Bishopbend Insurance Services
Ground-up build for a women-owned independent insurance agency licensed in 33+ states — custom brand, MFA-protected client portal with a document vault, a full admin CRM with HawkSoft integration, and a GLBA-aware security baseline.
Bishopbend is a women-owned, mother-daughter independent agency that solves complex insurance needs one client-partner at a time — personal, commercial, farm and ranch, surety bonds, plus specialty lines from identity-theft and pet to tornado, travel, non-profit, and IRS-audit coverage, licensed across 33+ states. They needed more than a brochure site: a credible boutique brand, a secure way for clients to request coverage and exchange documents, and an internal panel the team could actually run the agency from. As an insurance broker the agency is regulated under GLBA and state insurance data-security rules, so client data handling had to be built right from day one — not bolted on later.
Next.js 16 + Drizzle over Supabase Postgres, with a custom navy brand, a flowing Tangerine script accent on the hero (Playfair display + Inter body), and a FOUC-safe light/dark theme toggle. The public marketing site covers every coverage line with its own page, generated from a typed coverage module with per-page schema. The client portal is real software: signup with email verification, iron-session auth, TOTP multi-factor, a document vault, and coverage-specific quote-request flows (business auto, commercial property, general liability, inland marine, umbrella, workers' comp, and more). The admin side is a full CRM — customers with CSV import and a HawkSoft export bridge, quote-request and message queues, an error-monitoring dashboard, in-house analytics with real-user Core Web Vitals, and a master-API bridge for fleet oversight. GLBA-aware security baseline throughout: bcrypt, TOTP, Cloudflare Turnstile on every auth form, DB-backed rate limiting, Postgres row-level security, HSTS preload, strict CSP, locked Permissions-Policy, and poweredByHeader off. Secrets stay server-side; the public/client boundary is enforced with server-only guards.
The surface area we built.
Custom boutique brand + theming
Navy palette with a Tangerine script-accent hero, Playfair display over Inter body, and a flash-free light/dark toggle. Reads like a trusted boutique agency, not a template.
Coverage-line marketing site
Every personal, commercial, farm, bond, and specialty line gets its own page from a typed coverage module with canonical URLs and per-page schema — built to rank for real coverage intent.
MFA-protected client portal
Client signup with email verification, iron-session auth, TOTP multi-factor, a document vault, and coverage-specific quote-request flows. Real account software, not a contact form.
Full admin CRM + HawkSoft bridge
Customers with CSV import and a HawkSoft export path, quote-request and message queues, ticketing, an error-monitoring dashboard, and in-house analytics with real-user Core Web Vitals.
GLBA-aware security baseline
bcrypt + TOTP, Turnstile on every auth form, DB-backed rate limiting, Postgres row-level security, HSTS preload, strict CSP, locked Permissions-Policy, poweredByHeader off, server-only secret boundaries.
Frozen showcase fork
bishopbend-showcase.vercel.app served as a static, credential-free demo (admin + database stripped) with noindex + a Portfolio Demo pill — the portfolio shows the design with zero client data on it.
Built and live — marketing site, client portal, and admin CRM shipped with a regulation-aware security baseline. The frozen showcase is a static, no-credentials demo so the portfolio carries none of the client's data.
Want something like this?
We ship premium sites fast — AI-native, end-to-end, signed where it matters.