CoverGuard

Trust Center

Built for regulated, money-bearing workflows

CoverGuard influences purchase and lending decisions, so security, privacy, accessibility, and auditability are design requirements — not afterthoughts. Here is exactly where we stand.

Live system status: status.coverguard.io

Encryption everywhere

TLS 1.3 in transit, AES-256 at rest. Backups encrypted and geographically redundant.

Infrastructure

Hosted on Vercel and Supabase (SOC 2-compliant infrastructure), with DDoS protection and autoscaling.

Access controls

Role-based access, Postgres row-level security, OAuth 2.0, and least-privilege across systems.

Accessibility

WCAG 2.2 AA is the design floor. A VPAT/ACR is maintained and available to enterprise buyers on request.

AI you can trust

How the CoverGuard Advisor is governed

The Advisor is AI woven through the product — but it is a bounded capability, not the system of record. It reads the same auditable outputs you can, explains them, and recommends next steps. The deterministic engine decides; the model never does.

What the Advisor may do
  • Explain any hazard, score, or carrier decision in plain language
  • Compare carriers, plan remediation, and draft client-ready copy
  • Synthesize across a property, deal, or portfolio
  • Cite the source behind every number it surfaces
What it may never do
  • Set or finalize a price, or make the insurability decision of record
  • Bind coverage or commit money
  • Give legal, tax, or accounting advice
  • Access another tenant's data or override access controls
Enforced by a hardened system prompt plus deterministic input/output screening, versioned evaluations before release, and a logged audit trail (model, version, tokens, input hash) on every AI call that influences what you see.

Compliance documents

We share the candid status of each artifact. Items marked “on request” are provided to enterprise buyers during procurement, under NDA where appropriate.

DocumentStatusNotes
SOC 2 Type IIIn progressType II observation window underway; report available under NDA when complete.
VPAT / ACR (WCAG 2.2 AA)On requestAccessibility Conformance Report for procurement review.
Data Processing Addendum (DPA)On requestCCPA-aligned; signed with enterprise agreements.
Sub-processor listPublished on requestCurrent third-party processors and their purpose.
Penetration test summaryOn requestMost recent third-party assessment summary, under NDA.

Running a security or procurement review?

Request our trust pack — VPAT/ACR, DPA, sub-processors, and the latest assessment summaries.

Request the trust pack
Now AI-native

From hazard report to real carrier quotes & pricing

The CoverGuard Advisor reads the risk, finds the carriers writing it, and pulls back live quotes — with every number sourced and auditable.

Check a property free How the AI is governed