Information we collect from you: Name Date of Birth Social Security Number Addresses Driver's license Banking information Error and Omissions Insurance Policy Answers to background questions Insurance licenses
Information we collect on your clients: Name Date of Birth Social Security Number Driver's license Addresses Banking information Copies of Medical records Insurance policy application questions Copies of insurance policy applications
Information we send to other companies We send the information we collect from you to SuranceBay (a software company that facilitates your appointment with insurance carriers). Your information is shared with the insurance carriers in order to complete appointment applications. We send information we collect on your clients to insurance carriers for the purpose of obtaining insurance. Insurance application documents are sent to Paperclip who stores the documents as a backup service and also transmits the application securely to the insurance carrier. Files are stored on Amazon Web Services for document storage. These documents are encrypted and also use permissions so that only specific users can access the documents. Your banking information is securely sent to our ACH payments processor, Synapse Pay.
Sending your information securely: Any sensitive information is sent securely. Information sent or received through https://app.back9ins.com is sent over Secure Socket Layer (SSL). Documents sent to insurance carriers are either uploaded to the carrier using their secure website or via Paperclip in order to securely send documents. Documents stored on Amazon Web Services are encrypted. Our MYSQL database uses AES256 encryption on sensitive columns to ensure that if the database were to be compromised, the sensitive data would be encrypted.
Password Policy: BackNine requires that your password be at least 4 characters or more.
Data Permissions: Each request to BackNine is validated to ensure that the person sending the request has access to the resource. For example, a hacker simply knowing the URL to a specific policy or document will return an error stating they do not have access to act on this resource.
Account Lockouts: A hacker can use a program that attempts to log into your account 1000 times per second. We limit the max number of failed log in attempts to 10 per hour.