Scout Agent - Lane & Associates
This page describes how Scout Agent handles your data, reconciled against the deployed system. Items noted as provider policy or operator policy are commitments by Lane & Associates or our service providers, rather than properties enforced by Scout's software.
Scout processes uploaded ACORD files in a temporary job folder on ephemeral storage. Uploaded files, intermediate processing files, and the generated Word report all live only in that temporary folder and are removed by an automated cleanup, normally within about two hours. Because this storage is temporary, it is also cleared when the application restarts.
No. Scout does not retain uploaded ACORDs, extracted submission content, or generated reports as part of its records - these exist only on temporary storage during processing and are automatically removed afterward. Scout keeps only limited operational run metadata: a run/job ID, user ID, company ID, file type and count, status, processing stage, location count, building count, an extraction-method indicator, a flag for whether AI assistance was used, error category, timestamps, and duration. This is operational metadata only - no submission content, insured names, addresses, or filenames.
No. Each job is tied to the signed-in user who created it, and a regular user cannot access another user's job status or report download. Company administrators' metrics dashboards show only their own company's aggregate activity, never another company's. Data is separated logically by company and user through access controls; it is not stored in physically separate databases. Authorized Lane & Associates operator accounts have administrative access across the service; per our internal policy, staff access customer data only for support, troubleshooting, and operating Scout.
Some limited data is shared with service providers as needed to generate the report:
When email delivery is enabled, Scout uses Postmark - a transactional email provider - to send invitation emails, such as when a company administrator invites a teammate to their company. This is separate from generating a report. Postmark receives only what it needs to deliver that message: the recipient's email address, the inviting company or team display name, the invited person's role (for example member or admin), and the one-time invitation link. Postmark does not receive your uploaded documents, submission content, property addresses, insured names, or generated reports. Email delivery is optional: when it is not configured, no invitation email is sent, and the administrator shares the invitation link directly instead.
No. Scout uses Anthropic's commercial API. Under Anthropic's commercial terms, Anthropic does not use commercial API inputs or outputs to train its models unless a customer expressly opts into a data-sharing program; Scout has not opted in. (Anthropic provider policy plus Scout's account configuration.)
Scout sends content to Anthropic only when AI-assisted extraction is needed (see above). Under Anthropic's standard commercial API policy, inputs and outputs are automatically deleted from Anthropic's systems within 30 days of processing, except where a different agreement applies or retention is required for legal or policy-enforcement reasons. (Anthropic provider policy; last reviewed June 2026.)
No. Passwords are stored only as one-way cryptographic hashes, never in plaintext. Because only the hash is stored, no one - including Scout staff - can recover your password from our database.
Yes. Uploading files, checking job status, and downloading reports all require authentication.
Yes, in two complementary layers. Repeated failed attempts from one network address are rate-limited (throttling), and an individual account temporarily locks itself after repeated failed attempts - an automatically-expiring soft lock - to blunt distributed guessing against a single account. Login errors are uniform by design and do not reveal whether an account exists.
Changing your password signs out other active sessions on your account.
Yes. When an administrator creates an account or resets a password, the account holder must set their own new private password on first sign-in before they can use Scout, so a temporary or administrator-set password is never a standing credential.
Session cookies are HTTP-only and use SameSite protections; in Scout's production deployment they are also marked Secure. Traffic to Scout is served over HTTPS/TLS. On every response Scout sends browser security-hardening headers: a Content-Security-Policy, X-Frame-Options: DENY (anti-clickjacking), and X-Content-Type-Options: nosniff (anti-MIME-sniffing), plus HTTP Strict-Transport-Security (HSTS) on HTTPS connections.
Scout's persistent run records are designed to exclude customer submission content - insured names, addresses, uploaded filenames, raw error text, and pipeline log output. Temporary per-job processing logs may contain technical details; they are held only in memory during the job and are discarded when the temporary job is cleaned up (or on restart). Separately, the hosting platform may temporarily retain limited technical application logs under its standard logging and retention practices. When email delivery is enabled, the email delivery provider (Postmark) also processes and may retain standard delivery logs and metadata - such as the recipient address, delivery status, and timestamps - under its own logging and retention policy.
No. Generated reports are stored temporarily so you can download them, then removed by the same automated cleanup that deletes uploaded files and intermediate job data.
No. API keys are loaded from environment variables or deployment configuration, never committed to the codebase; the environment file holding local secrets is excluded from version control.
Scout is deployed on Render. Customer submissions are processed on the application server and stored only temporarily during processing.
If Scout identifies a security incident affecting customer data, Lane & Associates will notify affected customers and provide the information reasonably needed for their own compliance and notification obligations. (Operator commitment.)
Scout itself is not currently SOC 2 certified. Scout uses professional cloud infrastructure and follows practical security controls including authentication, access controls, temporary file retention, limited operational metadata, password hashing, login throttling and account soft-lockout, and an automated pre-release test battery (including content-free and log-privacy regression tests) together with code review.
Uploaded files and generated reports are automatically deleted after the temporary processing window. Account records and operational metadata can be reviewed or removed on request - handled as a manual operational process - subject to legal, operational, and compliance requirements.