Security at QuoteSweep
QuoteSweep stores carrier portal credentials on behalf of independent agencies, so credential protection is the center of our security model. This page summarizes how that model works. The full engineering deep-dive lives on our technology page.
Is it safe to give QuoteSweep my carrier portal credentials?
Carrier credentials are encrypted at rest with AES-256-GCM, the same encryption standard used by banks and government agencies. Each credential uses a unique, randomly generated initialization vector, so identical passwords produce completely different encrypted outputs.
Credentials are decrypted only in memory, only for the duration of a quote session, and are never written to logs or temporary files. Encryption keys are stored separately from the database in environment-level secrets that are never committed to source code.
Agency data isolation
Every database query is scoped to your agency. There is no way to access another agency's data, credentials, or quote history. Carrier credentials are never shared between agencies, even when two agencies quote the same carrier.
Encryption in transit
All connections to QuoteSweep — and from QuoteSweep's agents to carrier portals — use TLS 1.3 encryption in transit.
Infrastructure and subprocessors
QuoteSweep runs on vetted cloud infrastructure providers. The complete, current list of third-party services that process data on our behalf — and what each one is used for — is published on our subprocessors page.
Reporting a security issue
If you become aware of unauthorized access or a vulnerability, email security@quotesweep.com. Reports go directly to the engineering team.