Security & Data Privacy

How does this work
with my client data?

Every serious prospect asks this question. Here's the answer: The bot needs to interact with data, not hold it. AgencyZoom holds the data. EffiZoom holds the AI. We built it to enterprise security standards.

The Security Model

This is how it actually works. Not marketing copy — the real technical architecture.

AgencyZoom Holds

  • All customer PII (names, addresses, SSNs, license info)
  • All policy data and documents
  • Pipeline and transaction history
  • Communications archive

AgencyZoom is your system of record. Your data never leaves it.

EffiZoom Holds

  • Encrypted API authentication tokens (256-bit)
  • Your brand voice profile (tone, dialect, terms to avoid)
  • Workflow templates and automation structures
  • Post-execution audit reports (no PII)

EffiZoom is the AI layer. We read data to act on it, then forget it.

How They Connect

EffiZoom authenticates to AgencyZoom via Vertafore's standard API pathway. When a bot needs to execute a task, it requests specific data (e.g., "get lead details for ID 12345"), processes it in memory, performs the action (e.g., "create task, update stage"), and doesn't store the PII. The post-execution report logs what happened, not who it happened to.

Think of it like this: AgencyZoom is the filing cabinet. EffiZoom is the employee who opens the drawer, reads the file, does the work, and closes the drawer. The file stays in the cabinet.

Security Specifics

The technical details that matter when you're trusting someone with access to your client data.

256-Bit Token Encryption

API authentication tokens are encrypted at rest and in transit. Industry-standard AES-256 encryption. Tokens rotate periodically and never appear in logs.

Anthropic Commercial Privacy

We use Anthropic's Claude API with their commercial privacy policy: no data is used for model training. Your client data doesn't improve Claude for other users.

No PII Storage

EffiZoom doesn't store Social Security Numbers, driver's license details, credit card info, or sensitive personal identifiers. Those live in AgencyZoom, not our database.

Audit Trail on Every Action

Every bot execution creates a post-action report: what was done, when it happened, which bot performed it. You can review every action taken. Full transparency.

Monthly Database Audits

We run monthly security audits on our databases to ensure no PII has accidentally been logged. If something shows up that shouldn't, we purge it and investigate how.

Vertafore Standard API

We authenticate through Vertafore's official API pathway. This is the same method other enterprise tools use to integrate with AgencyZoom. Established, tested, secure.

What Happens If a Bot Makes a Mistake?

Bots aren't perfect. We built safety mechanisms to minimize risk when they're unsure.

85% Confidence Threshold

Before a bot associates a customer to an action (e.g., closing a ticket, updating a record), it must be at least 85% confident it has the right person. If confidence is below that, it doesn't guess — it flags for human review.

Example:

A text comes in: "Cancel my policy." The bot checks: Is this the policy owner's phone number? Is the language consistent with previous communication? If anything is off, it creates a task for the agent and doesn't take action.

Duplicate Prevention Logic

Bots check for duplicate actions before executing. If a task already exists for the same issue, or if a ticket was recently closed, the bot won't create redundant work or overwrite recent changes.

Example:

Client emails twice about the same issue. The bot sees the first email already generated a task 10 minutes ago. It adds the second email as a note to the existing task instead of creating a duplicate.

EffiZoom Board Monitoring

The EffiZoom Board (our Digital HR team) monitors bot activity. If a bot gets stuck, makes unusual decisions, or shows a pattern of errors, we catch it and fix it before it becomes a problem. You're not managing this alone.

Example:

An automation breaks because AgencyZoom changes their API. You don't even know it happened. We catch it, fix it, test it, and send you a note: "Renewal workflow updated and back online." You never stopped being the CEO.

What We're Honest About

We're built to enterprise security standards. 256-bit encryption. No PII storage. Anthropic's commercial privacy policy. Monthly audits. Industry-standard authentication.

Formal certifications are in progress as we scale. SOC 2 Type II compliance takes time and money. We're pursuing it as the business grows. We're not hiding that — we're building the right way before we pay for the stamps.

If security is a deal-breaker without certifications, we understand. Come back when we have them. But if you want to know how it actually works and whether we built it right, this page tells you the truth.

Understand the security. Now understand the investment.

You know how the data is handled. You know the safety mechanisms. Now see how digital staffing is priced — and why it's structured like payroll, not software.

View Pricing & Plans

EffiZoom Support

How can we help you today?

Welcome to EffiZoom Support!

Ask us anything about our automation platform.