We handle sensitive transaction data — purchase agreements, financial models, privileged communications — with restricted access, reputable providers, and commercially reasonable safeguards. This page describes how, in enough detail that you and your clients can evaluate it.
Every engagement involves confidential deal information. We treat that information with the seriousness it deserves: shared only as needed to market and place insurance or support an active engagement, stored using reputable service providers, and handled by personnel with a direct business need. We do not sell personal information. Mutual NDAs are available and executed as standard practice with referral partners and their clients.
Our security practices continue to mature as the firm grows. We are committed to using appropriate administrative, technical, and operational safeguards to protect the information entrusted to us, and we welcome due-diligence questions from clients and counsel at any time.
A non-exhaustive summary of the practices and controls we rely on:
MFA enabled where supported by our systems. Access to client data is restricted to individuals with a direct business need for a given engagement.
Sensitive engagement materials move through controlled workflows designed to limit unnecessary access or exposure. Information is shared internally only as needed.
Encryption in transit and at rest is used where supported by our underlying systems and service providers.
We use established, reputable cloud and business platforms for data storage, communication, and engagement management.
We use systems that provide access logging and audit capabilities where available through our platform providers.
Confidentiality and non-disclosure agreements are executed as appropriate with personnel, referral partners, and clients.
Client information is shared only as necessary to support our brokerage, placement, and advisory functions — including with insurance carriers, underwriters, wholesalers, and other parties directly involved in the placement process. We do not sell, rent, or share personal information with third parties for their own marketing purposes. When working with third-party service providers, we seek to use reputable vendors and include appropriate data protection terms in agreements where applicable.
Engagement records are retained in accordance with business, legal, and operational needs. When records are no longer required, they are deleted or archived consistent with applicable obligations using commercially reasonable methods. As a matter of practice, client data is not stored on personal devices or unauthorized cloud services.
We use AI tools selectively and with purpose. AI is used for research synthesis, market monitoring, and internal workflow support — never to make coverage recommendations, negotiate with insurers, or draft client-facing policy language without senior review. No confidential deal information — deal terms, purchase agreements, client names, or transaction details — is ever entered into a public or consumer-grade AI tool. We use only business-class or enterprise-grade AI tools that provide data isolation, prohibit model training on user inputs, and maintain clear data retention and deletion policies. Clients may opt out of AI-assisted workflows at any time.
A leaner model, not an automated one. WolfTRI uses modern tools where they help, but RWI still depends on human judgment, careful policy review, ethics, and accountability when the question matters.
Counsel and sponsors often need to answer their own clients' questions about data handling. Short answers you can use with confidence:
If you or your client need to conduct a security review before an engagement, we will walk through our approach with you. Email info@wolftri.com.
We welcome due diligence from clients and their counsel.