Privacy Policy

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

• Full name (first and last name)
• Email address
• Password (encrypted and securely stored)
• Account creation and update timestamps

1.2 Claim Information

When you create and manage claims, we collect:

• Claim details (name, address, claim number, carrier information)
• Date of loss and loss types
• Estimate documents (PDFs you upload)
• Loss summaries and descriptions
• Line item comparisons and discrepancies
• Generated rebuttals and communications

1.3 Payment Information

Payment processing is handled by Stripe, our secure payment processor. We store:

• Membership type and subscription status
• Payment method information (stored securely with Stripe, not on our servers)
• Transaction history and billing records

1.4 Usage Data

We automatically collect:

• Number of claims remaining in your subscription
• User preferences and settings
• Feature usage patterns and analytics
• Login timestamps and authentication data

2. How We Use Your Information

2.1 Service Delivery

• Process and analyze your claim estimates
• Generate AI-powered justifications and rebuttals
• Compare estimates and identify discrepancies
• Provide email templates and communication tools
• Manage your subscription and billing

2.2 Account Management

• Authenticate your identity and secure your account
• Send service notifications and account updates
• Process password resets and email verification
• Enable multi-factor authentication for enhanced security

2.3 Service Improvement

• Improve our AI models and algorithms
• Analyze usage patterns to enhance features
• Develop new tools and capabilities
• Provide customer support

3. Data Security

3.1 Encryption

We use industry-standard encryption to protect your data:

• All passwords are hashed using bcrypt with salt
• Data in transit is protected with TLS/SSL encryption
• Data at rest is encrypted in our Supabase cloud database
• Multi-factor authentication uses TOTP with secure secret storage

3.2 Access Controls

• Row-level security policies ensure users can only access their own data
• Database access is restricted to authenticated users only
• Admin privileges are limited and monitored
• Regular security audits and vulnerability assessments

3.3 Infrastructure

Your data is hosted on secure, enterprise-grade infrastructure:

• Supabase PostgreSQL database with automatic backups
• Deno-powered edge functions for serverless processing
• Stripe for secure payment processing (PCI DSS compliant)
• Regular automated security patches and updates

4. Data Sharing and Disclosure

4.1 We Do NOT Share Your Data

SaveAClaim does not sell, rent, or share your personal information or claim data with third parties for marketing purposes.

4.2 Service Providers

We work with trusted service providers who help us deliver our service:

• Supabase: Database hosting and authentication services
• Stripe: Payment processing (they never receive your claim data)
• OpenAI/Anthropic: AI processing for generating justifications (data is not used to train their models)

4.3 Legal Requirements

We may disclose information only when:

• Required by law or legal process
• Necessary to protect our rights or property
• Required to prevent fraud or security threats
• Necessary to protect the safety of our users

5. AI and Machine Learning

5.1 How We Use AI

We use artificial intelligence to:

• Analyze estimate PDFs and extract line items
• Generate justifications based on IICRC standards and building codes
• Create professional email templates and rebuttals
• Suggest additional items that may be missing from estimates
• Learn from rebuttal feedback to improve future suggestions

5.2 Your Data and AI Training

We do NOT use your proprietary claim data to train AI models. Your estimates, rebuttals, and claim information remain confidential and are not shared with AI providers for model training purposes.

5.3 Rebuttal Learning System

We store aggregate feedback (ratings and effectiveness scores) to improve our suggestion algorithms. This data is anonymized and does not include personally identifiable information.

6. Data Retention

6.1 Active Accounts

We retain your data for as long as your account is active and for a reasonable period afterward to comply with legal obligations.

6.2 Automatic Deletion

• Unverified accounts are automatically deleted after 7 days
• Password reset tokens expire after 1 hour
• Email verification tokens expire after 24 hours
• MFA backup codes are securely stored until used or regenerated

6.3 Account Deletion

You may request account deletion at any time. Upon deletion, we will:

• Permanently delete your account and personal information
• Remove all claim data and uploaded documents
• Cancel any active subscriptions
• Retain only minimal transaction records as required by law

7. Your Rights

You have the right to:

• Access: Request a copy of your personal data
• Correction: Update or correct inaccurate information
• Deletion: Request deletion of your account and data
• Portability: Export your claim data in a standard format
• Objection: Object to certain processing of your data
• Restriction: Request restriction of data processing

To exercise these rights, contact us at support@saveaclaim.com

8. Cookies and Tracking

8.1 Essential Cookies

We use essential cookies to:

• Maintain your login session
• Remember your preferences
• Ensure security and prevent fraud

8.2 Analytics

We may use analytics tools to understand how users interact with our service. This helps us improve the user experience and identify technical issues.

9. Children's Privacy

SaveAClaim is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete that information immediately.

10. International Data Transfers

Your data is primarily stored in secure data centers located in the United States. By using SaveAClaim, you consent to the transfer and processing of your data in the United States and other countries where our service providers operate.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will:

• Update the "Last Updated" date at the top of this page
• Notify you via email if you have an active account
• Post a notice on our website

Your continued use of SaveAClaim after changes are posted constitutes acceptance of the updated policy.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: