--- title: Privacy Policy Draft v1 tags: [claimguard, ethics, legal, privacy, draft] status: draft-pending-legal-review version: 2026-05-14.v1-draft created: 2026-05-14 updated: 2026-05-14 --- # 14 — Privacy Policy Draft v1 > [!warning] DRAFT — pending outside-counsel review > This is the v1 draft of the ClaimGuard Privacy Policy. It is referenced by [[13 — EULA Draft]] Section 17 ("Entire agreement") and is intended for outside-counsel review alongside the EULA. The current production system links to it; Galen is the only user as of 2026-05-14, so updates here should be reflected in production via the deploy flow (sync to `claimguard-production/eula/privacy-v1.md`, redeploy Pages). The "Notes for Galen's review" section at the end flags everything this draft punts on. > [!info] California, CalOPPA, and CCPA > ClaimGuard's signup form accepts users from all 50 U.S. states, including California. California's online privacy law (CalOPPA) requires a "conspicuously posted" privacy policy for any commercial website that collects personally identifiable information from California residents. This policy is that policy. Section 10 below covers California Consumer Privacy Act (CCPA) rights specifically. --- ## Preamble When you use ClaimGuard, you are trusting us with personal information. We take that seriously. This Privacy Policy describes what information we collect, how we use it, who we share it with, and what choices you have. It is written in plain English so you can actually read it. If anything here is unclear, contact us at the address in Section 13. This Policy is part of our agreement with you and works together with the [[13 — EULA Draft|End User License Agreement]]. By accepting the EULA, you also accept this Policy. **Effective date:** TBD on outside-counsel sign-off. **Version:** `2026-05-14.v1-draft`. --- ## 1. Who this Policy is from and who it covers ClaimGuard is operated by **ClaimGuard Systems Inc.**, a Delaware corporation ("ClaimGuard," "we," "us," "our"). When this Policy uses "you," it means the individual person whose account is being used. This Policy covers all use of the ClaimGuard website at `claimguard.co` and the AI assistant, intake dashboards, and email communications that go with it. ## 2. What we collect ### From you, when you sign up - Your **email address** (used to send you sign-in links and required account messages). - Your **first and last name**. - A **phone number** (we use this only if you ask us to contact you, or if a Partner Firm follows up under the EULA — see Section 4). - The **state** in your United States where the property you are asking about is located. - A short answer to "**how did you hear about ClaimGuard?**" so we can understand how people find us. ### From you, when you use the assistant - Every message you send to the ClaimGuard assistant and every reply it sends back. We store the full conversation so you can come back to it. - Whatever facts about your insurance claim you choose to share: carrier name, dates, dollar amounts, the language an insurance company has used in letters to you, and anything else you tell us. ### Generated automatically as a result of how you use the service - Your **internet protocol (IP) address**, which is the network identifier your computer or phone uses on the internet. - Your **browser type and operating system** (sometimes called the "user agent string"). - The **dates and times** you use ClaimGuard. - A **session cookie** that keeps you signed in (see Section 7 below). ### Generated by us, from analyzing your conversation - **Structured facts** the AI assistant extracts from your conversation: for example, the name of your insurance carrier, the type of damage, dollar amounts you mentioned, dates you mentioned, whether you received a particular kind of letter from your insurance company. These are stored separately from the raw conversation in a structured form so we can run pattern detection on them. - **Trigger fires**: when a pattern indicating possible insurance bad faith is detected, we record which pattern fired, when, and at what level of confidence. ### What we do NOT collect - We do not collect your Social Security number. - We do not collect credit card or other payment information. We never bill you. - We do not collect government-issued identification numbers. - We do not collect biometric information. We also do not buy lists of personal information from data brokers. ## 3. How we use what we collect We use the information described in Section 2 to: 1. **Run the assistant.** Your messages and the facts we have extracted are used to generate the AI's replies and to make those replies more accurate over time. 2. **Detect patterns of possible bad faith.** Our pattern engine analyzes the structured facts (Section 2) to identify situations that may merit attorney review, as described in the EULA. 3. **Decide whether to alert a Partner Firm in your state.** When patterns indicating possible bad faith are detected, and you are located in a state where we have a Partner Firm, we share the intake summary of your conversation with that firm under the consent you gave by accepting the EULA. The EULA Section 5 describes this in detail. 4. **Send you required emails.** Specifically: sign-in links when you request them, an email when you accept this Policy or the EULA, and an email confirming if you delete your account. 5. **Improve ClaimGuard.** We use **anonymized** structured patterns from past conversations to calibrate our pattern engine, including evaluating how accurate it is. This anonymized data cannot be used to identify you personally. 6. **Operate and secure the website.** Standard security and operational uses: detecting and preventing fraud or abuse, maintaining backups, responding to support requests. We do not use what we collect for advertising or marketing of third-party products or services. ## 4. Who we share information with ### Partner Firms When the conditions in EULA Section 5 are met, we share an intake summary with a Partner Firm licensed in your state. The intake summary includes your name, email, phone, the state your property is in, a summary of the structured facts we have on your conversation, and the patterns that triggered the alert. Partner Firms are independent law firms, separate legal entities from ClaimGuard Systems Inc. Each Partner Firm has its own privacy practices governed by its own ethics rules and applicable law. ### Service providers we use to operate ClaimGuard These third parties process information on our behalf. They are bound by contract to use the information only for the purpose of providing services to us: - **Cloudflare, Inc.** — hosting, content delivery, and edge security for `claimguard.co`. - **Neon, Inc.** — managed PostgreSQL database where the information described in Section 2 is stored. - **Anthropic, PBC** — the artificial intelligence provider whose models generate ClaimGuard's replies. When you send a message, the contents of your conversation are sent to Anthropic so the model can produce a response. Anthropic's terms of service prohibit using customer data to train their models without separate consent, which we have not given. - **Postmark (Wildbit, LLC, an ActiveCampaign company)** — transactional email delivery for sign-in links and required account messages. - **GoDaddy** — domain name registrar for `claimguard.co`. GoDaddy does not receive your account information. ### Legal disclosures We may disclose information when required by law, by a valid court order, or when we believe in good faith that disclosure is necessary to prevent imminent harm or to comply with a regulatory inquiry. We will, to the extent permitted by law, notify you before responding to a legal request for your information. ### What we do **NOT** do - We do **not** sell your personal information. - We do **not** share your personal information with advertisers, advertising networks, data brokers, or marketing networks. - We do **not** share your personal information with social media platforms. ## 5. How long we keep what we collect - **While your account is active:** indefinitely. Your conversation history stays available so you can return and pick up where you left off. - **When you delete your account:** your personally identifiable information is removed from our active records immediately, and from backups within thirty (30) days. This is in line with [[13 — EULA Draft|EULA]] Section 9. - **Anonymized analysis patterns:** the structured patterns we use to improve the system are retained after account deletion. These are stripped of any information that could identify you personally — they are aggregated statistical patterns, not records about you. - **Logs (technical, not personal):** website logs that contain IP addresses and request timestamps are kept for up to 90 days for security and operational purposes, then automatically deleted. ## 6. Your rights You have the following rights with respect to your information: 1. **The right to access.** You can see your conversation history at any time when you are signed in. You can also see and update your contact information at `claimguard.co/account`. 2. **The right to correct.** You can update your name, phone, state, and how you heard about us at `claimguard.co/account`. 3. **The right to delete.** You can delete your ClaimGuard account at `claimguard.co/account` (the "Danger zone" section). Deletion is irreversible. Once your account is deleted, your personally identifiable information is removed from our records as described in Section 5. 4. **The right to a copy.** You can read your full conversation history inside the ClaimGuard interface at any time. If you need an exported copy in a portable format, email us at the address in Section 13 and we will send it to you within fourteen (14) days at no charge. 5. **The right to withdraw consent.** Deleting your account is the mechanism by which you withdraw consent for ClaimGuard to share your conversation with Partner Firms. If a Partner Firm has already received your information, you may also instruct that firm directly to stop contacting you. We do not charge any fee for exercising any of these rights. We will not discriminate against you for exercising them. ## 7. Cookies ClaimGuard uses exactly one cookie. It is called `cg_session` and it is a random, opaque token that lets our system recognize that you are signed in. It has the following technical properties: - **HttpOnly:** the cookie cannot be read by JavaScript running on the page. This prevents a category of attacks called cross-site scripting from stealing your session. - **Secure:** the cookie is sent only over an encrypted (HTTPS) connection. - **SameSite=Lax:** the cookie is sent only on requests originating from the `claimguard.co` family of subdomains. - **Max-Age=30 days:** the cookie automatically expires after 30 days of activity. - **Domain=`claimguard.co`:** the cookie applies to both the main site and our API subdomain (`api.claimguard.co`). We do not use third-party advertising cookies. We do not use third-party analytics cookies. We do not use any kind of "pixel" or "tracking beacon" of any kind, from anyone. To delete this cookie, sign out of ClaimGuard or clear your browser cookies for `claimguard.co`. ## 8. How we keep your information secure We use industry-standard security practices to protect your information, including: - All communication between your browser and ClaimGuard is encrypted using HTTPS. - Session tokens are never stored in their raw form. We store only an irreversible hash (SHA-256) of each token in our database. Even if someone obtains a copy of our database, they cannot use it to sign in as you. - Sign-in links are single-use and expire fifteen (15) minutes after we send them. - The database is hosted by Neon, which encrypts both data in transit and data at rest. - Cloudflare provides distributed denial-of-service (DDoS) protection at the edge of our network. - We never share API tokens or database passwords with any third party other than the service providers in Section 4 above. No system is perfectly secure. If we ever experience a data breach that affects your information, we will notify you and the appropriate regulators within the timelines required by applicable law. ## 9. Children ClaimGuard is not intended for use by anyone under eighteen (18) years of age. By using ClaimGuard you confirm you are at least 18, as required by [[13 — EULA Draft|EULA]] Section 3. If we become aware that we have collected personal information from someone under 18, we will delete that information immediately. ## 10. California residents This section is for residents of the State of California. It provides additional disclosures required by the California Consumer Privacy Act (CCPA) and the California Online Privacy Protection Act (CalOPPA). ### Categories of information we collect In the language of the CCPA, the categories of personal information we collect about California residents are: - **Identifiers** (email address, name, phone number). - **Internet activity information** (which pages you visit, when, your IP address, your browser type). - **Commercial information** (the details of the insurance claim you describe to us). - **Inferences** (the structured facts and trigger fires we generate from analyzing your conversation). ### How we use each category For all of the purposes described in Section 3 of this Policy. ### Sources of the information You provide all of it directly to us. None of it is purchased from third parties or scraped from public sources. ### Who we share it with The service providers listed in Section 4, and Partner Firms when the EULA Section 5 conditions are met. ### Sale and sharing for cross-context behavioral advertising **We do not sell personal information** as defined under the CCPA. We have not done so in the past twelve (12) months and have no plans to do so. We also do not share personal information for the purpose of cross-context behavioral advertising. ### Your CCPA rights If you are a California resident, you have the right to: 1. **Know** what personal information we have collected about you, what we have done with it, and to whom we have disclosed it. 2. **Delete** the personal information we have about you. 3. **Correct** inaccurate personal information. 4. **Limit the use of sensitive personal information**, although we do not knowingly collect any category of "sensitive personal information" as the CCPA defines it. 5. **Opt out of any sale or sharing** of personal information, although as noted above we do not sell or share for advertising. 6. **Non-discrimination** for exercising any of the rights above. To exercise any of these rights, contact us at the address in Section 13 of this Policy, or use the deletion and correction tools at `claimguard.co/account`. ### "Shine the Light" requests California Civil Code §1798.83 permits residents to request information about how we have shared personal information with third parties for direct marketing purposes. We have not shared personal information for direct marketing purposes. To request this information formally, contact us at the address in Section 13. ## 11. International users ClaimGuard is intended for use only by residents of the United States. We do not direct our service to users outside the United States and we do not knowingly collect information from non-U.S. residents. If you are accessing ClaimGuard from outside the United States, please do not use the service. All ClaimGuard infrastructure is hosted in the United States. Information you provide will be stored and processed in the United States. ## 12. Changes to this Policy We may update this Policy from time to time. The current version number and effective date appear at the top of this document. If we make a change that materially affects how we collect, use, or share your information, we will: 1. Notify you by email at the address on file for your account at least seven (7) days before the change takes effect. 2. Require you to re-accept this Policy before continuing to use ClaimGuard. Our system tracks which version you accepted and when. For non-material changes (typo fixes, clarifications that do not change our practices), we update the version date and post the change. ## 13. Contact us For any privacy-related question, request, or concern: - **Email:** `privacy@claimguard.co` (this mailbox is monitored within two business days) - **Mail:** ClaimGuard Systems Inc., Attn: Privacy, [mailing address pending] - **Account self-service:** for the most common actions (review, correct, delete), use `claimguard.co/account`. If you are a California resident exercising CCPA rights and we cannot verify your identity from the account on file, we may ask you for additional information to verify the request. --- ## Notes for Galen's review This draft punts on several items that need a real legal pass before any production reliance: - **`privacy@claimguard.co` mailbox** — referenced throughout but not yet activated. Cloudflare Email Routing already forwards `hello@claimguard.co` to Galen's inbox; the same pattern for `privacy@` is a 2-minute setup and should happen before this Policy goes public-facing. - **Mailing address** — left as a placeholder. ClaimGuard Systems Inc.'s registered business address needs to be inserted before publication. - **Effective date** — left as TBD pending counsel sign-off. The version stamp `2026-05-14.v1-draft` is the in-document version; the effective date should be the date counsel approves. - **Anthropic data-handling specifics** — Section 4 states that Anthropic's terms prohibit training-data use without separate consent, which we have not given. This is accurate as of the current Anthropic API terms (May 2026), but it is worth confirming with our outside counsel whether the EULA also needs explicit disclosure of AI-assistant processing as a sub-processing arrangement. CCPA disclosure of subprocessors is currently in Section 4 of this Policy; whether it also needs to be in the EULA Section 5 (or as a separate "Subprocessor" list page) is a stylistic call. - **Postmark sub-processor disclosure** — Wildbit/ActiveCampaign's chain of corporate ownership has changed multiple times. Confirm the current entity name and update if needed. - **GDPR (European Union)** — Section 11 says we do not knowingly serve users outside the U.S. We should confirm this is operationally true (the signup form does not even ask for non-U.S. addresses; geo-blocking at Cloudflare is a possible future hardening step but not required if the legal posture is "U.S. only"). - **California "Notice at Collection"** — CCPA requires a "Notice at Collection" be presented to California residents AT or before the point of data collection. Our signup form does not currently display such a notice. The link to this Privacy Policy in the signup flow may or may not satisfy this; counsel should advise whether we need a more prominent banner at the moment of signup. - **Children's Online Privacy Protection Act (COPPA)** — Section 9 says ClaimGuard is 18+. COPPA covers under-13. Our 18+ floor is more conservative than COPPA's 13 floor, so we are compliant by being stricter. If counsel wants language specifically addressing COPPA, we can add it. - **Data Retention Schedule** — Section 5 describes high-level retention. A precise schedule (e.g., "logs auto-deleted at exactly 90 days") would be more defensible; this depends on what our infrastructure actually does. Cloudflare logs by default rotate at ~30 days unless we Logpush to longer-term storage (we do not currently). Neon's backup retention is part of the database plan; needs to be inventoried. - **Plain-English version vs legalese** — this draft is plain-English throughout. Counsel will likely want to add some standard legal hedging language. Galen has expressed a preference for plain-English voice; counsel pushback on specific sections should be evaluated case-by-case. - **EULA Section 17 reference** — the EULA refers to the "Privacy Policy" by name. The EULA needs to be re-deployed (v2 already in flight) with a link to this Policy at `/eula/privacy-v1.md`. ## Related - [[13 — EULA Draft]] — companion legal document; this Policy is referenced in EULA Section 17. - [[08 — Ethical & Structural Notes]] — bar opinion and software-not-advice framing. - [[04 — Database Schema]] — `users` and `messages` and `claim_facts` tables that this Policy describes. - [[06 — Phase 2 Anonymization Pipeline]] — the future architecture by which we extract patterns from ICHQ's archive; will require its own privacy review.