Security and trust.

Hugo runs as a virtual specialty underwriter inside a carrier or MGA's environment. It reads submissions that arrive over email, indexes the supporting documents, cross-references them against the carrier's underwriting guidelines, and produces a citation-grounded underwriting memo. Every step writes to an audit trail.

The data Hugo touches is sensitive: insureds' application responses, loss histories, financials, SOC 2 reports, penetration test results, and broker emails. The controls below describe how that data is handled.

• Hugo operates under its own identity in the carrier's organization, with its own email address, workstation, and seat in the policy admin system.
• Access to documents and systems uses the carrier's existing role-based access controls. Hugo does not bypass them.
• Every action Hugo takes (which document it read, which field it extracted, which model version handled which step, which prompt template was used) is recorded in a durable, queryable audit log accessible to the carrier.
• Underwriter sign-off is required on every memo before a quote is issued.

• Submission documents are encrypted in transit (TLS 1.2 or higher) and at rest using industry standard AES-256.
• Default data residency is the United States. Other regions are available on request for carriers that require it.
• Retention defaults follow the carrier's policy. Hugo can be configured to purge submission data on a fixed window (for example, 90 days post-bind) or to retain for longer where the carrier's record requirements demand it.
• Personally identifiable information found inside submissions is treated as confidential carrier data and is not used to train models that touch other carriers.

Hugo is in build phase with a small set of design partners. Specific compliance status (SOC 2 Type II, ISO 27001, HIPAA, state insurance department filings where applicable) is shared on request with prospective carriers under NDA. Email founders@hugoinsurance.org for the current attestation status and target dates.

Hugo uses a small set of third party services to provide compute, storage, model inference, and email delivery. The current subprocessor list and their respective roles are available to design partners on request. We notify carriers in advance of changes to the subprocessor list under the standard data processing agreement.

If you have discovered a security issue affecting Hugo, please email founders@hugoinsurance.org. Include reproduction steps and any affected URLs or accounts. We will acknowledge within one business day, triage within three, and keep you informed through resolution. We do not currently run a paid bug bounty, but we publicly credit researchers who report responsibly.

For all other security or compliance questions, email founders@hugoinsurance.org. We respond same business day.