Trust & Security

Security at Renova.

Renova builds for regulated industries. Security and compliance are first-class concerns from the platform up.

Our approach

Renova Agent Inc. operates in industries where the consequences of a breach are not abstract. Insurance agents handle PII, financial data, and protected health information. The realtors, mortgage brokers, and financial advisors we'll build for next handle data with similar sensitivity.

Because of that, security is a platform-level concern at Renova. The same security infrastructure powers every product we ship, and it's designed to satisfy both our product requirements and the regulatory frameworks our customers operate under.

Platform Security

What's in place today.

01
Encryption in transit and at rest
All data is encrypted using TLS 1.2+ in transit and AES-256 at rest. No plaintext customer data leaves the application boundary.
02
Row-level access control
Customer data is segmented by row-level security policies enforced at the database layer. No cross-tenant data exposure is possible by application code.
03
Compliance frameworks
CAN-SPAM and TCPA compliance are enforced in the platform layer, not the application layer. Improvements to one product land in all of them.

Compliance roadmap

We're on a structured path toward formal certifications:

  • Phase 1 — Foundation: legal documentation, insurance, internal security policies. In progress.
  • Phase 2 — SOC 2 Type I: audit-readiness preparation with a recognized framework provider. Targeting 2026.
  • Phase 3 — SOC 2 Type II + HIPAA + TCPA attestation: full operational maturity audits, formal compliance certifications for healthcare-adjacent and consumer-protection regimes.
  • Phase 4 — ISO 27001 + carrier integrations: international standards and direct integrations with insurance carrier compliance frameworks.

The plan is detailed and tracked. Customers, prospects, and prospective partners can request the latest status from security@renovaagentinc.com.

Reporting a vulnerability

If you believe you have found a security vulnerability in any Renova product or surface, please report it directly to security@renovaagentinc.com. Please include:

  • A clear description of the vulnerability and the impact you believe it has.
  • Steps to reproduce, including any proof-of-concept.
  • A way for us to acknowledge your report (an email is fine).

We commit to acknowledging all good-faith reports within two business days and to engaging substantively on remediation. We do not currently operate a paid bug bounty program, but we publicly credit reporters with their permission.

Product-specific security

For details on the security architecture of the Cadence application specifically — including authentication, session management, and product-level controls — see the Cadence Security page.

Working in a regulated industry?

If you need to evaluate Renova for compliance purposes, we have a security packet ready. Email security@renovaagentinc.com.

Request the packet