Lemonade Insurance

AT A GLANCE

Company: Lemonade is a full-stack insurance carrier redefining property and casualty insurance through technology, transparency, and a customer experience built from the ground up. The company handles sensitive personal data — policy details, claims, financial records — at scale, across a fast-moving, modern engineering organization.

Contact: Jonathan, CISO

Challenge: Years of evaluating DLP tools that couldn't understand the difference between a legitimate business action and a genuine risk left the team skeptical of the entire category. Every solution treated every data event the same — with blocks, pop-ups, and noise that burned out analysts and frustrated employees.

Outcome: Jazz deployed and started delivering value in natural language from day one. Melody, the Agentic Investigator, automates policy creation on the fly. Employees are guided rather than blocked. And for the first time, Lemonade has a DLP that genuinely understands how their organization works.

THE CHALLENGE

Jonathan had tried. Every time a new DLP product came to market, he gave it a fair evaluation. Every time, the result was the same: tools that couldn't understand context, couldn't distinguish a routine business action from a real risk, and responded to everything the same way — with interruptions, warnings, and a security team spending more time managing alerts than protecting data.

The root problem wasn't a lack of tools. It was that every solution on the market treated data events in isolation. None of them understood who was moving information, why, or what that meant given the full context of the person's role, the destination, and the organization's normal patterns. Without that understanding, every action looked the same — and everything got flagged.

For a company like Lemonade — where speed, employee experience, and customer trust are core to the brand — a DLP approach built on blocking and interrupting employees was directly at odds with the culture. And with significant customer data to protect (policy records, claims, personal financial information), getting this right wasn't optional.

"DLP solutions before Jazz are just a waste of security team time," Jonathan says. He came to that conclusion the hard way.

"Anyone who thinks DLP doesn't work is right — until you look at Jazz."
‍
‍— Jonathan, CISO, Lemonade Insurance

THE SOLUTION

Jonathan first encountered Jazz through a presentation by one of the founders. The framing was different from the start: instead of asking the security team to define what sensitive data looks like through rules and configurations, Jazz starts by understanding the organization itself — its people, their roles, their normal patterns, and the business context behind every data event.

That's the shift that changed his mind. "It understands context," Jonathan says. "It understands who the user is, the information that might be moving between applications, the destination, the person's role — and with all of that, it makes great decisions."

His standout experience was with Melody, Jazz's Agentic Investigator. When an alert comes in, Jonathan can respond in plain English — "this is fine because of this person's role" — and Melody converts that response directly into policy, then asks whether the same logic should apply across similar roles organization-wide. One confirmation and it's done. No rules, no regex, no ticket to the team.

This is what a DLP that understands your business looks like in practice: a system that learns the organization's intent in natural language, refines its own policies based on how the security team actually thinks, and gets smarter over time without requiring constant manual upkeep.

RESULTS

Jazz delivered value immediately. Without writing a single rule, Jonathan saw the system understanding Lemonade's environment and surfacing real signal from the start.

Beyond detection, one of the most meaningful outcomes has been the way Jazz shapes behavior. Rather than confronting employees with blocks and pop-ups, Jazz gently coaches people on how to handle data correctly — turning a compliance function into something that actually helps the organization build better habits. For a company whose brand is built on human connection and trust, a security approach rooted in empathy rather than enforcement is a real differentiator.

Jonathan's recommendation to peers is direct: "You've been burned by DLP before, of course. Try this. It will change your mind."

"Some of the value we get out of Jazz is in the way it gently coaches people on how to treat data correctly. It's been fantastic for that."
‍
‍— Jonathan, CISO, Lemonade Insurance