Trust Center
Last updated: June 16, 2026
ChronosCodex is the CRM that insurance agencies use to run their book of business, which means we hold sensitive household and client data on your behalf. This page explains, in plain English, how that data is owned, isolated, encrypted, accessed, logged, and backed up. Contractual commitments are made in customer agreements.
Data ownership
Your agency owns your data. ChronosCodex stores and processes tenant data only to provide the CRM, communications, billing, support, security, and related services. ChronosCodex does not sell tenant data.
Tenant isolation
Each agency has a private tenant workspace. Tenant boundaries are enforced through application and data-access controls scoped to each agency, so no tenant can access another tenant's records.
Platform-admin and support access to a tenant is restricted, reason-required, and audited. There is no path for one tenant to reach another tenant's data.
Encryption & sensitive fields
Traffic is served over TLS/HTTPS in transit. Sensitive fields such as Social Security Numbers are encrypted separately at rest, and revealing an SSN is permission-gated and audited.
Backups and exports are access-controlled and stored outside any public web location.
Authentication & access controls
- TOTP two-factor authentication.
- Secure, sliding sessions.
- Invite-based onboarding for new users.
- Role-based access within an agency.
- Password-reset safeguards.
- Restricted, audited platform-admin access.
Audit logging
Sensitive events are logged so that access and changes can be reviewed. Logged events include:
- Login and failed-login events.
- Platform-admin and support access (impersonation).
- SSN reveal.
- Data export and download.
- Billing status changes.
- Role and permission changes.
- BAA and deletion request status changes.
Backups & data-ownership controls
Encrypted backups are maintained operationally. Export and backup-visibility controls are handled through supported account workflows so agencies have practical control over their own data.
HIPAA / BAA readiness
ChronosCodex is built for insurance-agency workflows and includes safeguards such as tenant isolation, access controls, audit logging, and encryption of sensitive fields. For agencies that require a Business Associate Agreement, BAA requests may be submitted for review. Final BAA terms and compliance representations remain subject to legal review. Customers remain responsible for their own regulatory obligations and proper use of client data.
Subprocessors
ChronosCodex uses scoped service providers to deliver billing, communications, email, infrastructure, and optional AI assistance. Detailed provider information is available to customers during contracting and security review.
| Provider category | Purpose | Data access | Region |
|---|---|---|---|
| Payment processor | Subscription billing & payments | Billing metadata | United States |
| Communications provider | Voice, SMS, and messaging features | Communication data | United States |
| Email and hosting providers | Email delivery and supporting cloud infrastructure | Communication and platform data | United States |
| Security and edge providers | Network protection, DNS, and delivery controls | Infrastructure metadata | United States / Global |
| AI provider | Optional AI assistance when enabled by a tenant; sensitive fields excluded or redacted where appropriate | Scoped task data | United States |
Subprocessor list last updated June 16, 2026.
Security contact
To report a security concern or for any privacy or trust question, contact [email protected].
Please do not send Social Security Numbers or other sensitive client data by unsecured email.
Shared responsibility
ChronosCodex secures the platform, tenant isolation, authentication, audit systems, encryption, and core data controls. Agencies remain responsible for granting user access appropriately, collecting required client consent, using communications lawfully, and meeting their own regulatory obligations.
Related
Already a customer? You can also submit a BAA request from Settings → Trust & Compliance inside the app. Questions about this page? Contact [email protected].