1. Information we collect
We collect information in three ways:
- Information you provide: account details (name, work email, password), workspace and agency profile details, billing contact information, and content you submit or upload.
- Information from your use of the Service: log data, device and browser information, IP address, pages viewed, feature usage, and diagnostic events.
- Customer content: insurance submissions, documents, policy, servicing, and claims data your organization sends to or generates in the Service. This may include personal information about third parties (e.g. applicants, insureds, claimants), which we process as a processor on your organization’s behalf.
2. How we use information
- To provide, operate, secure, and improve the Service;
- To authenticate users, administer workspaces, and enforce access controls;
- To read, extract, summarize, and route submissions and documents as directed by the customer;
- To communicate service, security, and transactional messages;
- To provide support and respond to requests;
- To detect, prevent, and address fraud, abuse, and security incidents;
- To comply with legal obligations.
We do not sell personal information, and we do not use customer content to train foundation models for use outside your workspace.
3. AI processing
The Service uses automated and AI-assisted processing to read documents, extract fields, match carrier appetite, draft communications, and surface insights. Outputs are suggestions for a human to review; they are not automated decisions with legal or similarly significant effect unless your organization configures them to be. Your organization controls what content is processed.
4. How we share information
- Sub-processors: vendors that host infrastructure, deliver email, process payments, and provide AI model inference, under contract and only as needed. See our Sub-processors list.
- Within your organization: content is visible to authorized members of your workspace according to roles and permissions.
- Legal and safety: where required by law or to protect rights, safety, and the integrity of the Service.
- Business transfers: in connection with a merger, acquisition, or sale of assets, subject to this Policy.
5. Retention
We retain personal information for as long as needed to provide the Service and for legitimate business or legal purposes. Customer content is retained per your organization’s configuration and agreement; on termination we delete or return customer content as described in the applicable terms and DPA.
6. Security
We use administrative, technical, and organizational measures designed to protect information, including encryption in transit, access controls, and least-privilege practices. No method of transmission or storage is completely secure.
7. Your rights
Depending on your location, you may have rights to access, correct, delete, or port your personal information, or to object to or restrict certain processing. Where we act as a processor, please direct requests to the organization that controls the data; we will support their response. To exercise rights for data we control, contact us using the details below.
8. International transfers
We may process information in the United States and other countries. Where required, we use appropriate safeguards for cross-border transfers.
9. Children
The Service is for business use and is not directed to children under 16, and we do not knowingly collect their personal information.
10. Changes
We may update this Policy. Material changes will be indicated by updating the “Last updated” date and, where appropriate, additional notice.
11. Contact
For privacy questions or requests, contact [email protected].