Privacy Policy

Introduction

CoverKit, Inc. ("CoverKit," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website (coverkit.io), APIs, SDKs, and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including:

• Account Information: Name, email address, company name, phone number, password
• Payment Information: Credit card details, billing address (processed securely through Stripe)
• Business Information: Company size, industry, website URL, API usage data
• Insurance Information: Policyholder details, coverage amounts, claim information
• Communications: Support requests, feedback, survey responses

1.2 Information Collected Automatically

When you access our Services, we automatically collect:

• Usage Data: API calls, request/response logs, feature usage, error logs
• Device Information: IP address, browser type, operating system, device identifiers
• Analytics Data: Pages viewed, time spent, click patterns, referral sources
• Cookies and Tracking: Session cookies, analytics cookies, preference cookies

1.3 Information from Third Parties

We may receive information from third parties such as identity verification services, fraud prevention services, and business partners who integrate with our APIs.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our Services
• Process insurance quotes, policies, and claims
• Process payments and prevent fraud
• Communicate with you about our Services, including updates and security alerts
• Provide customer support and respond to your requests
• Monitor and analyze usage patterns to improve performance
• Detect, prevent, and address technical issues or security threats
• Comply with legal obligations and enforce our Terms of Service
• Send marketing communications (with your consent, where required)

3. How We Share Your Information

We may share your information in the following circumstances:

3.1 Service Providers

We share information with third-party service providers who perform services on our behalf:

• Insurance Carriers: To underwrite policies and process claims
• Payment Processors: Stripe for payment processing
• Cloud Infrastructure: Google Cloud Platform for hosting and storage
• Analytics Providers: Google Analytics, Mixpanel for usage analytics
• Customer Support: Zendesk, Intercom for support services

3.2 Business Transfers

If CoverKit is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website of any change in ownership.

3.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, regulatory requirements).

3.4 With Your Consent

We may share your information with third parties when you have given us explicit consent to do so.

4. Data Retention

We retain your information for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Specific retention periods include:

• Account Data: Retained while your account is active and for 7 years after closure (for audit purposes)
• Policy Data: Retained for the life of the policy plus 7 years (regulatory requirement)
• Claims Data: Retained for 10 years after claim resolution (regulatory requirement)
• API Logs: Retained for 90 days unless required for security investigations
• Marketing Data: Retained until you unsubscribe or request deletion

5. Security

We implement industry-standard security measures to protect your information, including:

• TLS 1.3 encryption for all data in transit
• AES-256 encryption for all data at rest
• Multi-factor authentication for account access
• Regular security audits and penetration testing
• SOC 2 Type II and ISO 27001 compliance
• 24/7 security monitoring and incident response

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

6. Your Rights and Choices

6.1 Access and Portability

You have the right to access and export your personal information. You can download your data at any time through your account dashboard or by contacting us.

6.2 Correction and Updates

You can update your account information at any time through your account settings. If you need assistance, contact our support team.

6.3 Deletion

You can request deletion of your personal information by contacting us at privacy@coverkit.io. Note that we may retain certain information as required by law or for legitimate business purposes (e.g., active insurance policies, regulatory compliance).

6.4 Marketing Communications

You can opt out of marketing emails by clicking the "unsubscribe" link in any marketing email or by updating your preferences in your account settings.

6.5 Cookies

You can control cookies through your browser settings. Note that disabling cookies may limit your ability to use certain features of our Services.

7. International Data Transfers

CoverKit is based in the United States. If you are accessing our Services from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

We comply with applicable data protection laws, including GDPR for European users. We use Standard Contractual Clauses (SCCs) for transfers of personal data from the EU to the United States and other jurisdictions.

8. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately at privacy@coverkit.io.

9. Additional Rights for EU Residents (GDPR)

If you are located in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• Right to Access: Request a copy of your personal data
• Right to Rectification: Correct inaccurate or incomplete data
• Right to Erasure: Request deletion of your data (subject to legal exceptions)
• Right to Restriction: Limit how we process your data
• Right to Data Portability: Receive your data in a portable format
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent at any time
• Right to Lodge a Complaint: File a complaint with your local data protection authority

To exercise these rights, contact us at privacy@coverkit.io.

10. Additional Rights for California Residents (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request information about the personal data we collect, use, and share
• Right to Delete: Request deletion of your personal data (subject to exceptions)
• Right to Opt-Out: Opt out of the "sale" of personal data (note: we do not sell personal data)
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at privacy@coverkit.io or call 1-800-COVERKIT.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a prominent notice on our Services

Your continued use of our Services after the effective date of the updated Privacy Policy constitutes acceptance of the changes.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us: