Trust & security

Security is how the product is built, not a page after the fact.

Brokerages run on sensitive policyholder and business data. Crux is built for the scrutiny that comes with it — isolated environments, enterprise authentication, encryption end to end, and every action logged for audit.

View Trust PortalContact security team
SOC 2 Type 1 Certified
SOC 2 Type I Certified
Audited by Delvé
HIPAA Aligned
Protected health information safeguards
How we protect your data

Enterprise-grade security, built for insurance.

Every layer of Crux is designed to keep your data safe, private, and compliant.

Data isolation

Every organization gets its own completely separate data environment. Your data is never shared, commingled, or accessible by other customers — period.

Authentication & access

Enterprise SSO / SAML, custom user roles, and granular permissions. Control exactly who can see, edit, and approve at every level of your organization.

SOC 2 Type I

Independently audited by Delvé for security, availability, and confidentiality. Controls verified against the AICPA Trust Services Criteria.

Encryption

All data is encrypted in transit and at rest. Credentials and secrets live in dedicated vaults, never in application code or configuration files.

HIPAA aligned

Crux meets HIPAA requirements for handling protected health information — administrative, physical, and technical safeguards in place across the platform.

Audit trails

Every action is logged and traceable. Full audit history for compliance reviews, incident investigations, and regulatory reporting.

Security FAQ

The questions we get most.

Need something we don’t cover? Get in touch.

Where is my data stored?

In secure, SOC 2 certified cloud infrastructure. Every organization gets a completely isolated data environment that is not shared with any other customer.

Can other customers access my data?

No. Every organization has its own dedicated, isolated environment. There is no shared database or cross-tenant data access. Your data never touches another company's environment.

Do you support single sign-on?

Yes. Crux supports enterprise SSO and SAML authentication, so your team can use the same credentials they use for the rest of your organization. We also support custom roles and granular permissions.

Is Crux HIPAA compliant?

Yes. Crux meets HIPAA requirements for handling protected health information, with appropriate administrative, physical, and technical safeguards in place.

How can I review your security posture?

Visit our Trust Portal at trust.delve.co for the latest information on our certifications, security controls, and compliance status. You can also request our SOC 2 report directly by contacting our team.

How do you handle vulnerability management?

We maintain a continuous vulnerability management program including regular security assessments, dependency scanning, and responsible disclosure processes. Critical vulnerabilities are addressed immediately.

Need more detail on our security posture?

Review our full compliance documentation on the Delvé Trust Portal, or reach out to our security team directly.

View Trust PortalBook a call with Crux