Privacy Policy

We collect information that you provide directly to us and information generated through your use of the Service. Because ContractIQ is an insurance contracting platform, the information we handle includes sensitive personal and financial data necessary to complete contracting workflows.

Identity Information: Legal name, date of birth, gender, Social Security Number (SSN), National Producer Number (NPN), and residential and mailing addresses. SSNs are encrypted at rest using AES-256 and are never stored in plaintext.

Licensing Information: Active insurance licenses by state and line of authority, license expiration dates, and NIPR-verified license data.

Errors and Omissions (E&O) Information: E&O insurance carrier name, policy number, coverage amounts, and policy expiration date.

Banking Information: Bank name, account type, routing number, and account number. Routing and account numbers are encrypted at rest using AES-256. The Service stores only the last four digits in plaintext for verification purposes.

Tax Information: Tax entity type, legal tax name, business name (if applicable), and Taxpayer Identification Number (TIN/EIN/SSN for tax purposes). TINs are encrypted at rest.

Background Disclosure Information: Answers to regulatory background disclosure questions as required by carrier contracting agreements.

Account Information: Email address, phone number, and authentication credentials managed by Clerk, our identity provider. INSURASAFE does not store passwords. Phone numbers are used to deliver transactional SMS notifications, including contracting invitations, writing number alerts, and E&O expiration reminders. You may opt out of SMS at any time by replying STOP to any message. For full SMS program details, see our SMS Terms & Conditions.

Usage Data: Log data, IP addresses, browser type, pages visited, actions taken within the platform, and timestamps. This data is used for security monitoring and audit purposes.

We use the information we collect for the following purposes:

Contracting and Appointment Processing: To assemble, format, and transmit agent contracting packets to insurance carriers and their Field Marketing Organizations (FMOs) as directed by the agent and the FMO managing the contracting relationship.

NIPR License Verification: To verify insurance license status and currency with the National Insurance Producer Registry (NIPR) on behalf of carriers and FMOs.

Platform Operations: To provide, maintain, and improve the Service, including processing transactions, sending operational notifications, and maintaining audit logs.

Security and Fraud Prevention: To detect, investigate, and prevent unauthorized access, fraudulent activity, and other security incidents.

Legal Compliance: To comply with applicable laws, regulations, and lawful requests from government authorities.

We do not sell your personal information. We share your information only in the following circumstances:

With Carriers and FMOs: Agent contracting data is transmitted to the insurance carriers and FMOs specified in each contracting workflow. The scope of data transmitted is limited to what is required by the carrier's contracting system. Agents and FMO administrators control which carriers receive their data.

With Service Providers: We engage third-party service providers who process data on our behalf, including Supabase (database and storage), Clerk (authentication), Amazon Web Services (document storage and OCR), Resend (transactional email), and Twilio, Inc. (SMS delivery). When SMS notifications are sent, your phone number is transmitted to Twilio solely for message delivery purposes. Twilio does not use your phone number for any purpose beyond delivering messages on our behalf. All service providers are bound by data processing agreements that restrict their use of your data.

For Legal Reasons: We may disclose your information if required by law, subpoena, court order, or other legal process, or if we believe disclosure is necessary to protect the rights, property, or safety of INSURASAFE, our users, or the public.

Business Transfers: In the event of a merger, acquisition, or sale of all or substantially all of INSURASAFE's assets, your information may be transferred as part of that transaction. You will be notified of any such change.

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

Agent contracting records are retained for a minimum of seven (7) years following the termination of an agent's appointment, consistent with insurance regulatory recordkeeping requirements. Encrypted sensitive fields (SSN, routing numbers, account numbers, TINs) are purged upon agent request following the expiration of any applicable retention obligations.

Audit log entries are retained for a minimum of three (3) years and are not subject to deletion requests due to regulatory compliance requirements.

We implement industry-standard technical and organizational measures to protect your personal information:

All sensitive data fields (SSN, routing numbers, account numbers, TINs) are encrypted at rest using AES-256 encryption. All data in transit is encrypted using TLS 1.3. Document storage uses server-side encryption with access controlled by time-limited, signed URLs. Platform access is controlled by Clerk authentication with multi-factor authentication available. All platform actions are recorded in an append-only audit log.

No security system is impenetrable. In the event of a breach involving your personal information, we will notify affected individuals as required by applicable law.

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected about you.

Right to Delete: You may request deletion of your personal information, subject to certain exceptions including regulatory retention requirements.

Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.

Right to Opt Out of Sale: We do not sell personal information.

To exercise your rights, contact us at privacy@contractiq.com. We will respond to verifiable requests within 45 days.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us at:

INSURASAFE, LLC
Attn: Privacy Officer
Email: privacy@contractiq.com

We will respond to all privacy inquiries within 30 days.