Privacy Policy

Plain-language summary: We collect the information your agency provides to operate the platform — names, emails, phone numbers, policy data, and usage telemetry. We do not sell it. We share it only with the carriers, raters, and integrations you connect. We protect it with industry-standard security (encrypted in transit and at rest, access-controlled, audited). You can export or delete it at any time.

1. Information we collect

Information you give us

• Account information — name, email, phone, agency name.
• Customer data you import or sync — policyholder records, policies, communications, recordings, transcripts.
• Billing details — handled by Stripe; we never see your card.

Information collected automatically

• Usage data — pages visited, features used, AI agent activity, performance metrics.
• Device & technical data — browser, OS, IP address (hashed), session timestamps.
• Cookies & similar tech — essential cookies and consented analytics only.

2. How we use it

• To operate, secure, and improve the platform.
• To run AI workflows you configure (lead scoring, voice calls, automations).
• To support you — respond to tickets, host onboarding sessions, debug issues.
• To comply with law, including TCPA, state insurance regulations, and audits.
• To detect abuse, fraud, and security threats.

3. How we share it

We share customer data only with the third parties you explicitly connect — carriers, raters, your CRM if it's not ours, your phone provider, your calendar. We use sub-processors (cloud infrastructure, analytics, error tracking) under written DPAs. A current sub-processor list lives at /legal/subprocessors.

We do not sell or rent your data. Period.

4. How we protect it

• Encrypted in transit (TLS 1.2+) and at rest (AES-256).
• Access-controlled — least-privilege, MFA-required, role-based.
• SOC 2 Type II audited annually. Report available under NDA.
• Penetration tests run quarterly by an independent firm.
• Production data is never used for training without your written consent.

5. Data retention

We retain data for as long as your account is active. After cancellation, we hold data for 90 days (so you can re-activate or export), then delete it. Voice recordings are retained per your configured retention window — 30, 90, or 365 days. We retain anonymized usage analytics for 24 months for product improvement.

6. Your rights

• Access — request a copy of any data we hold about you.
• Correction — fix anything inaccurate.
• Deletion — request erasure of personal data (subject to legal holds).
• Portability — export your customer data in JSON or CSV at any time.
• Opt-out — unsubscribe from marketing email at any time.

Email privacy@policygrowth.co for any request. We respond within 30 days (sooner where required by GDPR or CCPA).

7. International users

Policy Growth is a US company. By default, data is stored in the United States. EU customers can request EU residency at no additional cost. We use Standard Contractual Clauses for any international transfers.

8. Children

Policy Growth is a B2B product. We don't knowingly collect data from anyone under 16. If you believe we have, email privacy@policygrowth.co and we'll delete it.

9. Changes to this policy

We'll email account admins at least 30 days before any material change. Non-material edits get logged at the bottom of this page.

10. Contact

Questions? privacy@policygrowth.co
Mailing address: Policy Growth, Inc., 228 W Camelback Rd, Suite 320, Phoenix, AZ 85013.