Privacy Policy

1. Information We Collect

We collect information you provide directly and information generated automatically when you use the Service.

Information you provide

• Account details — name, email address, and password when you create an account.
• Claim information — accident details, insurance policy numbers, photos, medical records, repair estimates, and other documents you upload.
• Payment information — processed securely by Stripe. We do not store your full credit card number.
• Communications — messages you send us through support channels.

Information collected automatically

• Usage data — pages visited, features used, timestamps, and referral sources.
• Device information — browser type, operating system, screen resolution, and IP address.
• Cookies — we use essential cookies for authentication and optional analytics cookies with your consent.

2. How We Use Your Information

• Provide the Service — process your claims, generate AI letters, deliver call coaching, and produce settlement analyses.
• Improve our AI — train and improve our models using de-identified, aggregated data. Your personal claim details are never shared with other users.
• Communicate with you — send transactional emails (receipts, status updates) and, with your consent, product updates.
• Ensure security — detect and prevent fraud, abuse, and unauthorised access.
• Meet legal obligations — comply with applicable laws, regulations, and legal processes.

3. AI Processing

InsurifyAI uses artificial intelligence to analyse your claim data and generate documents, coaching suggestions, and strategy recommendations. Here is what you should know:

• Your claim data is processed by our AI systems solely to provide the Service to you.
• AI outputs (demand letters, estimates, coaching tips) are generated on a per-claim basis and are not shared with other users.
• We may use de-identified, aggregated patterns to improve our AI models. Individual claim data is never used in a way that could identify you.
• We use third-party AI providers (such as Anthropic for language processing and Deepgram for speech recognition). Data sent to these providers is governed by our data-processing agreements with them and is not used to train their general models.
• You can request deletion of your data and all associated AI outputs at any time (see "Your Rights" below).

4. Data Sharing

We do not sell your personal information. We share data only in these limited circumstances:

• Service providers — trusted vendors who help us operate the Service (payment processing, cloud hosting, AI providers). They are contractually obligated to protect your data.
• Legal requirements — when required by law, subpoena, or court order.
• Safety — to protect the rights, safety, or property of InsurifyAI, our users, or the public.
• Business transfers — in connection with a merger, acquisition, or sale of assets, your information may be transferred. You will be notified of any such change.

5. Data Retention

We retain your data for as long as necessary to provide the Service and comply with our legal obligations:

• Claim data — retained for 7 years from claim closure, consistent with insurance industry record-keeping requirements.
• Financial records — retained for 10 years as required by tax and financial regulations.
• Personal account data — retained for 3 years after account closure, then securely deleted.
• Audit logs — retained for 10 years for compliance and security purposes.

You may request earlier deletion of your data subject to applicable legal retention requirements (see "Your Rights" below).

6. Your Rights

We respect your data rights. Depending on your location, you may have the following rights:

California Consumer Privacy Act (CCPA)

If you are a California resident, the CCPA grants you specific rights regarding your personal information:

• Right to Know — you can request details about the categories and specific pieces of personal information we have collected about you.
• Right to Delete — you can request that we delete personal information we have collected from you, subject to certain legal exceptions.
• Right to Opt-Out — we do not sell personal information, so this right does not apply. If our practices change, we will provide a clear opt-out mechanism.
• Right to Non-Discrimination — we will not discriminate against you for exercising any of your CCPA rights.

To exercise your rights, you may submit a request through your account settings or by emailing privacy@insurifyai.app. We will respond to verifiable requests within 45 calendar days.

All users

• Access and download a copy of your data.
• Correct inaccurate information in your account.
• Delete your account and associated data.
• Withdraw consent for optional data processing (e.g. analytics cookies).

7. Security Measures

We implement industry-standard security measures to protect your data:

• Encryption at rest — all stored data is encrypted using AES-256-GCM.
• Encryption in transit — all network communication uses TLS 1.3.
• Key rotation — encryption keys are rotated every 90 days.
• Access controls — role-based access controls limit employee access to user data.
• Audit logging — all access to user data is logged and monitored.
• Infrastructure — hosted on AWS with SOC 2 Type II certified infrastructure.

While we strive to protect your information, no method of electronic storage or transmission is 100% secure. If you believe your account has been compromised, contact us immediately.

8. Children's Privacy

InsurifyAI is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at privacy@insurifyai.app.