Privacy Policy

Last Updated: February 27, 2026

1. Who We Are

PolisAgent Inc. (“PolisAgent,” “we,” “us”) operates an AI-powered operational platform for licensed commercial insurance agencies. This Privacy Policy explains how we collect, use, disclose, and protect personal information.

2. Categories of Personal Information Collected

CategoryExamplesSource
IdentifiersName, email, phone, business addressDirectly from you
Professional informationInsurance license numbers, NPN, agency nameDirectly from you
Insured dataNamed insureds, policy data, claims dataFrom agency customers
Usage dataPages visited, features used, session durationAutomatically collected
Device dataBrowser type, IP address, operating systemAutomatically collected
Payment dataBilling name, payment methodStripe (processor)

3. How We Use Personal Information

  • Service delivery: Processing submissions, running policy checks, generating COIs, and providing AI-powered operational tools
  • Security: Authenticating users, preventing fraud, maintaining audit trails
  • Compliance: Meeting regulatory obligations (NYDFS 500, NAIC 668, CCPA/CPRA)
  • Product improvement: Aggregated, de-identified analytics to improve platform functionality
  • Communication: Service notifications, security alerts, product updates

4. Sub-Processors

We share personal information with the following service providers, each under contractual data protection obligations:

ProviderPurposeData Retention
AnthropicAI model provider (Claude API)Zero retention — not stored or used for training
SupabaseDatabase hostingPer our configuration; encrypted at rest (AES-256)
StripePayment processingPer Stripe policies; PCI DSS Level 1
VercelApplication hostingNo persistent data storage (serverless)
ResendTransactional email30-day email log retention

5. Sale or Sharing of Personal Information

PolisAgent does not sell or share personal information.

We do not sell, rent, trade, or otherwise disclose personal information to third parties for their own marketing purposes.

6. Your Privacy Rights (CCPA/CPRA)

If you are a California resident, you have the following rights:

  • Right to Know: Request disclosure of PI collected about you
  • Right to Delete: Request deletion of PI (subject to legal retention requirements)
  • Right to Correct: Request correction of inaccurate PI
  • Right to Non-Discrimination: We will not discriminate against you for exercising these rights

To exercise these rights, contact us at privacy@polisagent.com. We will respond within 45 days.

7. Data Retention

Data CategoryRetention Period
Active customer dataDuration of contract + 60-day export window
Audit trail records7 years
User account dataDuration of employment + 90 days
AI processing logs3 years
System/security logs5 years
Terminated customer dataDeleted within 30 days after export window

8. Security

We implement industry-standard security measures including encryption (TLS 1.3 in transit, AES-256 at rest), multi-factor authentication, role-based access controls, immutable audit trails, and regular security assessments. Our security program is designed to comply with NYDFS 23 NYCRR 500 and NAIC Model Law #668 requirements.

9. AI Data Processing

When you use our AI features, text inputs are sent to our AI provider (Anthropic Claude API) for processing. Anthropic operates under a zero-retention policy — your data is not stored, retained, or used to train AI models. Inputs and outputs exist only in memory during processing and are discarded immediately.

10. Children's Privacy

PolisAgent is designed for licensed insurance professionals. We do not knowingly collect personal information from children under 16. If we learn that we have collected such data, we will promptly delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect.

12. Contact

For privacy inquiries or to exercise your rights, contact us at:

privacy@polisagent.com