Privacy Policy

1. Introduction

RiskVert Inc. ("RiskVert," "we," "our," or "us") is committed to protecting the personal information of our customers, platform users, website visitors, and other individuals who interact with our services. This Privacy Policy explains what information we collect, how we use it, with whom we share it, and what rights you have with respect to your personal data.

This policy applies to all information collected through our website at riskvertx.com, our software-as-a-service platform (the "Platform"), and any related services, sales, marketing, or events. By using our website or Platform, you acknowledge that you have read and understood this Privacy Policy.

RiskVert operates primarily as a business-to-business technology provider serving property and casualty insurance carriers, managing general agents (MGAs), and related insurance industry participants. The personal data we process typically relates to authorized users of our Platform and business contacts, rather than individual consumers. Nonetheless, the same principles of data protection and transparency apply to all data we handle.

2. Information We Collect

2.1 Information You Provide to Us

We collect information that you provide directly to us when you:

• Create an account or register for our Platform
• Submit a contact form or request a product demonstration
• Subscribe to our newsletter or marketing communications
• Communicate with us via email, telephone, or other channels
• Participate in surveys, research, or promotional activities
• Enter into a service agreement or other contractual relationship with us

The categories of personal information you may provide include: full name, business email address, business telephone number, job title, company name, company size, and any other information you choose to include in correspondence with us.

2.2 Information Collected Automatically

When you visit our website or use our Platform, we automatically collect certain technical and usage information, including:

• Device and connection information: IP address, browser type and version, operating system, device identifiers, and network information.
• Usage data: Pages viewed, links clicked, features accessed within the Platform, session duration, referring URLs, and navigation paths.
• Log data: Server logs that record your interactions with our services, including timestamps, error messages, and API request details.
• Cookie data: Information collected through cookies and similar tracking technologies as described in our Cookie Policy.

2.3 Insurance and Underwriting Data Processed on Behalf of Customers

Our Platform is designed to process insurance submission data, policy data, claims data, and related actuarial information on behalf of our carrier and MGA customers. This data is processed as a data processor under our customers' instructions, pursuant to the data processing terms in our service agreements. Such data may include:

• ACORD-standard insurance application data, including business information submitted by insurance applicants to carrier customers
• Prior loss run data, claims history, and reserve information
• Policy administration system data exported to our Platform for risk scoring
• First Notice of Loss (FNOL) data and claims triage information

RiskVert does not use insurance data processed on behalf of customers for any purpose other than providing the contracted services. Our customers, as the data controllers for this information, are responsible for ensuring appropriate legal basis for any personal data included in insurance submissions processed through our Platform.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Improving Our Services

• Creating and managing user accounts and providing access to Platform features
• Processing insurance submission data, generating risk scores, and delivering claims triage outputs in accordance with service agreements
• Monitoring Platform performance, diagnosing technical problems, and improving service reliability
• Developing new features, improving existing functionality, and conducting product research
• Providing technical support and responding to customer inquiries

3.2 Business Operations

• Processing payments, managing billing, and administering contracts
• Sending service-related communications, including account notices, security alerts, and administrative messages
• Maintaining records for legal, audit, and compliance purposes
• Enforcing our Terms of Service and other agreements

3.3 Marketing and Communications

• Sending newsletters, product updates, and promotional materials where you have opted in to receive such communications
• Conducting surveys and gathering feedback on our services
• Organizing and inviting you to webinars, industry events, and training sessions

You may opt out of marketing communications at any time by clicking the unsubscribe link in any marketing email or by contacting us at support@riskvertx.com.

3.4 Legal Compliance and Safety

• Complying with applicable laws, regulations, and legal process
• Responding to law enforcement requests and regulatory inquiries in accordance with applicable law
• Protecting the rights, property, and safety of RiskVert, our customers, and others
• Detecting and preventing fraud, security incidents, and other potentially illegal or harmful activities

4. Legal Basis for Processing (GDPR)

For individuals in the European Economic Area (EEA) or the United Kingdom, we process personal data based on the following legal grounds:

• Contract performance: Processing necessary to perform our contracts with customers and provide the Platform services.
• Legitimate interests: Processing for our legitimate business interests, including improving our services, conducting marketing to existing customers, and maintaining the security of our Platform, where such interests are not overridden by your rights.
• Legal obligation: Processing required to comply with applicable laws and regulations.
• Consent: Processing for which you have provided explicit consent, such as receiving marketing communications. You may withdraw consent at any time without affecting the lawfulness of prior processing.

5. How We Share Your Information

5.1 Service Providers

We share personal information with third-party vendors and service providers who perform services on our behalf, including:

• Cloud infrastructure: Amazon Web Services (AWS) — platform hosting and data storage. Data is processed in US-East regions.
• Customer relationship management: Salesforce — managing sales and customer support interactions.
• Email delivery: SendGrid — transactional and marketing email delivery.
• Analytics: Google Analytics — website traffic analysis using anonymized data.
• Payment processing: Stripe — processing subscription payments. RiskVert does not store full payment card numbers; Stripe handles payment data in accordance with PCI-DSS standards.

All third-party service providers are bound by contractual obligations to protect your information and use it only for the purposes for which it was disclosed.

5.2 Business Transfers

In the event of a merger, acquisition, sale of all or substantially all of our assets, or similar business transaction, personal information held by RiskVert may be transferred as part of that transaction. We will provide notice before personal information becomes subject to a materially different privacy policy as a result of such a transaction.

5.3 Legal Disclosure

We may disclose personal information when we believe disclosure is required by law, legal process, or government authority, or when necessary to protect the rights, property, or safety of RiskVert, our customers, or the public.

5.4 Aggregated and Anonymized Data

We may share aggregated, anonymized information — which does not identify any individual — for industry analysis, product research, and other business purposes. Such information is derived from usage data and does not constitute personal data under applicable law.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, including for the purposes of satisfying legal, accounting, or reporting requirements.

• Active account data: Retained for the duration of the customer relationship plus five years following contract termination, unless a shorter period is required by applicable law or agreed in the service contract.
• Insurance submission and claims data (processed on behalf of customers): Retained in accordance with the data processing terms in the applicable service agreement. Typically deleted or returned within 90 days of contract termination upon customer request.
• Marketing and contact data: Retained until you opt out or request deletion, subject to a maximum of three years from last interaction.
• Log and security data: Typically retained for 12 months, after which it is deleted or anonymized.

When we no longer have a legitimate purpose for retaining personal information, we either delete it or render it anonymous. Specific retention periods may vary based on applicable regulatory requirements. In the insurance industry context, certain records may be subject to extended retention requirements under state insurance department regulations.

7. Your Rights

Depending on your location, you may have the following rights with respect to your personal information:

7.1 Rights Under GDPR (EEA and UK)

• Right of access: You may request a copy of the personal data we hold about you.
• Right to rectification: You may request correction of inaccurate or incomplete personal data.
• Right to erasure: You may request deletion of your personal data, subject to certain exceptions for legal compliance and legitimate business purposes.
• Right to restriction: You may request that we restrict processing of your personal data in certain circumstances.
• Right to data portability: You may request a machine-readable copy of personal data you provided to us, where processing is based on consent or contract.
• Right to object: You may object to processing based on legitimate interests or for direct marketing purposes.
• Rights related to automated decision-making: You have the right not to be subject to decisions made solely by automated processing that significantly affect you, unless necessary for contract performance or authorized by law.

7.2 Rights Under CCPA (California Residents)

If you are a California resident, you have the right to know what personal information is collected about you, to delete personal information we hold about you, to opt out of the sale of personal information (note: RiskVert does not sell personal information), and to non-discrimination for exercising your privacy rights.

7.3 Exercising Your Rights

To exercise any of these rights, please submit a written request to support@riskvertx.com with the subject line "Privacy Rights Request." We will respond within the timeframe required by applicable law (typically 30 days for GDPR requests, 45 days for CCPA requests). We may need to verify your identity before fulfilling certain requests.

8. Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website. For detailed information about the types of cookies we use, their purposes, and how to manage your cookie preferences, please review our Cookie Policy.

9. Security

RiskVert implements appropriate technical and organizational measures to protect personal information against unauthorized access, disclosure, alteration, and destruction. Our security program includes:

• Encryption of data in transit using TLS 1.2 or higher
• Encryption of sensitive data at rest using AES-256
• Access controls based on the principle of least privilege, with regular access reviews
• Audit logging of all access to customer data within the Platform
• Vendor security assessments for third-party service providers with access to personal data
• Incident response procedures for detecting and responding to security events
• SOC 2 Type II certification in progress; current audit results available to enterprise customers under NDA

No method of transmission over the Internet or method of electronic storage is completely secure. While we implement commercially reasonable safeguards, we cannot guarantee absolute security of personal information. In the event of a security breach involving your personal data, we will notify you as required by applicable law.

10. International Data Transfers

RiskVert is based in the United States. If you are accessing our services from the EEA, UK, or other jurisdictions with data protection laws that differ from US law, please be aware that personal data may be transferred to and processed in the United States.

For transfers of personal data from the EEA or UK to the US, we rely on Standard Contractual Clauses (SCCs) as approved by the European Commission. A copy of the applicable SCCs is available upon request at support@riskvertx.com.

11. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a minor, please contact us at support@riskvertx.com.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will update the "Last updated" date at the top of this policy and, where required by law or where changes are significant, provide additional notice via email or through a prominent notice on our website.

Your continued use of our services after the effective date of an updated Privacy Policy constitutes your acceptance of the changes. We encourage you to review this policy periodically.

13. Contact Information

If you have questions or concerns about this Privacy Policy, wish to exercise your data rights, or need to report a privacy concern, please contact us:

• Email: support@riskvertx.com
• Phone: +1 (860) 271-5834
• Mail: RiskVert Inc., 200 Hopmeadow St, Simsbury, CT 06089, USA

If you are located in the EEA and are not satisfied with our response to a privacy concern, you have the right to lodge a complaint with your local data protection supervisory authority.