Privacy Policy
Last Updated: February 27, 2026
1. Who We Are
PolisAgent Inc. (“PolisAgent,” “we,” “us”) operates an AI-powered operational platform for licensed commercial insurance agencies. This Privacy Policy explains how we collect, use, disclose, and protect personal information.
2. Categories of Personal Information Collected
| Category | Examples | Source |
|---|---|---|
| Identifiers | Name, email, phone, business address | Directly from you |
| Professional information | Insurance license numbers, NPN, agency name | Directly from you |
| Insured data | Named insureds, policy data, claims data | From agency customers |
| Usage data | Pages visited, features used, session duration | Automatically collected |
| Device data | Browser type, IP address, operating system | Automatically collected |
| Payment data | Billing name, payment method | Stripe (processor) |
3. How We Use Personal Information
- Service delivery: Processing submissions, running policy checks, generating COIs, and providing AI-powered operational tools
- Security: Authenticating users, preventing fraud, maintaining audit trails
- Compliance: Meeting regulatory obligations (NYDFS 500, NAIC 668, CCPA/CPRA)
- Product improvement: Aggregated, de-identified analytics to improve platform functionality
- Communication: Service notifications, security alerts, product updates
4. Sub-Processors
We share personal information with the following service providers, each under contractual data protection obligations:
| Provider | Purpose | Data Retention |
|---|---|---|
| Anthropic | AI model provider (Claude API) | Zero retention — not stored or used for training |
| Supabase | Database hosting | Per our configuration; encrypted at rest (AES-256) |
| Stripe | Payment processing | Per Stripe policies; PCI DSS Level 1 |
| Vercel | Application hosting | No persistent data storage (serverless) |
| Resend | Transactional email | 30-day email log retention |
5. Sale or Sharing of Personal Information
PolisAgent does not sell or share personal information.
We do not sell, rent, trade, or otherwise disclose personal information to third parties for their own marketing purposes.
6. Your Privacy Rights (CCPA/CPRA)
If you are a California resident, you have the following rights:
- Right to Know: Request disclosure of PI collected about you
- Right to Delete: Request deletion of PI (subject to legal retention requirements)
- Right to Correct: Request correction of inaccurate PI
- Right to Non-Discrimination: We will not discriminate against you for exercising these rights
To exercise these rights, contact us at privacy@polisagent.com. We will respond within 45 days.
7. Data Retention
| Data Category | Retention Period |
|---|---|
| Active customer data | Duration of contract + 60-day export window |
| Audit trail records | 7 years |
| User account data | Duration of employment + 90 days |
| AI processing logs | 3 years |
| System/security logs | 5 years |
| Terminated customer data | Deleted within 30 days after export window |
8. Security
We implement industry-standard security measures including encryption (TLS 1.3 in transit, AES-256 at rest), multi-factor authentication, role-based access controls, immutable audit trails, and regular security assessments. Our security program is designed to comply with NYDFS 23 NYCRR 500 and NAIC Model Law #668 requirements.
9. AI Data Processing
When you use our AI features, text inputs are sent to our AI provider (Anthropic Claude API) for processing. Anthropic operates under a zero-retention policy — your data is not stored, retained, or used to train AI models. Inputs and outputs exist only in memory during processing and are discarded immediately.
10. Children's Privacy
PolisAgent is designed for licensed insurance professionals. We do not knowingly collect personal information from children under 16. If we learn that we have collected such data, we will promptly delete it.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated via email at least 30 days before taking effect.
12. Contact
For privacy inquiries or to exercise your rights, contact us at: