Privacy Policy

This Privacy Policy explains how InsurOS Inc. (“Company”, “we”, “us”) collects, uses, and protects your personal data, as well as your rights under applicable privacy laws, including Canada's Personal Information Protection and Electronic Documents Act (PIPEDA).

Visitors can browse insuros.com and related properties without being tracked or personally identified:

• We only collect personal information if you voluntarily submit it via forms or signups.
• Cookies are used to maintain login sessions and basic analytics, e.g. via Cloudflare.
• We use Google Analytics to collect anonymized information about website usage (see Analytics section below).
• We do not use advertising cookies or third-party tracking tools like Facebook Pixel, LinkedIn Pixel, or Clearbit.
• Anonymous, aggregate data is collected for statistical and traffic trend analysis only.

A subscriber is someone who has opted in to receive updates, newsletters, or product-related communication. If you opt in:

• We collect your name, email address, or phone number.
• This information is used solely for communication purposes and with your consent.

If you use our hosted CRM services:

• We act as the data controller for your account details (e.g., name, email).
• We also act as a data processor for CRM data you input, such as client records and communications.
• All data processing is performed per your instructions and only for intended business purposes.
• If you are a Canadian user or customer, we comply with the requirements of PIPEDA regarding collection, consent, safeguarding, and access to personal information.

If you connect your Google account to InsurOS (e.g., for Gmail or Calendar integration), we do not use any data obtained via Google Workspace APIs to develop, improve, or train generalized AI or machine learning models. Data accessed through these integrations is used only to power your connected account features and never shared or used for AI model training.

When acting as a processor, we:

• Handle CRM data (e.g., contact info, notes, transaction logs) entered by our clients
• Use the data solely to power client-defined use cases (e.g., sales tracking, customer communication)
• Use only trusted sub-processors such as AWS, Cloudflare, Stripe, Sentry, and Front under strict contractual obligations
• Apply industry-standard security protections including encryption, access controls, and audits
• Offer deletion or return of data upon request or contract termination
• Support clients with GDPR- and PIPEDA-compliant subject access, rectification, and erasure requests

If you self-host InsurOS:

• You maintain full control and ownership of your data
• We do not access your CRM data
• We may collect metadata (e.g., domain name, admin emails) for enterprise support or licensing
• If telemetry is enabled, only non-personal metadata is collected (e.g., performance logs)
• Telemetry is opt-out and can be disabled via environment variable

We use Google Analytics to collect anonymized information about how users interact with our website and platform. This includes metrics such as pages visited, time spent on site, and technical data about browsers and devices.

• Google Analytics helps us understand usage patterns and improve our user experience.
• Google may collect and process data in accordance with its own policies. For details, see: https://policies.google.com/privacy
• You can opt out of Google Analytics by installing the browser add-on here: https://tools.google.com/dlpage/gaoptout

We retain your data:

• As long as your account is active
• To fulfill legal, regulatory, or support obligations
• You may delete your account and data at any time through your dashboard

We comply with:

• GDPR (General Data Protection Regulation)
• CCPA (California Consumer Privacy Act)
• PECR (Privacy and Electronic Communications Regulations)
• PIPEDA (Personal Information Protection and Electronic Documents Act - Canada)

We are not certified under:

• PCI (Payment Card Industry)
• HIPAA (Health Insurance Portability and Accountability Act)

As such, our platform is not intended to store financial or medical data requiring these standards.

We may update this policy as our services or applicable laws evolve. Significant updates will be communicated to active users via email.

For questions or concerns about this Privacy Policy or your data rights, contact: hello@insuros.ca