BrokerageAudit
← Back to Legal

Privacy Policy

Last updated: March 31, 2026

BrokerageAudit, Inc. ("BrokerageAudit," "we," "us," or "our") is committed to protecting the privacy of our customers. This Privacy Policy describes how we collect, use, disclose, and safeguard information when you use our AI-powered backoffice operating system for insurance agencies (the "Service"), accessible at brokerageaudit.com.

By accessing or using the Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

1.1 Account Information

When you create an account, we collect your name, email address, and password (stored as a secure hash). We also collect your agency name, business address, and billing information.

1.2 Insurance Documents and Data

To provide the Service, you upload or forward insurance documents including but not limited to policy declarations, binders, endorsements, certificates of insurance (COIs), ACORD forms, commission statements, and carrier correspondence. These documents may contain policyholder names, addresses, policy numbers, coverage details, premium amounts, and other business information.

1.3 Usage Data

We automatically collect information about how you interact with the Service, including pages visited, features used, document processing activity, search queries, timestamps, browser type, device information, and IP address.

1.4 Billing Information

Payment information (credit card numbers, billing addresses) is collected and processed by our payment processor, Stripe. We do not store complete credit card numbers on our servers. We retain only the last four digits, card brand, and expiration date for your reference.

2. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service, including document processing, policy comparison, COI verification, and commission reconciliation
  • Process your documents through our AI analysis pipeline to extract data, identify discrepancies, and generate compliance reports
  • Process transactions and send billing-related communications
  • Send transactional emails such as account confirmations, document processing notifications, and security alerts
  • Respond to your requests, comments, and customer support inquiries
  • Monitor and analyze usage trends to improve the Service
  • Detect, prevent, and address technical issues and security incidents
  • Comply with legal obligations

3. AI Document Processing

A core function of the Service is AI-powered document analysis. When you submit documents, they are processed using Anthropic's Claude API. Document content is sent to Anthropic's API for analysis and is subject to Anthropic's Privacy Policy. Per our agreement with Anthropic, your data submitted through the API is not used to train their models. AI-generated outputs (extracted data, comparisons, compliance flags) are stored within the Service and associated with your agency account.

4. Third-Party Services

We share information with the following third-party service providers who process data on our behalf:

  • Authentication— We handle authentication in-house using industry-standard security practices (bcrypt password hashing, encrypted JWT session tokens, httpOnly cookies).
  • Stripe— Payment processing. Processes billing information, payment card details, and transaction history.
  • Anthropic (Claude API)— AI document analysis. Processes document content submitted for analysis.
  • Cloudflare (R2 Storage)— Document storage with US-only data residency. Stores uploaded insurance documents and generated reports.
  • Resend— Transactional email delivery. Processes email addresses and notification content.

Each third-party service provider is contractually obligated to protect your information and may only use it to perform services on our behalf.

5. Data Storage and Security

All document data is stored on Cloudflare R2 with US-only data residency. Application data is stored in secure, US-based PostgreSQL databases. We implement industry-standard security measures including encryption in transit (TLS 1.2+), encryption at rest, access controls, audit logging, and regular security assessments.

While we implement commercially reasonable security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active. Insurance documents and processed data are retained for the duration of your subscription plus 90 days to allow for data export after cancellation. Billing records are retained for 7 years as required by tax and accounting regulations. You may request deletion of your data at any time by contacting us, subject to our legal retention obligations.

7. Data Sharing and Disclosure

We do not sell, rent, or trade your personal or business information. We may disclose information in the following circumstances:

  • Service Providers: As described in Section 4, to third-party providers who perform services on our behalf.
  • Legal Requirements: When required by law, subpoena, court order, or governmental regulation.
  • Business Transfers: In connection with a merger, acquisition, or sale of all or a portion of our assets.
  • Protection of Rights: To protect our rights, privacy, safety, or property, and that of our users and the public.

8. Your Privacy Rights (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

  • Right to Know: You may request information about the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of personal information we have collected, subject to certain exceptions.
  • Right to Opt-Out:We do not sell personal information. If this changes, we will provide a "Do Not Sell My Personal Information" link.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise these rights, contact us at [email protected]. We will respond to verifiable requests within 45 days.

9. Children's Privacy

The Service is designed for business use by insurance professionals and is not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us immediately.

10. International Users

The Service is operated from the United States and is intended for use by US-based insurance agencies. If you access the Service from outside the United States, your information will be transferred to and processed in the United States.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by email or through a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after changes become effective constitutes acceptance of the revised policy.

12. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

  • Email: [email protected]
  • Mail: BrokerageAudit, Inc., Attn: Privacy, 1209 Orange Street, Wilmington, DE 19801