Privacy Policy

Introduction & Scope

This Privacy Policy (“Policy”) describes how we collect, use, disclose, retain, protect, and otherwise process the personal data of individuals (“you” or “your”) who access, browse, register, or use our website, platform, applications, products, and related services (collectively, “Services”). Our commitment to safeguarding your personal information forms a fundamental part of our business, and we strive to maintain transparency, accountability, and compliance with applicable data protection laws and regulations.

By accessing or using our Services, you acknowledge that you have read, understood, and agree to the terms of this Policy. If you do not agree with any aspect of this Policy, please discontinue use of our Services immediately. This Policy is integral to our Terms of Service and should be read in conjunction with any other notices, disclaimers, or agreements that we provide regarding your personal data.

We operate under the legal frameworks applicable in the District of New York, and to the extent relevant, we strive to align our practices with widely recognized data protection principles, including fairness, lawfulness, transparency, purpose limitation, data minimization, accuracy, storage limitation, integrity, confidentiality, and accountability. Certain users may be entitled to additional rights and protections under local laws, as described in further detail below.

This Policy is extensive, providing in-depth details across multiple sections. It covers topics such as information collection, lawful bases for processing, third-party disclosures, data security, international data transfers, user rights, dispute resolution through arbitration in the District of New York, changes to this Policy, and various other considerations. Our goal is to equip you with a comprehensive understanding of how we handle your personal data and what actions you may take to exercise your rights.

Information We Collect

We collect various types of personal data in order to provide, optimize, and secure our Services. The categories of data we may collect include:

• Identification Data: Information that helps us verify your identity or create your account, such as your name, email address, contact details, unique identifiers, and relevant travel-related data where required for providing coverage options or policy administration.
• Financial & Transaction Data: Details related to payment methods and transactions executed through our Services, including payment confirmations, transaction IDs, and associated metadata. We do not store full payment card details but rely on payment processors that comply with industry standards.
• Technical & Usage Data: Information about your device, browser type, operating system, IP address, geolocation data (if permitted), time zone settings, language preferences, session logs, browsing activities, pages viewed, features used, links clicked, referral URLs, and cookies or similar technologies. This data helps us analyze performance, detect fraud, ensure security, and enhance user experience.
• Communications & Interaction Data: Records of your communication with our customer support, claims assistance, inquiries, feedback, or other interactions you have with us through email, chat, forms, or voice calls (which may be recorded subject to applicable law and notice requirements).
• User-Generated Content: If you choose to submit reviews, testimonials, or participate in forums, surveys, or promotional activities, we may collect the content you provide and associate it with your account or profile.

The specific data we collect may vary depending on your interactions with our Services, your choices (e.g., opting out of certain data collection via cookie preferences), and the policies or coverage options you select. We endeavor to collect only the minimum personal data necessary to achieve the purposes stated in this Policy.

In addition to actively collected data, we may obtain information from third-party sources, such as identity verification services, credit reference agencies, data brokers, social media platforms (if you choose to integrate your profile), or partner organizations. We will treat data obtained from third parties in accordance with this Policy, subject to any additional restrictions imposed by the source.

Lawful Bases for Processing

Our processing of your personal data will be grounded in one or more lawful bases, which may include:

• Contractual Necessity: We may process personal data to fulfill contractual obligations, such as issuing policies, administering claims, or providing customer support related to coverage options you have purchased.
• Legal Compliance: We may process personal data to comply with legal obligations, regulatory requirements, insurance industry standards, or financial reporting rules applicable in the District of New York or other relevant jurisdictions.
• Legitimate Interests: We may process personal data to pursue legitimate business interests, such as improving our Services, enhancing user experience, ensuring security, preventing fraud, conducting analytics, or facilitating business transactions (e.g., mergers, acquisitions), provided that such interests are not overridden by your fundamental rights and freedoms.
• Consent: Where required by law, we will obtain your consent before processing certain types of personal data (e.g., sending direct marketing communications, using certain cookies, or collecting sensitive data). You have the right to withdraw your consent at any time, without affecting the lawfulness of processing before such withdrawal.

When relying on legitimate interests, we will conduct a balancing test to ensure that these interests do not unduly infringe upon your privacy rights. When required to process sensitive personal data (e.g., health-related data for certain coverage), we will implement additional safeguards and obtain explicit consent as mandated by applicable law.

How We Use Your Information

We use your personal data for a range of purposes, all aligned with delivering, maintaining, improving, and securing our Services. These purposes may include, but are not limited to:

• Service Delivery: To process policy purchases, manage user accounts, handle claims, and provide requested features and functionalities. Without processing personal data, we cannot effectively administer coverage or assist you with related transactions.
• Personalization & User Experience: To tailor the content, recommendations, coverage options, and user interface according to your preferences, profile, and usage patterns, thereby enhancing your overall experience.
• Analytics & Research: To analyze user behavior, measure performance indicators, identify usage trends, troubleshoot technical issues, and inform strategic decision-making. Such analyses may be performed in aggregated or pseudonymized forms to limit unnecessary identification.
• Fraud Prevention & Security: To detect, prevent, and respond to potential fraud, unauthorized transactions, cybersecurity threats, suspicious activities, or policy misuse, as well as to safeguard the integrity and availability of our Services.
• Regulatory Compliance & Legal Obligations: To comply with laws, regulations, court orders, industry guidelines, and enforcement actions in the District of New York and other applicable jurisdictions. This may involve sharing information with law enforcement, regulators, or relevant authorities upon receiving a lawful request.
• Communications: To communicate with you about account management, policy updates, claim status, service announcements, marketing offers (if you have consented), or other information we believe may be of interest to you. You may opt-out of non-essential communications at any time.

We continuously evaluate how we use personal data to ensure that the benefits to users and the quality of our Services are balanced against any potential privacy risks.

Disclosure of Personal Data

We may share your personal data with third parties in certain contexts, including:

• Service Providers & Contractors: We engage third-party service providers to perform tasks on our behalf, such as payment processing, cloud hosting, data analytics, identity verification, and customer support. These providers are contractually bound to use personal data only for the agreed-upon purposes and maintain appropriate security measures.
• Business Transfers: In the event of a merger, acquisition, sale of assets, bankruptcy, or other business transition, personal data may be transferred as part of the transaction. We will endeavor to ensure that the receiving entity agrees to respect your personal data in a manner consistent with this Policy.
• Legal & Regulatory Requirements: We may disclose personal data if required to do so by law, in response to a subpoena, court order, regulatory inquiry, or other legal processes, or if necessary to protect our rights, property, or safety, or that of our users or the public.
• Enforcement of Agreements: If necessary to enforce our Terms of Service or other agreements, or to investigate and mitigate claims of fraud or abuse, we may share relevant personal data with legal counsel, advisors, law enforcement, or other concerned parties.
• With Your Consent: In some cases, we may request your explicit consent before sharing personal data with third parties not covered by the above conditions. In such cases, you have the right to refuse or withdraw consent.

We do not sell personal data to third parties. Any sharing arrangements are carefully scrutinized to maintain compliance with applicable laws and preserve your trust.

Data Security Measures

We employ a comprehensive set of technical and organizational security measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. These measures include, where appropriate, encryption, access controls, network firewalls, intrusion detection systems, periodic security assessments, employee training, and incident response protocols.

Despite our efforts, no method of data transmission over the internet or method of electronic storage is completely secure. We cannot guarantee absolute security. In the event of a data breach that poses a significant risk to your rights and freedoms, we will notify you and relevant authorities in accordance with applicable laws and regulatory requirements.

Cookies, Tracking Technologies & Analytics

We use cookies and similar technologies (e.g., web beacons, pixels, device identifiers) to enhance your experience, analyze usage patterns, improve security, and deliver more relevant content. Cookies are small data files stored on your device that help us remember your preferences, understand your interactions, and measure the effectiveness of features and marketing campaigns.

Some cookies are essential for the proper functioning of the Services, while others are optional and may require your consent. You can adjust your cookie settings through your browser or device settings, though disabling certain cookies may affect functionality.

We may also use analytics tools, such as web analytics services, to collect information about how users interact with our Services. These tools may utilize cookies or other identifiers to track usage patterns. Data collected through analytics is typically aggregated and used to identify trends, not to personally identify individuals.

International Data Transfers

Depending on where you reside and the location of our service providers, your personal data may be transferred to and processed in countries outside of your home jurisdiction. Some of these countries may not provide the same level of data protection as your own.

When making such international transfers, we will implement appropriate safeguards, such as standard contractual clauses or other lawful mechanisms, to ensure that your personal data receives an adequate level of protection. By using our Services, you consent to such transfers, subject to applicable data protection laws.

User Rights & Choices

Depending on your location and the applicable laws (including those in the District of New York and any other relevant jurisdictions), you may have various rights regarding your personal data. These rights may include:

• Access: The right to request access to the personal data we hold about you.
• Rectification: The right to correct inaccurate or incomplete personal data.
• Erasure: The right to request the deletion of your personal data, subject to certain exceptions (e.g., compliance with legal obligations).
• Restriction: The right to request that we limit the processing of your personal data under certain circumstances.
• Objection: The right to object to certain processing activities, such as direct marketing or processing based on legitimate interests.
• Data Portability: The right to receive personal data you have provided to us in a structured, commonly used, and machine-readable format, and to have that data transmitted to another controller where technically feasible.
• Withdraw Consent: If we process personal data based on your consent, the right to withdraw that consent at any time, without affecting the lawfulness of processing prior to withdrawal.

To exercise your rights, please contact us using the details provided in the “Contact Information” section. We may require additional verification to ensure that the request is legitimate. We will respond to your request within the timeframe prescribed by applicable law.

Arbitration for Privacy Disputes

Any dispute, claim, or controversy arising out of or relating to this Policy, our data processing practices, or your personal data (including claims related to international transfers, data security incidents, or the exercise of your rights) shall be resolved through binding arbitration in the District of New York, as described in the Arbitration clause of our Terms of Service.

By agreeing to this Policy, you waive the right to a trial by jury and any right to participate in a class action for disputes covered by this arbitration provision. All claims must be brought in your individual capacity and not as a plaintiff or class member in any purported class or representative proceeding.

The arbitrator(s) shall have the authority to grant any remedy that would be available in a court under law or in equity, but only for the benefit of the individual claimant. The decision of the arbitrator(s) shall be final and binding, and the award may be enforced in any court of competent jurisdiction.

Children’s Privacy

Our Services are not directed to children under the age of majority, and we do not knowingly collect personal data from minors without verifiable parental consent. If you become aware that a minor has provided us with personal data without appropriate consent, please contact us so that we may delete the information and close any associated accounts.

Retention of Personal Data

We retain personal data only for as long as necessary to fulfill the purposes outlined in this Policy or as required by law. The retention period may vary depending on the type of data, the nature of the Services, contractual obligations, legal retention requirements, applicable statutes of limitations, and legitimate business interests.

When personal data is no longer needed, we will securely dispose of it or anonymize it in a manner designed to prevent reconstruction or re-identification. We periodically review our data retention practices to ensure that we do not keep personal data for longer than is legally permissible or operationally required.

External Links & Third-Party Integrations

Our Services may contain links to external websites or integrate with third-party tools, platforms, or providers. We do not control such external entities, and their privacy practices may differ from ours. This Policy does not cover the privacy practices of third parties.

We encourage you to review the privacy policies and terms of those third-party services before providing personal data or engaging with their platforms. We bear no responsibility or liability for the actions, content, or data handling methods of any third parties.

Records of Processing Activities & Accountability

We maintain records of our processing activities to demonstrate accountability and compliance with applicable laws. These records may include documentation of data processing purposes, categories of personal data, categories of recipients, retention schedules, and descriptions of security measures.

We may undergo periodic internal or external audits, assessments, or certifications to verify compliance with this Policy, legal requirements, and industry standards. We are committed to improving our privacy management program through ongoing training, risk assessments, and the adoption of best practices.

Complaints & Regulatory Oversight

If you believe that we have violated your privacy rights or disagree with how we handle your personal data, you have the right to file a complaint with an appropriate supervisory authority. If required by law, we will provide the contact details of such authorities upon request.

Before escalating a complaint to regulatory bodies, we encourage you to contact us directly, as we value the opportunity to address your concerns and find an amicable resolution.

Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights. Unless permitted by applicable laws, we will not deny you goods or services, charge you different prices or rates for services (though we may consider compliance costs), provide a different level or quality of service, or suggest that you may receive a different price or rate of service if you exercise your rights.

Binding Nature of the Policy

This Privacy Policy forms a part of your agreement with us when you use our Services. By continuing to access or use our Services following the publication or notification of any changes, you agree to be bound by the revised Policy.

Should any provision of this Policy be found unenforceable by a court or arbitrator in the District of New York, the other provisions shall remain in effect. No waiver of any provision of this Policy shall be deemed a further or continuing waiver of that provision or any other provision.

Updates & Revisions

We may update this Privacy Policy periodically to reflect changes in our data practices, regulatory requirements, technological advancements, or operational needs. The “Effective Date” at the top of this Policy indicates when the most recent changes took effect.

We will provide notice of significant changes through our Services or other communication channels. If you do not agree to the revised Policy, you must discontinue using the Services. Your continued use of the Services after the revised Policy comes into effect constitutes acceptance of those changes.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our data handling practices, please contact us:

We will make every reasonable effort to address your inquiries promptly, thoroughly, and in compliance with applicable legal standards. Thank you for reviewing this Privacy Policy and for entrusting us with your personal data.