.

What the platform gives you above the agent layer.

A solo agent installs Cadence and uses it the same afternoon. A 200-agent district needs more: visibility, control, deployment-at-scale.

1
Multi-agent visibility
Roll up lead pipelines, renewal calendars, and conversion metrics across every agent. Identify who is behind on follow-ups before the renewal date hits.
2
Agency-wide templates
Push approved messaging templates to every agent. Lock the brand voice across SMS and email. Audit which agents customized which templates.
3
Compliance-grade audit trail
When the carrier asks who did what and when, the answer is in the audit log. IP-stamped, user-stamped, time-stamped. Exportable on request.
How we differ

Modern stack, built this decade.

Security and AI as architecture, not bolt-ons.

Most insurance CRMs were built before the iPhone. Cadence was built in the era of multi-factor by default, RLS at the database layer, and AI-native workflows.

The legacy approach
Security as a checkbox bolted onto a 15-year-old codebase.
Permissions enforced in application code (which means a single missed check leaks the whole tenant). MFA optional. Audit logs partial or missing. AES claims without architectural backing.
The Cadence approach
Security as the architecture, not the marketing.
Tenant isolation enforced by the database, not the app. MFA required for every account. Audit log is comprehensive by default. Encryption is platform-level, not a configuration setting.
The legacy approach
An AI bolt-on launched after ChatGPT got popular.
A single GPT-3.5 wrapper for "draft email" and nothing else. No structured extraction, no inbound parsing, no outcome-based routing.
The Cadence approach
AI in every part of the lead lifecycle.
Inbox parsing pulls structured leads from carrier emails. Reply detection triggers sequence pauses automatically. Call summaries generate next-actions. Each AI feature has a manual override.
Compliance roadmap

Where we are. Where we are going.

Four phases over 18 to 24 months.

A four-phase roadmap published for buyers who care about pace and direction. Phase 1 is in flight today; Phases 2 through 4 are sequenced over the next 18 to 24 months.

Phase 1
Active now

Foundation: legal documents, insurance, internal policies

Privacy Policy and Terms of Service drafted with SaaS-experienced counsel. Cyber liability ($2M) and tech E&O ($2M) bound. 12 internal security policies ratified. Subprocessor list public. /security trust page live.

Phase 2
Q3 2026

SOC 2 Type I attestation

Compliance automation platform engagement. Gap remediation against AICPA Trust Services Criteria. CPA firm field work and report. Result: signed SOC 2 Type I report shareable with prospective enterprise customers under NDA.

Phase 3
Q1 2027

SOC 2 Type II + HIPAA + state regulations

Type II audit completed after the observation period. HIPAA Business Associate Agreement template ready for life and health agents. NY DFS 23 NYCRR 500 and NAIC Data Security Model Law compliance. CCPA / CPRA endpoint live.

Phase 4
2027+

Carrier-specific compliance

Hearsay Social partnership for compliant SMS with captive carriers. ISO 27001 certification for international expansion. Annual third-party penetration testing. Carrier-specific vendor security questionnaires (SIG, CAIQ, custom carrier formats).

In active development

Honest about what is coming.

Engineering work in progress, not vapor.

Real engineering work in progress, not vapor. Listed here so procurement teams know what to expect rather than assuming it is already shipped.

+
SAML SSO for enterprise identity providersOkta, Azure AD, Google Workspace. WorkOS integration. Available on Enterprise tier when shipped.
+
White-label deployment for IMOs and large agenciesCustom domain, custom branding, custom from-addresses per agency.
+
SCIM auto-provisioningUser accounts auto-created and de-provisioned from your identity provider.
+
IP allowlisting for admin accessRestrict administrative login to corporate IP ranges.
+
Hearsay Social integrationFor captive agents at major carriers required to use carrier-approved SMS platforms.
+
Customer-managed encryption keys (CMEK)Bring-your-own-keys for agencies that require key sovereignty.
Talk to sales

Built for real evaluations.

Tell us about your agency. Real human response within one business day.

Tell us about your agency. We will share what is relevant to your buying process — security questionnaire responses, attestation timelines, deployment scope, white-label options.

SIG / CAIQ / custom questionnairesWe will complete vendor security questionnaires honestly, including which controls are in flight versus shipped.
Attestation reports under NDAInsurance certificates, internal policies, and (when available) SOC 2 reports shared after a mutual NDA.
Pilot deployments10 to 50 agent pilots with documented success criteria and a 90-day evaluation window.

A real human responds within one business day. No marketing nurture sequences.

Ready to evaluate?

Whether you are running a 50-agent district or a 5,000-agent network — we built Cadence for procurement-grade buying.

Talk to sales View security details