Security & compliance

Built for an industry where every decision is audited.

Insurance is a regulated business. Our customers carry that weight every renewal. We built Relativity6 inside those constraints — not around them — so the same scrutiny your reinsurers and regulators apply to underwriting decisions applies to the workbench, too.

SOC 2 Type IISource-linked findingsDefense-ready exports
SOC 2 Type II — independently attested

A third party audits our security, availability, and confidentiality controls, and we renew it every year. The full report is available under NDA.

Request the report

How we think about it

Three commitments,
not a marketing page.

Security in this industry isn't a checkbox — it's the entire point. Here's what we hold ourselves to.

01 / Data

Your data stays yours.

Submissions and decisions are not used to train shared models. Your book is your book. We process what you send, return what you asked for, and store only what's required to make the workbench work for you.

02 / Provenance

Every finding is sourced.

No black box. Every claim Marvin surfaces traces back to a primary source with one click. If we can't find it, we say so — because knowing the data isn't out there is a data point in itself.

03 / Defensibility

Audit-ready by default.

Defense exports are built to satisfy the scrutiny your auditors, reinsurers, and regulators apply to any underwriting decision. The PDF is the artifact your team can stand behind.

The specifics

What we have, what we do,
what we don't.

Data protection

Encryption

In transit (TLS 1.2+) and at rest (AES-256). Keys managed via the cloud provider's KMS.

Data retention

You control retention windows. Delete on request — no soft-delete games.

Model training

Customer submissions and decisions are not used to train shared models. Your inputs aren't anyone else's outputs.

Access & identity

SSO & permissions

SSO via SAML / OIDC for enterprise customers. Role-based permissions inside the workbench, scoped to what each person actually needs.

Audit log

Every action inside the workbench is logged. Who looked, who exported, who changed a decision — and when.

Provenance & defensibility

Source citation

Every finding links to a primary source. Verification drills are one click from any snapshot.

Defense exports

Every snapshot can be exported as a PDF with the underwriter's notes, all source citations, and a timestamped audit trail.

Operations

SOC 2 Type II

Independent third-party audit of our security, availability, and confidentiality controls — renewed annually. Report available under NDA.

Incident response

Documented IR plan with defined notification windows. We tell you before you have to ask.

Need our security packet?

SOC 2 report, DPA, sub-processor list, pen test summary — available under NDA. Tell us who you are and we'll send the right bundle.

Request the packet