Privacy Policy

1. Information We Collect

1.1 Information You Provide

• Account Information: Name, email address, company name, job title, and contact details
• Business Information: Insurance agency details, operational data, and configuration preferences
• Communication Data: Messages, support requests, and feedback you provide to us
• Payment Information: Billing details processed securely through our payment providers

1.2 Protected Health Information (PHI)

As a HIPAA-compliant service, we may process Protected Health Information on behalf of our customers. We act as a Business Associate and implement appropriate safeguards to protect PHI in accordance with HIPAA Privacy and Security Rules.

1.3 Automatically Collected Information

• Usage Data: Features used, actions taken, and performance metrics
• Technical Data: IP address, browser type, device information, and operating system
• Log Data: Access times, pages viewed, and system activity for security monitoring

2. How We Use Your Information

We process your information for the following purposes:

• Service Delivery: Provide, maintain, and improve our AI automation platform
• Customer Support: Respond to inquiries, troubleshoot issues, and provide assistance
• Security & Compliance: Monitor for security threats, ensure HIPAA compliance, and protect against fraud
• Communication: Send service updates, security alerts, and important notifications
• Product Development: Analyze usage patterns to improve features and user experience
• Legal Obligations: Comply with legal requirements, regulations, and law enforcement requests

3. Data Security Measures

We implement enterprise-grade security controls to protect your data:

• Encryption: End-to-end encryption for data in transit (TLS 1.3) and at rest (AES-256)
• Access Controls: Role-based access control (RBAC) and least-privilege IAM policies
• Authentication: Multi-factor authentication (MFA) for all user accounts
• Infrastructure: SOC 2-compliant hosting on AWS with redundancy and backup systems
• Monitoring: 24/7 security monitoring, intrusion detection, and incident response
• Audits: Regular security audits, penetration testing, and vulnerability assessments

4. Data Sharing and Disclosure

We do not sell your personal data. We may share information with:

• Service Providers: AWS (hosting), payment processors, and essential infrastructure providers under strict data processing agreements
• Business Associates: HIPAA-compliant third parties who assist in service delivery and sign Business Associate Agreements
• Legal Requirements: Law enforcement, regulators, or courts when legally required
• Business Transfers: In the event of a merger, acquisition, or sale of assets, with continued data protection commitments

5. Your Data Protection Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have the following rights:

• Right to Access: Request copies of your personal data
• Right to Rectification: Request correction of inaccurate or incomplete data
• Right to Erasure: Request deletion of your personal data ("right to be forgotten")
• Right to Restriction: Request limitation of processing in certain circumstances
• Right to Data Portability: Receive your data in a structured, machine-readable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for processing at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at

6. HIPAA Compliance and PHI

As a Business Associate under HIPAA:

• We implement administrative, physical, and technical safeguards to protect PHI
• We execute Business Associate Agreements (BAAs) with all customers who transmit PHI
• We restrict PHI access to authorized personnel only
• We maintain audit logs and provide breach notification as required by HIPAA
• We train our staff on HIPAA compliance and data protection best practices
• We do not use or disclose PHI except as permitted by HIPAA and our BAA

7. Data Retention

We retain your data for as long as necessary to provide services and comply with legal obligations:

• Account Data: Retained while your account is active and for 90 days after closure
• PHI: Retained per HIPAA requirements and destroyed securely upon contract termination
• Business Records: Retained for 7 years to comply with financial and legal requirements
• Security Logs: Retained for 2 years for security monitoring and incident investigation

8. International Data Transfers

Our primary infrastructure is located in the United States. For data transfers from the EEA, UK, or Switzerland, we use:

• Standard Contractual Clauses (SCCs) approved by the European Commission
• Appropriate technical and organizational safeguards
• Supplementary measures to ensure adequate data protection

9. Cookies and Tracking

We use essential cookies and similar technologies for:

• Essential Cookies: Required for authentication and platform functionality
• Analytics: Understand usage patterns and improve our service (anonymized)
• Security: Detect and prevent fraudulent activity

You can control cookies through your browser settings. Note that disabling essential cookies may impact platform functionality.

10. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children.

11. Changes to This Policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. We will notify you of material changes via email or platform notification at least 30 days before changes take effect.

12. Contact Information

For privacy questions, concerns, or to exercise your rights: