Security Practices

We take security seriously — ours and yours.

See how we keep your data safe, and read tips on how you can too.

Security is Important to Us

Banyan Theory takes the privacy and security of your data very seriously. We take several steps to keep our websites and forms safe from hackers and viruses to prevent them from accessing and exposing your agency's private information.

LightRail, the software platform we created that runs all of the websites we build and manage, employs end-to-end security for all the private information it captures and stores. This means that from the time someone types something into your website until the time you view it, it cannot be intercepted by a third party. In other words, the information is protected during transmission, storage, and retrieval.


Any web form that accepts potentially sensitive or personally identifiable information is protected with SSL/TLS (Secure Sockets Layer / Transport Layer Security), which encrypts the information in the web browser before it is transmitted to our servers. Similarly, when you retrieve the submitted information, your connection is encrypted.


Because email can be an insecure method of communication, our platform (LightRail) does not email any sensitive information. When a visitor submits a web form on your website, LightRail sends you a notification email, but the only thing in the email is a link to the LightRail Toolkit, a secure web application where you can view the details of the form submission.


We employ several policies that help us keep our computers, servers, and customers safe from online threats. Though this is not an exaustive list, here are a few of our security policies:

  • We never email passwords to anyone, including to ourselves.
  • We never log in to our servers from public or otherwise untrusted computers.
  • We only store passwords in encrypted password vaults.
  • We train our staff on security practices and on the importance of security.
  • We run Linux on our servers and macOS on our workstations and laptops.


We use Stripe for all of our credit card processing. Because of the way Stripe works, we never see your full credit card information. It is sent directly to Stripe, completely bypassing our servers in the process, so there is no way for us to access or inadvertently expose your payment information.


We consider the security implications of every change we make to our software, systems, and infrastructure, during planning, implementation, code review, deployment, and operations. See more about our platform architecture.

We Know Security is Important to You Too

We know that you are plenty busy running your business and servicing your clients, and perhaps security isn't always at the front of your mind. Here are a few simple tips that will help keep your online accounts and customer information safe.

  • Never email sensitive information, such as passwords, Social Security Numbers, or other personal information about yourself or your customers. Unencrypted email attachments are just as vulnerable, so never email a quote or application PDF with an SSN inside.

  • Never share your passwords with someone you don't trust. If you do share your passwords (like insurance carrier logins), be sure everyone who has the password understands how to protect it.

  • Never share the answers to your security questions with others. You can change a password, but you can't change your mother's maiden name. (There are still places that require security questions, but if you have the option to use something else, such as a two-factor authentication app, you should do that instead, for the very reason that the answers to your security questions may be on file with multiple different providers.)

  • Do not use the same password for multiple websites. If someone figures out your password for an online account (such as through a data breach), they'll be able to sign into your other online accounts that use the same password.

  • Do not store passwords in an unencrypted file on your computer. If a virus infects your PC and the Word doc containing your passwords is discovered, then hackers will have all the information they need to log in to any of your online accounts that were stored in that file.

Stay Up To Date