Nest.

Document vault

Encrypted storage for the paperwork side of the job.

Policy documents, signed applications, illustrations, and underwriting notes in one place - encrypted at rest with AES-256-GCM and scoped to your organization. Tag, search, and export. Your records stay yours.

Start free trialSee the platform

What lives in the vault

The documents a policy generates, kept together.

A single policy throws off a stack of paperwork. The vault holds it as one set, encrypted and anchored to the contact and policy it belongs to, instead of leaving it spread across inboxes and a local drive.

  • Records

    Policy paperwork, in one place.

    Policy documents, signed applications, illustrations, and underwriting notes live together instead of scattered across email threads and a desktop folder.

    • Policy documents and signed applications.
    • Illustrations and product disclosures.
    • Underwriting notes and correspondence.
  • Encryption

    AES-256-GCM at rest.

    Every file is encrypted at rest with AES-256-GCM under org-scoped keys. A vault row cannot be queried from outside its owning organization, by design.

    • AES-256-GCM encryption at rest.
    • Org-scoped keys, no cross-org reads.
    • No aggregation across organizations.
  • Audit

    Every touch is logged.

    An audit log records every read, write, and share. Documents anchor to the contact and policy they belong to, so the trail is always attached to the right record.

    • Audit log on read, write, and share.
    • Documents anchored to contact and policy.
    • One-click export - your records stay yours.

Encryption

Encrypted at rest, scoped to your org.

Files are encrypted at rest with AES-256-GCM under keys scoped to your organization. The scoping is structural, not a setting you can forget to turn on: a vault row cannot be queried from outside the organization that owns it.

  • AES-256-GCM encryption at rest with org-scoped keys.
  • A vault row cannot be queried from outside its owning organization, by design.
  • No cross-organization read path, and no aggregation across customers.
  • The encryption and access model is documented on the security page.

Organize and find

Tagging, full-text search, and one-click export.

Documents anchor to the contact and policy they belong to, so a file is one click from the record it supports. Tag what you store, search across the full text, and export when you want your records back.

  • Documents anchor to the contact and policy they belong to.
  • Tagging and full-text search across what you store.
  • One-click export - your records stay yours.
  • Nest is software, not a data broker; it does not sell client information.

Audit trail

Every read, write, and share is recorded.

The vault keeps an audit log of every access. Because each document is anchored to a contact and policy, the trail reads against the record it belongs to instead of a loose file name floating in a folder.

  • An audit log records every read, write, and share.
  • Entries attach to the contact and policy the document belongs to.
  • The same access model applies to every seat in your organization.

Encryption and data ownership

The short version, with the details on click.

Expand any line for the definition. The full security model is at /security and the terms are at /legal/disclosures.

Related

Where the vault fits in the platform.

One platform. Your tools. Your data.

Solo from $69, Pro $129, Team for IMOs (min 5 seats) $199/seat - see pricing. Bring your own integrations and the accounts stay yours when you leave.

Get started

Already with us? Log in.