Built for E&O exposure.
Engineered for your audit.
We've sat in enough E&O renewal meetings to know what pulls a policy and what saves one. Koffyr is built around the audit trail your carrier will actually ask for.
- Period Jan 01 · 2025 — Dec 31 · 2025
- Certificates issued 1,247
- Self-service certs 843 (68%)
- Avg time to issue 1.5 min
- Guardrail blocks 11 (0.9%)
- Disputes 0
Encryption everywhere
TLS 1.3 in transit. AES-256 at rest. All customer data, always. Key rotation is managed by Koffyr — never your problem.
Hard tenant isolation
Row-level isolation in the database. S3 prefix isolation for documents. Cross-tenant access is structurally impossible, not policy-enforced.
Immutable audit trail
Every action stamped + tamper-evident. One-click E&O export. Your carrier will thank you. Twelve months retained on every plan; PRO retains forever.
E-sign compliance
ESIGN, UETA, eIDAS — built in, not bolted on. No DocuSign middleware, no envelope fees, no “is this signature good enough?” guesswork.
SOC 2 Type I — in progress
Target Q4 2026. Audit underway. Current control evidence and a security questionnaire response are available under NDA today.
US data residency
All customer data stored in US AWS regions (us-east-1, us-west-2). No transfers without explicit notice and your consent.
Application-layer PII encryption
Sensitive fields (SSN, license, EIN) encrypted at the application layer above database encryption — with keys held outside the application database.
Point-in-time backups
Continuous backups. 35-day point-in-time recovery. Annual restore drills, results available on request.
The adjacent docs.
Sub-processors
Every vendor that touches data — SendGrid, Stripe, AWS, Cloudflare, and your auth provider.
Responsible disclosure
Find a vulnerability? Tell us first. Safe harbor, 90-day disclosure window.
Data Processing Agreement
Sign ours, or send yours. Standard contractual clauses for EU/UK customers.