InsuraCentral Privacy Policy and Security Statement

This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you access our website (https://insuracentral.com), use our mobile applications, or otherwise interact with our Services. Our Services include our life insurance CRM system and Dialer functionality, collectively referred to as the "Platform."

In providing our Services, InsuraCentral partners with the following entities:

• InsuraCentral LLC (Indiana): Owner and provider of the CRM software.
• AI PowerDialer LLC (Wyoming): Owner and provider of the Dialer system (integrated as a third‑party service), powered by Cranfer Technologies LLC.
• Insurtech Data Solutions LLC (Wyoming): Responsible for managing all cloud data hosted on our Platform—including data provided by you and data downloaded from the InsuraCentral CRM.
• Cranfer Technologies LLC: Technology partner providing platform development and support services.

By accessing or using our Services, you agree to the practices described in this Privacy Policy.

1. Our Privacy Commitment

InsuraCentral is dedicated to protecting your personal information. We have implemented a variety of administrative, technical, and physical safeguards designed to protect your data from unauthorized access, use, or disclosure. We continuously review and update our privacy practices to address new challenges and comply with evolving legal requirements.

2. Information We Collect

We collect information from you in various ways, both directly and automatically, as you interact with our Platform.

2.1. Information You Provide Directly

• Registration and Account Information: When you register for an account, we collect information such as your full name, email address, phone number, mailing address, zip code, and, if applicable, business details (including your company name and other identifying information). For paid services, financial details (e.g., credit card numbers, billing addresses) are also collected solely for billing purposes.
• User-Provided Data: You may provide additional information by uploading data to our Platform (for example, client or lead data) or through forms, surveys, or communication with our support team.
• Communication Data: We collect information from your communications with us, including support requests, feedback, and other correspondence.

2.2. Information We Collect Automatically

• Usage Information: We collect information about how you use our Platform, including pages visited, features used, time spent, and other usage patterns.
• Device Information: We collect information about your device, including IP address, browser type, operating system, and device identifiers.
• Log Data: We automatically collect log information when you use our Services, including access times, pages viewed, IP address, and other standard web log information.

3. How We Use Your Information

We use the information we collect for various purposes, including:

• Providing, maintaining, and improving our Services
• Processing transactions and managing your account
• Communicating with you about your account and our Services
• Providing customer support
• Complying with legal and regulatory requirements
• Protecting against fraud and unauthorized access
• Analyzing usage patterns to improve our Platform

4. Information Sharing and Disclosure

We do not sell, trade, or otherwise transfer your personal information to third parties without your consent, except in the following circumstances:

• Service Providers: We may share information with third-party service providers who assist us in operating our Platform and providing our Services.
• Legal Requirements: We may disclose information when required by law or to protect our rights and the rights of others.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction.
• Consent: We may share information with your explicit consent.

5. Data Security and Compliance

InsuraCentral maintains a comprehensive, in-house security program designed to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our commitment to security goes beyond industry standards—we actively invest in protecting your data through rigorous compliance frameworks and continuous monitoring.

5.1. Security Certifications and Compliance

InsuraCentral maintains compliance with the following security and privacy frameworks:

• HIPAA Compliance: As a platform serving the insurance industry, we implement all required administrative, physical, and technical safeguards under the Health Insurance Portability and Accountability Act (HIPAA). This includes encryption of Protected Health Information (PHI), access controls, audit logging, and Business Associate Agreements (BAAs) where applicable.
• SOC 2 Type II: Our platform undergoes SOC 2 Type II audits, demonstrating our commitment to the Trust Services Criteria: Security, Availability, Processing Integrity, Confidentiality, and Privacy. These audits verify that our controls are not only designed appropriately but are operating effectively over time.
• PCI DSS Compliance: For payment processing, we adhere to Payment Card Industry Data Security Standards (PCI DSS) to ensure your financial information is handled securely.
• State Privacy Laws: We comply with applicable state privacy laws including the California Consumer Privacy Act (CCPA/CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), and other emerging state regulations.

5.2. Ongoing Security Measures

Our in-house security team implements the following ongoing security measures:

• Weekly Cybersecurity Audits: Our internal security team conducts comprehensive security audits every week to identify and remediate vulnerabilities before they can be exploited. These audits cover application security, infrastructure, access controls, and compliance verification.
• Penetration Testing: We conduct regular penetration testing using our in-house security team to simulate real-world attacks and identify potential security weaknesses. Results are immediately addressed through our vulnerability management program.
• 24/7 Security Monitoring: Our Security Operations Center (SOC) provides round-the-clock monitoring of our systems for suspicious activity, unauthorized access attempts, and potential security incidents. We utilize advanced threat detection and intrusion prevention systems.
• Encryption Standards: All data in transit is encrypted using TLS 1.3, the most current and secure transport layer protocol. Data at rest is encrypted using AES-256 encryption, ensuring your information remains protected even in storage.
• Access Controls: We implement role-based access controls (RBAC), multi-factor authentication (MFA), and principle of least privilege to ensure only authorized personnel can access sensitive data. All access is logged and regularly audited.
• Employee Security Training: All employees undergo mandatory security awareness training upon hire and annually thereafter. This includes training on phishing prevention, data handling, incident reporting, and compliance requirements.
• Incident Response: We maintain a documented incident response plan that is tested and updated regularly. Our team is prepared to respond quickly to any security incident, minimizing potential impact and ensuring timely notification to affected parties.
• Secure Development Practices: Our development team follows secure coding practices, including code reviews, static and dynamic application security testing (SAST/DAST), and vulnerability scanning as part of our CI/CD pipeline.

While we implement these comprehensive security measures, no method of transmission over the internet or electronic storage is 100% secure. We continuously evaluate and improve our security posture to address emerging threats and protect your information.

6. Your Rights and Choices

You have certain rights regarding your personal information:

• Access: You can request access to your personal information
• Correction: You can request correction of inaccurate information
• Deletion: You can request deletion of your data (subject to legal requirements)
• Portability: You can request a copy of your data in a portable format
• Opt-out: You can opt-out of marketing communications
• Restriction: You can request restriction of processing in certain circumstances

7. Data Retention

We retain your personal information for as long as necessary to provide our Services and fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. When we no longer need your information, we will securely delete or anonymize it.

8. Third-Party Services

Our Platform integrates with third-party services, including AI PowerDialer LLC and Insurtech Data Solutions LLC. These third parties have their own privacy policies, and we encourage you to review them. We are not responsible for the privacy practices of these third parties.

9. Google User Data Disclosure

InsuraCentral uses Google OAuth for user authentication. This section specifically describes how we handle data obtained through Google APIs in compliance with the Google API Services User Data Policy.

9.1. Data We Access from Google

When you authenticate using Google Sign-In, we access only the following information:

• Email Address: Used to identify your account and for communication purposes
• Basic Profile Information: Your name and profile picture (if available) to personalize your experience
• Google Account ID: A unique identifier used to link your Google account to your InsuraCentral account

9.2. How We Use Google Data

The data obtained from Google is used exclusively for:

• Authenticating your identity and providing secure access to your account
• Creating and managing your InsuraCentral user account
• Sending account-related communications (e.g., password resets, security alerts)
• Displaying your name and profile picture within the Platform

We do not use Google user data for advertising purposes, and we do not access, store, or process any data from your Gmail, Google Drive, Google Calendar, or any other Google services beyond the basic profile information listed above.

9.3. Google Data Sharing

We do not sell, share, or transfer Google user data to any third parties except as strictly necessary to provide our Services (e.g., cloud hosting providers that store your account data securely). Google user data is never shared with advertisers, data brokers, or any parties for purposes unrelated to providing and improving our Platform.

9.4. Google Data Storage and Protection

Google user data is stored securely on encrypted servers with industry-standard security measures. We implement strict access controls to ensure only authorized personnel can access user data, and only when necessary for providing support or maintaining the Platform.

9.5. Google Data Retention and Deletion

We retain Google user data only for as long as your account remains active or as needed to provide our Services. You can request deletion of your Google-linked data at any time by:

• Contacting us at support@insuracentral.com with a data deletion request
• Deleting your InsuraCentral account through your account settings
• Revoking InsuraCentral's access through your Google Account permissions page

Upon account deletion or access revocation, we will delete your Google-linked data within 30 days, except where retention is required by law or for legitimate business purposes (such as fraud prevention).

10. SMS/Text Messaging

InsuraCentral enables licensed insurance agents to send SMS text messages to their clients through our Platform. This section describes how we handle SMS-related data and your rights regarding text messaging.

10.1. How Phone Numbers Are Collected

Phone numbers used for SMS messaging are collected by insurance agents from their existing clients during policy applications, quote requests, service interactions, or through established business relationships. Agents are required to obtain proper consent before messaging any client through our Platform.

10.2. Types of SMS Messages

Messages sent through our Platform include:

• Appointment reminders and confirmations
• Policy renewal notices
• Birthday and anniversary greetings
• Payment reminders
• Service updates and follow-ups
• Quote and application status updates

10.3. Message Frequency and Rates

Message frequency varies based on your relationship with your insurance agent and the services you have requested. Message and data rates may apply depending on your mobile carrier and plan.

10.4. Opting Out of SMS Messages

You can opt-out of receiving SMS messages at any time by:

• Replying STOP to any message you receive
• Replying UNSUBSCRIBE, CANCEL, END, or QUIT
• Contacting your insurance agent directly
• Emailing us at support@insuracentral.com

After opting out, you will receive a confirmation message and will no longer receive SMS messages from that sender. You may opt back in at any time by replying START or contacting your agent.

10.5. Help and Support

For help with SMS messaging, reply HELP to any message or contact us at support@insuracentral.com.

10.6. SMS Data Protection

We do not sell, share, or transfer phone numbers to third parties for marketing purposes. Phone numbers are used solely for the purpose of facilitating communication between insurance agents and their clients through our Platform.

Mobile information, including phone numbers collected as part of SMS opt-in, will never be shared with or sold to third parties or affiliates for marketing or promotional purposes. SMS consent data is used exclusively to facilitate communication between licensed insurance agents and their clients through the InsuraCentral platform. For complete details on our SMS consent and opt-in practices, please visit our SMS Consent & Opt-In Disclosure page.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). This section describes those rights and how to exercise them.

11.1. Your California Privacy Rights

As a California resident, you have the right to:

• Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of that information, the business purposes for collecting it, and the categories of third parties with whom we share it.
• Right to Delete: Request deletion of your personal information, subject to certain exceptions (such as compliance with legal obligations).
• Right to Correct: Request correction of inaccurate personal information we maintain about you.
• Right to Opt-Out of Sale/Sharing: Opt out of the "sale" or "sharing" of your personal information. Note: InsuraCentral does not sell personal information to third parties.
• Right to Limit Use of Sensitive Personal Information: Limit the use of sensitive personal information to purposes necessary to provide the Services.
• Right to Non-Discrimination: Not be discriminated against for exercising any of your CCPA/CPRA rights.

11.2. How to Exercise Your Rights

To exercise any of these rights, you may submit a verifiable consumer request by:

• Emailing us at privacy@insuracentral.com
• Contacting us at support@insuracentral.com

We will verify your identity before processing your request and respond within 45 days (which may be extended by an additional 45 days if necessary). You may also designate an authorized agent to make a request on your behalf.

11.3. Categories of Personal Information

In the preceding 12 months, we have collected the following categories of personal information:

• Identifiers (name, email address, phone number, IP address)
• Commercial information (transaction history, subscription information)
• Internet or network activity (usage data, browsing history on our Platform)
• Professional information (business name, license information for agents)
• Geolocation data (approximate location based on IP address)

12. Data Breach Notification

We take data security seriously and have implemented measures to protect your personal information. In the event of a data breach that affects your personal information, we will:

• Notify affected users without unreasonable delay, and in no case later than required by applicable law (typically within 72 hours of discovery for most jurisdictions)
• Provide information about the nature of the breach and the types of information affected
• Describe the steps we are taking to investigate and remediate the breach
• Provide recommendations for steps you can take to protect yourself
• Provide contact information for questions or concerns

Notifications will be sent via email to the address associated with your account. In some cases, we may also post a notice on our website or notify you through the Platform.

13. International Data Transfers

Your information may be transferred to and processed in countries other than your own. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards to protect your information.

14. Children's Privacy

Our Services are not directed toward individuals under the age of 18. We do not knowingly collect Personal Information from minors. If we become aware that we have inadvertently collected information from a child under 18, we will take steps to promptly delete the information from our systems.

15. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, or legal requirements. When material changes occur, we will update the "Last Revised" date at the top of this policy and notify you via our website or email if required. Your continued use of our Services after any changes constitutes your acceptance of the updated policy.

16. Contact Information

If you have any questions or concerns regarding this Privacy Policy, please contact us at:

By using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy and Security Statement.