Privacy Policy

ClaimBuddy, Inc. ("ClaimBuddy", "we", "us") provides an AI-assisted claims review platform to car insurance carriers. This Privacy Policy explains what information we collect, how we use it, how we protect it, and the choices available to you. We do not sell user data and we do not use customer data to train foundation models.

1. Information we collect

We collect information you provide directly (such as your name, business email address, and company), information generated through use of the service (such as audit logs, configuration, and product telemetry), and customer content uploaded by your organization for processing (such as demand letters and medical records, which may include protected health information).

2. How we use information

We use information to operate, maintain, secure, and improve the service; to provide support; to comply with legal obligations; and to communicate with account administrators about the service. Customer content is processed solely to provide the contracted service to the customer that submitted it.

3. PHI and HIPAA

We process protected health information ("PHI") on behalf of covered entities and business associates under signed Business Associate Agreements. We implement administrative, physical, and technical safeguards consistent with the HIPAA Security Rule. PHI is encrypted at rest using AES-256 and in transit using TLS 1.3.

4. No sale of personal information

We do not sell personal information. We do not share personal information for cross-context behavioral advertising.

5. No model training on customer data

We do not use customer content to train, fine-tune, or evaluate foundation models, our own models, or any third-party model. Foundation model providers are accessed under enterprise agreements with zero-day data retention.

6. Subprocessors

We engage a limited set of subprocessors to operate the service (for example, cloud hosting and observability). A current list is available on request. We provide 30 days' advance notice of any material change to our subprocessor list.

7. Data residency

All processing occurs in AWS US-East and US-West regions. No customer data is transferred outside the United States without the customer's prior written instruction.

8. Retention

Customer content is retained according to the terms of the customer agreement and is deleted on request or upon termination, subject to legal hold requirements.

9. Your rights

Depending on your jurisdiction, you may have rights to access, correct, or delete personal information we hold about you. Requests should be directed to privacy@claimbuddy.ai. For PHI, please contact your covered-entity administrator.

10. Contact

Questions about this policy can be sent to privacy@claimbuddy.ai.