Legal

Privacy Policy

How we collect, use, and protect your data.

Effective: January 1, 2026 Last updated: March 1, 2026

Table of Contents

  1. Information We Collect
  2. How We Use Your Information
  3. Data Sharing & Third Parties
  4. AI & Machine Learning
  5. Data Security
  6. Data Retention
  7. Your Rights
  8. Cookies & Tracking
  9. Children's Privacy
  10. Changes to This Policy
  11. Contact Us

PrizMova, Inc. ("PrizMova," "we," "us," or "our") is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our insurance agency management platform, website, APIs, and related services (collectively, the "Services").

1. Information We Collect

Account Information

When you create an account, we collect your name, email address, phone number, job title, and agency information. If you sign up through SSO (SAML), we receive identity attributes from your identity provider.

Agency & Client Data

You and your team enter data about your insurance clients, policies, claims, invoices, and commissions into PrizMova. This data is owned by you and your agency. We process it solely to provide the Services.

Usage Data

We automatically collect information about how you interact with the Services, including pages viewed, features used, timestamps, IP addresses, browser type, and device information.

Communications

If you use Smart Inbox, we process emails and SMS messages that you send and receive through the platform. These messages are stored in your tenant's isolated database.

2. How We Use Your Information

  • Provide & improve the Services — operate, maintain, and improve PrizMova's features and performance
  • AI-powered features — power ARIA, our AI assistant, document extraction, churn prediction, and coverage gap analysis
  • Communications — send transactional emails (password resets, billing receipts, renewal alerts) and, with your consent, marketing communications
  • Security — detect, prevent, and respond to fraud, abuse, and security incidents
  • Compliance — meet legal obligations, respond to legal process, and enforce our terms
  • Analytics — understand usage patterns to improve the product (aggregated and anonymized)

3. Data Sharing & Third Parties

We do not sell your personal information. We share data only in the following circumstances:

  • Service providers — we use trusted third-party providers to operate the Services:
    • Clerk (authentication & identity)
    • Neon (database hosting)
    • Vercel (application hosting)
    • Stripe (payment processing)
    • Resend (email delivery)
    • Twilio (SMS delivery)
    • DocuSign (electronic signatures)
    • Anthropic (AI processing via Claude)
  • Legal requirements — when required by law, subpoena, court order, or government request
  • Business transfers — in connection with a merger, acquisition, or sale of assets
  • With your consent — when you explicitly authorize sharing with a third party

4. AI & Machine Learning

PrizMova uses AI (powered by Anthropic's Claude) to provide intelligent features like ARIA, document extraction, and risk analysis. Important safeguards:

  • PII scrubbing — personally identifiable information is removed from data before it is sent to any external AI model
  • No model training — your data is never used to train third-party AI models
  • Audit logging — every AI interaction is logged with timestamps and token counts for auditability
  • Human review — AI outputs that trigger actions (e.g., automated renewals) include human-in-the-loop review

5. Data Security

  • Encryption in transit — all data transmitted over TLS 1.3
  • Encryption at rest — AES-256 encryption for all stored data
  • Tenant isolation — PostgreSQL Row Level Security (RLS) ensures complete data isolation between agencies
  • SOC 2 Type II — we are pursuing SOC 2 Type II certification
  • Access controls — role-based access control (RBAC) with principle of least privilege
  • Audit logs — comprehensive logging of all data access and mutations

For more details, see our Security page.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide the Services. When you delete your account:

  • Agency data is permanently deleted within 30 days
  • Backups containing your data are purged within 90 days
  • Aggregated, anonymized analytics data may be retained indefinitely
  • Data required for legal compliance may be retained as required by law

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate data
  • Deletion — request deletion of your personal data
  • Portability — receive your data in a structured, machine-readable format
  • Objection — object to processing based on legitimate interests
  • Restriction — request restricted processing in certain circumstances

To exercise any of these rights, contact us at privacy@prizmova.com.

8. Cookies & Tracking

We use essential cookies required for the Services to function (authentication, session management). We use analytics cookies (anonymized) to understand usage patterns. We do not use advertising or tracking cookies. You can control cookie preferences in your browser settings.

9. Children's Privacy

PrizMova is designed for business use and is not directed to children under 16. We do not knowingly collect personal information from children under 16.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice in the Services at least 30 days before the changes take effect.

11. Contact Us

If you have questions about this Privacy Policy or our data practices: