LegacyCoreCore
    PlatformPricingAbout
    Log inApply for Private Access
    Compliance & Security

    Built for the regulated industry

    What we can defend, what we're working on, and where the operator's obligations begin. No claims we can't back.

    Foundations

    Security primitives

    AES-256 at rest, TLS 1.3 in transit

    Customer data is encrypted at rest and in transit. Connection-level: TLS 1.3 on every public endpoint. Storage-level: AES-256 inside the Postgres-backed primary datastore.

    Row-level security on every table

    Every authenticated record is gated by Supabase RLS at the database layer, not just the application. Service-role bypass is reserved for signed webhooks and cron-scoped jobs and is independently audited.

    Edge-delivered, US-hosted

    Application traffic terminates at Vercel's edge with native DDoS protection. The primary datastore is in a US region; backups are encrypted and geographically redundant within the US.

    Scoped API keys, hashed at rest

    Public-API and agent-integration keys carry per-tool scopes and a 32-char hash; the raw key is shown once and never stored. Per-request audit rows are written to a private analytics schema, not the public surface.

    Compliance Posture

    Current + roadmap

    We don't advertise certifications we haven't earned. Roadmap items are listed honestly under their own column.

    Defensible today

    • TLS 1.3 enforced
    • TCPA-aligned voice + SMS
    • A2P 10DLC registered
    • Licensed insurance producer (NJ Entity 0451330855)

    On the roadmap

    • Independent penetration test (planned 2026)
    • SOC 2 Type II readiness assessment (planned 2026)
    • State-by-state AI disclosure coverage as new statutes land

    We'll update this page when audits complete; the date stamp at the bottom is the source of truth.

    AI Governance

    AI-assisted communications & state disclosure

    How LegacyCore uses AI in voice, SMS, and portal automation — and how the platform handles emerging state AI-disclosure laws.

    Voice agents identify as AI

    Within the call's opening seconds, LegacyCore's AI voice agent identifies itself as AI where applicable state law requires it. Texas TRAIGA-style disclosure is implemented; new state statutes are tracked and rolled into the script as they land.

    Consent + DNC at the edge

    Every outbound dial is filtered against the internal DNC list and the federal national DNC registry before the call is placed. STOP keywords on SMS revoke A2P consent immediately and propagate to the call queue.

    Recording + audit trail

    Voice calls are recorded and transcripts retained for compliance review, quality assurance, and dispute defense. Access is role-gated; deletion requests under applicable privacy law are honored consistent with the Privacy Policy.

    Operator responsibility

    Operators using LegacyCore are responsible for their own compliance with TCPA, state telemarketing statutes, and emerging AI-disclosure requirements. LegacyCore provides controls that support, but do not substitute for, that obligation.

    Read the full posture

    Operator obligations & disclosures

    Operators using LegacyCore are responsible for ensuring their own use of AI-assisted communications complies with applicable federal and state law, including TCPA, state telemarketing statutes, and emerging AI-disclosure requirements. LegacyCore's technical controls support but do not substitute for the operator's ongoing legal obligations.

    Full recruiting and AI-communication disclosures: /legal/recruiting-disclosures. Privacy policy: /privacy.

    Questions on a specific control?

    For carrier compliance reviews, vendor security questionnaires, or operator due diligence, reach the team directly.

    Contact the teamcontact@legacycore.io
    LegacyCoreLegacyCore

    An AI-first insurance agency. The AI handles the call. Carrier-portal automation submits the application. Licensed 1099 operators host the node and earn a flat fee per issued policy.

    Company

    • About Us
    • Methodology
    • Careers
    • Case Studies
    • Contact

    Resources

    • Apply
    • Pricing
    • FAQ
    • Documentation
    • Support

    Legal

    • Privacy Policy
    • Terms of Service
    • EULA
    • Cookie Policy
    • Compliance
    • Recruiting Disclosures
    TCPA Aligned
    SSL Secured
    Licensed Producer (NJ)

    LegacyCore is an insurance agency. Insurance products are offered exclusively through licensed insurance producers under their carrier appointments; not all products are available in all states. Communications with LegacyCore may involve AI-assisted voice agents, identified as such at the start of each call where required by applicable state law. Income examples are not guarantees; individual results vary based on lead volume, market conditions, individual effort, and carrier acceptance rates. Independent contractor opportunities are 1099 relationships and are not employment. See /legal/recruiting-disclosures for full recruiting and AI-communication disclosures.

    © 2026 LEGACYCORE LLC. All rights reserved.

    Entity ID: 0451330855 | Federal EIN: 39-3838044 | Registered Office: 20 ELM AVE, LONG BRANCH, NJ 07740

    Made with ❤️ in New Jersey