Security You Can Trust

Insurance agencies handle sensitive client information every day. simpleAMS is designed with security at its core — giving you confidence that your data is protected and your operations meet the highest standards.

Enterprise-Grade Security

Every simpleAMS deployment includes comprehensive security controls designed for the unique requirements of insurance agency operations.

Role-Based Access Control (RBAC)

Define granular permissions at every level. Control who can view, create, edit, and delete records across modules. Ensure users only access what they need — nothing more.

  • Customizable roles and permission sets
  • Module-level and record-level access controls
  • Hierarchical permissions for teams and organizations
  • Easy-to-manage permission templates

Two-Factor Authentication (2FA)

Add an extra layer of protection to every account. Optional two-factor authentication via email verification codes or authenticator apps like Google Authenticator. This ensures legitimate users can always access their accounts while keeping attackers out. Any user can enable it for their own account — they choose the method that works best for them.

  • Email-based verification codes
  • TOTP-based authenticator app support (Google Authenticator, Authy, etc.)
  • Recovery codes for backup access
  • Optional per-user — enable it if you want, skip it if you don't
  • Easy setup and management

Comprehensive Audit Logging

Every action is recorded. Know who did what, when, and from where. Complete audit trails support compliance requirements and provide accountability across your organization.

  • All CRUD operations logged automatically
  • User activity tracking with timestamps
  • IP address and device information captured
  • Exportable audit reports for compliance

Data Encryption

Sensitive data is protected at rest and in transit using industry-standard encryption. Your client information never travels or sits unprotected.

  • TLS 1.3 for all data in transit
  • AES-256 encryption for sensitive data at rest
  • Encrypted backups
  • Secure key management

Session Security

Automatic session timeouts, device tracking, and secure session management protect against unauthorized access even if a device is left unattended.

  • Configurable session timeout policies
  • Automatic logout on inactivity
  • Device and browser tracking
  • Force logout capabilities for administrators

Dedicated Infrastructure

Each agency operates in its own dedicated environment. No shared databases, no resource contention — complete isolation for your data and operations.

  • Isolated database per deployment
  • Dedicated application instances
  • No cross or multi-tenant data exposure risks
  • Independent backup and recovery

Email Verification

Built-in email verification confirms user identities during account setup. An additional layer of trust before granting platform access ensures only legitimate users enter your system.

  • Automatic verification email on account creation
  • Verified status tracked per user
  • Prevents unauthorized account activation
  • Seamless onboarding experience

Force Password Change

Require users to set a new password on their first login. Every account starts with a secure, user-chosen credential — no shared or temporary passwords lingering in the system.

  • Mandatory password reset on first login
  • Ensures user-chosen secure credentials
  • Eliminates shared or default password risks
  • Clean security posture from day one

OAuth2 Email Integration

Connect Office 365 and Google email accounts using modern OAuth2 token-based authentication. No email passwords are ever stored in simpleAMS — just secure, revocable access tokens.

  • Token-based authentication — no stored passwords
  • Office 365 and Google Workspace support
  • Revocable access tokens for complete control
  • Automatic token refresh with no user disruption
Compliance Ready

Built for Regulatory Requirements

simpleAMS provides the tools and controls agencies need to meet compliance obligations and demonstrate accountability.

Data Privacy

Built with privacy principles in mind. Control over data collection, retention, and access.

Access Controls

Granular permissions ensure minimum necessary access for every user.

Audit Readiness

Complete audit logs and exportable reports for regulatory requirements.

Data Portability

Your data is yours. Export capabilities ensure you always have access.

Our Security Commitment

Security is not an afterthought at simpleAMS — it's foundational to everything we build. We continuously monitor, update, and improve our security posture to protect your agency and your clients. If you have specific security requirements or questions, we're happy to discuss them.

Ready to See simpleAMS in Action?

Schedule a demo and see how our security features protect your agency.