Security & compliance
Built for an industry where every decision is audited.
Insurance is a regulated business. Our customers carry that weight every renewal. We built Relativity6 inside those constraints — not around them — so the same scrutiny your reinsurers and regulators apply to underwriting decisions applies to the workbench, too.
How we think about it
Three commitments,
not a marketing page.
Security in this industry isn't a checkbox — it's the entire point. Here's what we hold ourselves to.
01 / Data
Your data stays yours.
Submissions and decisions are not used to train shared models. Your book is your book. We process what you send, return what you asked for, and store only what's required to make the workbench work for you.
02 / Provenance
Every finding is sourced.
No black box. Every claim Marvin surfaces traces back to a primary source with one click. If we can't find it, we say so — because knowing the data isn't out there is a data point in itself.
03 / Defensibility
Audit-ready by default.
Defense exports are built to satisfy the scrutiny your auditors, reinsurers, and regulators apply to any underwriting decision. The PDF is the artifact your team can stand behind.
The specifics
What we have, what we do,
what we don't.
Encryption
In transit (TLS 1.2+) and at rest (AES-256). Keys managed via the cloud provider's KMS.
Data retention
You control retention windows. Delete on request — no soft-delete games.
Model training
Customer submissions and decisions are not used to train shared models. Your inputs aren't anyone else's outputs.
SSO & permissions
SSO via SAML / OIDC for enterprise customers. Role-based permissions inside the workbench, scoped to what each person actually needs.
Audit log
Every action inside the workbench is logged. Who looked, who exported, who changed a decision — and when.
Source citation
Every finding links to a primary source. Verification drills are one click from any snapshot.
Defense exports
Every snapshot can be exported as a PDF with the underwriter's notes, all source citations, and a timestamped audit trail.
SOC 2 Type II
Independent third-party audit of our security, availability, and confidentiality controls — renewed annually. Report available under NDA.
Incident response
Documented IR plan with defined notification windows. We tell you before you have to ask.
Need our security packet?
SOC 2 report, DPA, sub-processor list, pen test summary — available under NDA. Tell us who you are and we'll send the right bundle.
Request the packet