Privacy Policy

Redberry Labs (“Company,” “we,” “us,” or “our”) is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your personal information when you visit our website, use our platform, or engage with our AI insurance services (collectively, the “Services”).

By accessing or using the Services, you consent to the practices described in this Privacy Policy. If you do not agree with this Privacy Policy, please do not access or use the Services.

We collect the following categories of information:

2.1 Information You Provide Directly

• Account Information: Name, email address, phone number, job title, company name, and other contact details when you register for an account
• Insurance Application Data: Information about your organization, AI systems, deployment practices, risk profiles, revenue, and other data necessary for underwriting and policy issuance
• Claims Data: Information submitted in connection with insurance claims, including incident descriptions, loss documentation, and supporting evidence
• Payment Information: Billing address, payment method details, and transaction information (payment card data is processed by our third-party payment processors and is not stored on our servers)
• Communications: Information you provide when you contact us for support, provide feedback, or otherwise communicate with us

2.2 Information Collected Automatically

• Device and Usage Data: IP address, browser type and version, operating system, device identifiers, pages visited, time and date of visits, time spent on pages, referring URLs, and clickstream data
• Log Data: Server logs that record information about your interactions with the Services, including access times, pages viewed, and system activity
• Cookies and Tracking Technologies: Information collected through cookies, web beacons, pixels, and similar technologies as described in our Cookie Policy

2.3 Information from Third Parties

• Business Partners: Information from insurance carriers, reinsurers, brokers, and other business partners in connection with the provision of insurance services
• Public Sources: Publicly available information about your organization or AI systems relevant to risk assessment
• Analytics Providers: Aggregated or de-identified data from analytics services that help us understand how the Services are used

We use the information we collect for the following purposes:

• Provide and Improve Services: To operate, maintain, and improve the Services, including underwriting, policy issuance, claims processing, and risk assessment
• Account Management: To create and manage your account, authenticate your identity, and provide customer support
• Insurance Operations: To evaluate applications, assess risk, issue policies, process claims, and manage insurance coverage
• Communications: To send you transactional communications (policy documents, billing notices, claims updates), respond to inquiries, and provide information about our Services
• Analytics and Research: To analyze usage patterns, improve our risk models, develop new products and features, and conduct research on AI risk trends
• Security and Fraud Prevention: To detect, prevent, and address fraud, unauthorized access, and other illegal activities
• Legal Compliance: To comply with applicable laws, regulations, legal processes, or governmental requests, including insurance regulatory requirements
• Marketing: To send you promotional communications about our products and services, subject to your preferences and applicable law (you may opt out at any time)

We do not sell your personal information. We may share your information in the following circumstances:

• Insurance Partners: With insurance carriers, reinsurers, managing general agents, and other entities involved in the underwriting, issuance, and administration of insurance policies
• Service Providers: With third-party vendors and service providers who perform services on our behalf, such as payment processing, data hosting, analytics, email delivery, and customer support, subject to contractual obligations to protect your information
• Legal Requirements: When required by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request
• Business Transfers: In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred as part of that transaction
• With Your Consent: In other circumstances where we have obtained your explicit consent
• Aggregated or De-identified Data: We may share aggregated or de-identified data that cannot reasonably be used to identify you for research, analytics, or other purposes

We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. Specific retention periods depend on:

• The nature of the data and the purposes for which it was collected
• Applicable legal, regulatory, and contractual requirements, including insurance record-keeping obligations
• The duration of your account or any active insurance policy
• Whether the data is needed for legitimate business purposes such as resolving disputes, enforcing agreements, or defending claims

Insurance-related records are typically retained for the duration of the policy plus a period consistent with applicable statutes of limitations and regulatory requirements.

We implement commercially reasonable administrative, technical, and physical safeguards designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Access controls and authentication measures
• Regular security assessments and monitoring
• Employee training on data protection practices
• Incident response procedures

While we strive to protect your personal information, no method of transmission over the Internet or electronic storage is completely secure. We cannot guarantee the absolute security of your information.

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access: Request access to the personal information we hold about you
• Correction: Request correction of inaccurate or incomplete personal information
• Deletion: Request deletion of your personal information, subject to legal and regulatory requirements
• Portability: Request a copy of your personal information in a structured, commonly used, and machine-readable format
• Restriction: Request restriction of processing of your personal information in certain circumstances
• Objection: Object to the processing of your personal information for certain purposes, including direct marketing
• Withdraw Consent: Where we rely on consent for processing, withdraw your consent at any time without affecting the lawfulness of processing based on consent before its withdrawal

To exercise any of these rights, please contact us using the information in Section 13. We will respond to your request within the timeframe required by applicable law.

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• Right to Know: You have the right to know what personal information we collect, use, disclose, and sell
• Right to Delete: You have the right to request deletion of your personal information, subject to exceptions
• Right to Correct: You have the right to request correction of inaccurate personal information
• Right to Opt Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising purposes
• Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data in accordance with the General Data Protection Regulation (GDPR) and applicable local data protection laws.

Legal Basis for Processing: We process personal data on the following legal bases:

• Contractual Necessity: To perform our contractual obligations to you, including providing insurance services
• Legitimate Interests: For our legitimate business interests, such as fraud prevention, security, analytics, and improving our Services, balanced against your rights and interests
• Legal Obligation: To comply with legal and regulatory requirements
• Consent: Where you have given us specific consent, such as for marketing communications

International Transfers: Your personal data may be transferred to and processed in countries outside the EEA, UK, or Switzerland. When we transfer personal data internationally, we implement appropriate safeguards such as Standard Contractual Clauses approved by the European Commission or UK equivalents.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

The Services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children under 18. If we learn that we have collected personal information from a child under 18, we will take steps to delete that information promptly. If you believe we have collected information from a child under 18, please contact us immediately.

The Services may contain links to third-party websites or services that are not operated by us. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access through our Services.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting the updated Privacy Policy on the Services and updating the “Last updated” date. Your continued use of the Services after such changes constitutes your acceptance of the updated Privacy Policy.

We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us at:

For data protection inquiries from the EEA, UK, or Switzerland, you may also contact our Data Protection Officer at dpo@redberrylabs.com.