Security and compliance

Built specifically for insurers, MGAs and brokers, Garansure places security, governance and operational resilience at the heart of the platform. Every aspect of the system, from tenant isolation and access control to auditability and data protection, is designed to support the needs of organizations operating in highly regulated insurance markets.

Garansure is a multilingual, multi-tenant insurance platform built specifically for insurers, MGAs and brokers. From platform architecture and access controls to auditability and operational resilience, security considerations are embedded throughout the design and operation of the platform.

Built with GDPR compliance and DORA readiness in mind, Garansure helps organizations protect sensitive information, maintain accountability and support evolving regulatory requirements while accelerating digital insurance initiatives.

Built for regulated insurance organizations

Garansure is designed specifically for organizations operating in regulated insurance markets. Whether supporting insurers, MGAs or brokers, the platform provides the controls required to manage sensitive data, govern user access and maintain operational oversight across multiple products, partners and jurisdictions.

The platform combines strong tenant isolation, multi-factor authentication, encryption, role-based access controls and comprehensive audit logging to help organizations strengthen security and governance without compromising agility or usability.

Security by design

Security is not treated as an add-on capability. It is integrated throughout the platform architecture, development lifecycle and operational controls. Access to data and functionality is governed through strict authentication, authorization and auditing mechanisms designed to support the needs of regulated financial services organizations.

Garansure follows the principle of least privilege, ensuring users have access only to the information and functionality required to perform their role. Additional controls such as multi-factor authentication, segregation of duties, audit logging and tenant isolation help reduce risk and strengthen accountability across the platform.

Tenant isolation and data protection

Garansure is a multi-tenant platform while maintaining strong separation between organizations and distribution partners.

  • Separate database for each tenant organization.
  • Partner-level segregation using PostgreSQL Row-Level Security.
  • Isolation enforced at database level as well as application level.
  • Tenant and partner context validated on every request.
  • White-label domains activated only after ownership verification.

These controls help ensure that each insurer, MGA or broker organization can operate independently while maintaining strong separation of data and access.

Authentication and access control

Garansure uses multiple layers of authentication and authorization controls to protect administrative and operational functions.

  • Mandatory two-factor authentication for platform and tenant administrators.
  • Strong password requirements and secure credential management.
  • Role-based access control with granular permissions.
  • Session-based authentication for administrative access.
  • Automatic session regeneration and protection against session fixation.
  • Login rate limiting and brute-force protection.
  • No user enumeration during authentication workflows.

High-risk operations require additional identity verification through step-up authentication, helping reduce the risk of unauthorized administrative changes.

Role-based access control

Access permissions can be assigned according to organizational responsibilities, including platform administrators, tenant administrators, underwriters, partner administrators and partner users.

Where underwriting workflows are configured, segregation-of-duties controls can be applied to support independent review and approval processes.

Encryption and data security

Sensitive information is protected both in transit and at rest using industry standard encryption technologies.

  • TLS encryption for all data transmitted over public networks.
  • AES-256 encryption for sensitive fields stored within the platform.
  • Encryption of national identifiers, bank details and integration credentials.
  • Protection of two-factor authentication secrets.
  • Support for encryption key rotation.

Auditability and accountability

Comprehensive audit logging helps organizations demonstrate accountability, support investigations and satisfy regulatory requirements.

  • Append-only audit logging.
  • Database-enforced log immutability.
  • Detailed records of user actions and system events.
  • Tenant and partner context captured with each event.
  • Scope-filtered audit views for authorized administrators.
  • Configurable retention policies.

Audit records provide visibility into who performed an action, when it occurred and within which organizational context.

Application security

Garansure incorporates multiple controls to protect against common web application threats.

  • Cross-site request forgery (CSRF) protection.
  • Cross-site scripting (XSS) mitigation through framework-level escaping.
  • Rate limiting on authentication and verification workflows.
  • Secure session cookies using HttpOnly and SameSite protections.
  • Administrative interfaces excluded from search engine indexing.
  • Reduced attack surface through controlled system exposure.

Payments and financial information

Where bank account or SEPA information is stored, sensitive data is encrypted at rest using strong encryption controls.

Garansure does not process or store payment card data and is therefore outside the scope of PCI cardholder-data processing requirements.

Operational resilience

Operational resilience is a key consideration for organizations operating in the insurance sector.

  • System health monitoring.
  • Background job processing and workload isolation.
  • Production safeguards for critical administrative operations.
  • Controlled error handling and information disclosure protection.

Additional information regarding operational resilience, governance and DORA considerations can be found on our DORA readiness page.

Technology

Garansure is built on a modern technology stack designed for security, maintainability and scalability.

  • Laravel
  • PHP
  • PostgreSQL
  • Vue 3 and Inertia.js
  • Google Cloud Platform infrastructure

GDPR and DORA

Garansure supports organizations seeking to strengthen privacy, governance and operational resilience practices.

Learn more about our approach to: