Privacy Policy

1. Introduction

Afirm Labs LLC ("we," "us," or "our") operates afirmlabs.com and provides AI-powered document processing services for insurance brokers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services.

2. Information We Collect

2.1 Information You Provide

• Contact information (name, email, phone number, company name)
• Business information (company size, industry details, workflow requirements)
• Documents you upload for processing or demonstration purposes
• Communication records (emails, call notes, support tickets)

2.2 Information Collected Automatically

• Usage data (pages visited, features used, time spent)
• Device information (browser type, operating system, IP address)
• Cookies and similar tracking technologies
• Analytics data via Google Analytics 4 (when consented)

2.3 Document Data

• Insurance documents uploaded for processing (loss runs, SOVs, ACORDs, quotes, COIs)
• Extracted data and structured outputs from our AI processing
• Processing logs and error reports

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve our document processing services
• Process documents using AI/ML models and return structured data
• Communicate with you about our services, updates, and support
• Respond to your inquiries and provide customer support
• Analyze usage patterns and improve our website and services
• Train and improve our AI models (only with explicit consent)
• Comply with legal obligations and enforce our terms
• Detect and prevent fraud, abuse, and security incidents

4. Data Sharing and Disclosure

We may share your information with:

4.1 Service Providers

• Cloud hosting providers (e.g., Vercel, AWS, Google Cloud)
• AI/ML service providers for document processing
• Analytics providers (Google Analytics)
• Communication tools (email, scheduling)

4.2 Legal Requirements

We may disclose information when required by law, legal process, or to protect our rights, privacy, safety, or property, or that of others.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

We do not sell your personal information to third parties.

5. Data Security

We implement appropriate technical and organizational measures to protect your information, including:

• Encryption of data in transit and at rest
• Access controls and authentication mechanisms
• Regular security assessments and updates
• Secure document processing pipelines
• Employee training on data protection

6. Data Retention

We retain your information for as long as necessary to provide our services and comply with legal obligations:

• Account data: Retained while your account is active and for a reasonable period after termination
• Document data: Retention periods specified in service agreements or as required by law
• Analytics data: Aggregated data may be retained indefinitely
• Legal/compliance data: Retained as required by applicable laws and regulations

7. Your Rights and Choices

Depending on your location, you may have the following rights:

• Access: Request access to your personal information
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your information
• Portability: Request a copy of your data in a portable format
• Objection: Object to certain processing activities
• Consent withdrawal: Withdraw consent where processing is based on consent
• Cookies: Manage cookie preferences through our consent banner

To exercise these rights, contact us at legal@afirmlabs.com.

8. Cookies and Tracking

We use cookies and similar tracking technologies. You can manage your preferences through our cookie consent banner. Types of cookies we use:

• Necessary cookies: Essential for website functionality (always active)
• Analytics cookies: Help us understand usage patterns (optional, requires consent)

9. Third-Party Links

Our website may contain links to third-party websites (e.g., Calendly for scheduling). We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

10. Children's Privacy

Our services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children.

11. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for such transfers, including standard contractual clauses approved by the European Commission for transfers from the EU/EEA.

11.1 GDPR Rights (EU/EEA Users)

If you are located in the European Union or European Economic Area, you have additional rights under the General Data Protection Regulation (GDPR):

• Right to be informed about how your data is processed
• Right to access your personal data
• Right to rectification of inaccurate data
• Right to erasure ("right to be forgotten") in certain circumstances
• Right to restrict processing in certain circumstances
• Right to data portability
• Right to object to processing based on legitimate interests
• Right not to be subject to automated decision-making
• Right to lodge a complaint with your local supervisory authority

Legal basis for processing: We process your data based on:

• Contract: To provide services you've requested
• Consent: For analytics and marketing communications (you can withdraw consent anytime)
• Legitimate interests: To improve our services and prevent fraud
• Legal obligation: To comply with applicable laws

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the new policy on this page and updating the "Last Updated" date. Continued use of our services after changes constitutes acceptance of the updated policy.

13. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us: