Privacy Policy
1. Who we are
The platform ("Service") is operated by [Legal Entity Name] ("we", "us", "our"). This Privacy Policy describes how we collect, use, and disclose information in connection with the Service.
2. Information we collect
From Customers and their staff
- Account information: name, email address, role, password (stored as a salted hash).
- Billing information: handled by Stripe; we receive a subscription record and the last four digits of the payment card. We do not store full card numbers.
- Usage information: pages visited, actions taken, timestamps, IP address, user agent.
From Producers (managed by a Customer)
- Identifying information: name, NPN (National Producer Number), date of birth, contact information, mailing address.
- License and continuing-education records, including state, line of authority, expiration dates.
- Carrier appointment records.
- Documents uploaded by the Customer or by the Producer (e.g., license certificates, CE certificates).
- Where collected, the last four digits of a Social Security number, encrypted at rest. We do not collect or store full Social Security numbers.
3. How we use information
- To provide, maintain, and improve the Service.
- To enforce these terms and protect the Service against fraud or abuse.
- To communicate with you about your account, the Service, or important changes.
- To meet legal obligations (e.g., respond to lawful requests).
We do not sell personal information. We do not use Customer Data or Producer information to train machine-learning models for general use.
4. How information is shared
We share information only as follows:
- With your Customer. Producer information is visible to the consulting-firm Customer that manages your record.
- With service providers (subprocessors) that operate parts of the Service on our behalf:
- Railway — application hosting and database.
- Cloudflare R2 — file storage for documents.
- Stripe — payment processing and subscription billing.
- Resend — outbound transactional email.
- For legal compliance. If required by valid legal process, or to protect rights, safety, or property.
- In a business transfer. If we are acquired or merge, information may transfer to the successor, subject to this Policy.
5. Security
We use industry-standard administrative, technical, and physical safeguards including HTTPS in transit, encryption at rest for sensitive fields (e.g., SSN last-four), role-based access controls, and audit logging of security-relevant events. No system is perfectly secure; we cannot guarantee absolute security.
6. Data retention
We retain Customer Data while a Customer subscription is active. On termination, Customer Data is available for export for thirty (30) days, after which it is deleted from active systems. Backup copies expire on the normal backup rotation. Aggregate or anonymized data — data that cannot be linked to a specific person or organization — may be retained indefinitely.
7. Your rights
Depending on where you live, you may have rights to access, correct, delete, or port your personal information, and to object to or restrict certain processing. To exercise these rights, contact us at [email protected]. If you are a Producer, requests about your information should usually be directed first to the Customer that manages your record; we will assist that Customer in fulfilling your request.
8. Children
The Service is not intended for individuals under 18 and we do not knowingly collect information from them.
9. International users
The Service is operated in the United States. If you access the Service from outside the U.S., you understand and consent to the transfer of your information to and processing in the U.S.
10. Changes to this Policy
We may update this Policy from time to time. Material changes will be communicated via email or in-product notice at least thirty (30) days before they take effect.
11. Contact
Privacy questions can be sent to [email protected].