Privacy Policy

ClaimFlow (“Company”, “we”, “us”, “our”) is committed to protecting the privacy of our users and the policyholders they serve. This Privacy Policy explains how we collect, use, disclose, store, and protect information when you use the ClaimFlow platform (“Service”), visit our website at www.claimflow.com (“Website”), or interact with us in any other way. By using the Service, you agree to the practices described in this Privacy Policy.

1. Information We Collect

1.1 Information You Provide Directly

Account Information: When you create an account, we collect your name, email address, phone number, company name, and billing address. If you subscribe to a paid plan, we collect payment information (credit card number, expiration date, billing address) which is processed and stored by our third-party payment processor — we do not store full credit card numbers on our servers.

Profile Information: Your professional details such as state(s) of licensure, license number(s), company role, and team members you add to your account.

Policyholder Data: Information you upload about your clients and their insurance claims, which may include: policyholder names, addresses, phone numbers, and email addresses; insurance policy numbers, carrier names, and coverage details; claim details including dates of loss, damage descriptions, and repair estimates; photographs, documents, and correspondence related to claims; settlement amounts and fee calculations. You are the data controller for all Policyholder Data. We process this data solely on your behalf to provide the Service.

Communications: When you contact us via email, the contact form, or support channels, we collect the content of your messages and any attachments you provide.

Lead Magnet Downloads: When you download free resources (such as our PA Business Guide, FNOL Checklist, or Claims Tracker), we collect your name and email address.

1.2 Information Collected Automatically

Usage Data: We automatically collect information about how you interact with the Service, including pages viewed, features used, time spent on the platform, click patterns, and navigation paths.

Device & Browser Information: Device type, operating system, browser type and version, screen resolution, and language preferences.

Log Data: IP address, access timestamps, referring URLs, and error logs.

Cookies & Similar Technologies: We use cookies, web beacons, and similar tracking technologies as described in Section 7 of this policy.

1.3 Information from Third Parties

We may receive information from third-party services you connect to your account (such as email providers, calendar services, or document storage platforms). We only access information necessary to provide the requested integration functionality.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Providing the Service: To operate, maintain, and improve ClaimFlow, including processing your claims data, enabling automations, delivering notifications, and generating reports.

• Account Management: To create and manage your account, process payments, and provide customer support.

• Communications: To send you transactional emails (account confirmations, billing receipts, security alerts), respond to support requests, and — with your consent — send marketing communications about product updates and new features.

• Product Improvement: To analyze usage patterns, identify technical issues, and develop new features. We use aggregated, anonymized data for this purpose — never individual Policyholder Data.

• Security: To detect, prevent, and address fraud, abuse, security incidents, and technical issues.

• Legal Compliance: To comply with applicable laws, regulations, legal processes, or government requests.

3. How We Share Your Information

We do not sell, rent, or trade your personal information or Policyholder Data to third parties. We share information only in the following limited circumstances:

• Service Providers: We share information with trusted third-party service providers who perform services on our behalf, including cloud hosting (data storage and processing), payment processing (billing and subscription management), email delivery (transactional and marketing emails), analytics (aggregated usage analysis), and customer support tools. These providers are contractually obligated to use your information only to provide their services to us and are bound by confidentiality obligations.

• Policyholder Portal: If you use the policyholder portal feature, limited claim information you designate will be shared with the respective policyholder through their portal access. You control what information is visible in the portal.

• Legal Requirements: We may disclose information if required to do so by law, in response to a valid subpoena, court order, or government request, or if we believe disclosure is necessary to protect the rights, property, or safety of ClaimFlow, our users, or the public.

• Business Transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership and the choices you may have regarding your information.

• With Your Consent: We may share information for any other purpose with your explicit consent.

4. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption: All data is encrypted in transit using TLS 1.2+ and at rest using AES-256 encryption.

• Access Controls: Role-based access controls ensure that only authorized personnel can access user data, and only to the extent necessary to provide support or maintain the Service.

• Infrastructure: Our Service is hosted on secure cloud infrastructure with redundant systems, regular backups, and disaster recovery capabilities.

• Monitoring: Continuous monitoring for unauthorized access attempts, security vulnerabilities, and anomalous activity.

• Incident Response: We maintain a security incident response plan and will notify affected users of any data breach in accordance with applicable law.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

Active Accounts: We retain your Account Information and Policyholder Data for as long as your account is active and as needed to provide the Service.

After Cancellation: Upon account cancellation, we retain your data for 30 days to allow you to export it or reactivate your account. After 30 days, your data will be scheduled for permanent deletion, which will be completed within 90 days of cancellation.

Backups: Encrypted backups may retain data for up to an additional 90 days after deletion from our primary systems, after which they are purged through our normal backup rotation cycle.

Legal Obligations: We may retain certain information for longer periods as required by law (such as billing records for tax purposes) or to resolve disputes and enforce our agreements.

Marketing Contacts: If you downloaded a free resource or subscribed to our mailing list, we retain your name and email until you unsubscribe. You can unsubscribe at any time using the link in any marketing email.

6. Your Rights & Choices

You have the following rights regarding your information:

• Access: You can access and view your Account Information and Policyholder Data at any time through the Service dashboard.

• Correction: You can update or correct your Account Information through your account settings. For corrections to Policyholder Data, you can edit records directly within the Service.

• Export: You can export your data at any time using the Service’s built-in export features or by contacting support@claimflow.com. We will provide your data in a standard, machine-readable format within 10 business days.

• Deletion: You can request deletion of your account and all associated data by contacting support@claimflow.com. Deletion will be completed in accordance with our data retention schedule described in Section 5.

• Marketing Opt-Out: You can opt out of marketing communications at any time by clicking the “unsubscribe” link in any marketing email or by contacting us. Opting out of marketing emails will not affect transactional communications related to your account.

• Cookie Preferences: You can manage your cookie preferences as described in Section 7.

7. Cookies & Tracking Technologies

We use the following types of cookies and similar technologies:

• Essential Cookies: Required for the Service to function properly, including session management, authentication, and security. These cannot be disabled.

• Analytics Cookies: Help us understand how visitors interact with our Website and Service, including pages visited, time spent, and navigation paths. We use this data in aggregate to improve the user experience.

• Functionality Cookies: Remember your preferences and settings (such as language, timezone, and display preferences) to provide a personalized experience.

• Marketing Cookies: Used to deliver relevant advertisements and measure the effectiveness of our marketing campaigns. These are only placed with your consent.

You can manage cookie preferences through your browser settings. Most browsers allow you to block or delete cookies. Please note that disabling essential cookies may prevent the Service from functioning properly. For more information about cookies, visit www.allaboutcookies.org.

8. State-Specific Privacy Rights

8.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including: the right to know what personal information we collect, use, disclose, and sell; the right to request deletion of your personal information; the right to opt out of the sale or sharing of your personal information (note: we do not sell personal information); the right to correct inaccurate personal information; and the right to non-discrimination for exercising your privacy rights. To exercise these rights, contact us at support@claimflow.com with the subject line “California Privacy Request.” We will verify your identity before processing your request.

8.2 Other State Privacy Laws

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), and other states with comprehensive privacy legislation may have similar rights to access, correct, delete, and port their personal information. To exercise any state-specific privacy rights, contact us at support@claimflow.com.

9. Insurance Industry Considerations

We recognize that public adjusters handle sensitive personal and financial information on behalf of policyholders. The following additional commitments apply to Policyholder Data:

• We process Policyholder Data solely as a data processor on your behalf. You remain the data controller and are responsible for obtaining any necessary consents from policyholders.

• We do not use Policyholder Data for any purpose other than providing the Service to you.

• We do not aggregate, analyze, or mine Policyholder Data across different subscriber accounts.

• We do not share Policyholder Data with insurance carriers, independent adjusters, or any third party without your explicit instruction.

• Our employees access Policyholder Data only when necessary to provide technical support, and only with appropriate authorization and audit logging.

• We maintain compliance with applicable state insurance data security regulations, including the NAIC Insurance Data Security Model Law where adopted.

10. Children’s Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you become aware that a child has provided us with personal information, please contact us at support@claimflow.com and we will take steps to delete such information promptly.

11. International Data Transfers

Our Service is hosted and operated in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer of your information to the United States.

12. Third-Party Links & Services

The Service may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to third-party sites or services. We encourage you to review the privacy policies of any third-party service you connect to your ClaimFlow account. We are not responsible for the privacy practices of third-party services.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will post the updated Privacy Policy on this page and update the “Last updated” date. For material changes that significantly affect how we handle your information, we will provide at least 30 days’ notice via email to the address associated with your account. Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@claimflow.com
Subject line: “Privacy Inquiry”
Website: www.claimflow.com/contact

We will respond to all privacy-related inquiries within 30 days.