Built so your security team can sleep.

Documents are sensitive by definition. We treat the workspace they live in the same way - encrypted, audited, isolated, and observable from minute one.

Open the trust portal Talk to security

Protections

Every document on a short leash.

Verify every viewer

Magic-link or one-time-code email verification before a document ever opens.

Gate with passwords & NDAs

Password gates and click-through NDAs, enforced server-side on every request.

Lock to a place

IP and country allow-lists keep documents inside the networks you trust.

Set an expiry

Expiry windows and max-view counts retire access automatically.

Disable download & watermark

Block downloads, stamp dynamic watermarks, and deter screen capture.

Revoke in one click

Kill any link instantly. Access dies the moment you change your mind.

Controls

What's actually in the box.

Encryption

AES-256-GCM at rest, TLS in transit. Secrets sealed with per-purpose keys.

Identity

SSO / SAML, SCIM provisioning, enforced MFA, and hardware passkeys.

Infrastructure

Multi-AZ on AWS, RPO 5 minutes, RTO 1 hour, backups retained 35 days.

Audit logging

Every action, admin or user, written to an immutable log, exportable via API.

Access controls

Least-privilege engineering access, audited via internal AuthZ tooling, reviewed quarterly.

Session security

Signed sessions with instant revocation - sign a user out everywhere in one move.

Responsible disclosure

Found something? We want to hear about it.

We run a coordinated disclosure program with a 90-day response window. Send vulnerability reports to security@corgi.insure using our PGP key.

We don't threaten researchers. We pay bounties on validated reports. We credit you publicly if you'd like, and we keep things quiet if you wouldn't.

Critical: $5,000–$15,000
High: $1,500–$5,000
Medium: $250–$1,500
Low: $50–$250 or swag

Loading…