Privacy Policy

1. Introduction

PolicyReview ("we," "our," or "us") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and protect your information when you use our website at policyreviews.org and our AI-powered insurance policy analysis service (the "Service").

2. Information We Collect

2.1 Information You Provide

• Account Information: Name, email address, and password when you create an account
• Uploaded Documents: Insurance policy PDFs that you upload for analysis
• Payment Information: Billing details processed through our payment provider (we do not store full credit card numbers)
• Communications: Any messages you send to us for support or feedback

2.2 Information Collected Automatically

• Usage Data: Pages visited, features used, analysis history
• Device Information: Browser type, operating system, device type
• Log Data: IP address, access times, referring URLs
• Cookies: Session cookies for authentication and preferences

3. How We Use Your Information

We use your information to:

• Provide and maintain the Service, including AI-powered policy analysis
• Process your account registration and manage your subscription
• Send you service-related communications (analysis completion, account updates)
• Respond to your inquiries and provide customer support
• Improve and optimize our Service and AI models
• Detect and prevent fraud, abuse, and security issues
• Comply with legal obligations

4. How We Handle Your Documents

Your uploaded insurance policies contain sensitive information. Here's how we handle them:

• Processing: Documents are processed by our AI system to extract and analyze policy information
• Storage: Extracted text is stored securely in our database to display your analysis results
• Encryption: Data is encrypted in transit (TLS) and at rest
• AI Training: We do NOT use your uploaded documents to train AI models
• Deletion: You can delete your policies and analysis data at any time from your account

5. Third-Party Services

We use the following third-party services to operate our Service:

• Anthropic (Claude AI): Processes document text to generate policy analysis. Subject to Anthropic's privacy policy.
• Vercel: Hosts our website and processes requests. Subject to Vercel's privacy policy.
• Neon: Provides our database infrastructure. Data stored securely with encryption.
• Payment Processor: Handles subscription payments securely. We do not store full payment card details.

6. Data Retention

We retain your data as follows:

• Account Data: Retained while your account is active, deleted upon account deletion request
• Policy Analysis: Retained until you delete it or close your account
• Usage Logs: Retained for up to 90 days for security and debugging purposes
• Billing Records: Retained as required by law (typically 7 years)

7. Your Rights

Depending on your location, you may have the following rights:

• Access: Request a copy of the personal data we hold about you
• Correction: Request correction of inaccurate personal data
• Deletion: Request deletion of your personal data and account
• Export: Request your data in a portable format
• Objection: Object to certain processing of your data
• Withdraw Consent: Withdraw consent where processing is based on consent

To exercise these rights, contact us at privacy@policyreview.ai

8. For European Users (GDPR)

If you are in the European Economic Area (EEA), you have additional rights under the General Data Protection Regulation (GDPR):

• We process your data based on: contract performance, legitimate interests, or your consent
• You have the right to lodge a complaint with your local data protection authority
• Data may be transferred to the United States where our services are hosted

9. For California Users (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• Right to know what personal information we collect and how it's used
• Right to delete your personal information
• Right to opt-out of the sale of personal information (we do not sell your data)
• Right to non-discrimination for exercising your privacy rights

10. Cookies

We use the following types of cookies:

• Essential Cookies: Required for authentication and security (session cookies)
• Preference Cookies: Remember your settings like dark/light mode
• Analytics Cookies: Help us understand how you use our Service (optional)

You can control cookies through your browser settings, but disabling essential cookies may affect Service functionality.

11. Security

We implement appropriate technical and organizational measures to protect your data, including encryption in transit and at rest, secure authentication, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

12. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children. If you believe we have collected data from a child, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

14. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

• Email: privacy@policyreview.ai
• Website: policyreviews.org