Privacy Policy

1. Introduction

YourClaimant, Inc. ("YourClaimant," "we," "us," or "our") is committed to protecting the privacy of our users. This Privacy Policy explains how we collect, use, disclose, retain, and safeguard your information when you use our website and services at yourclaimant.com (the "Service").

We understand that the information you provide to us is sensitive. It may include details about insurance disputes, accident circumstances, financial information about your claim, and personal documents. We treat this data with the highest level of care and use it only to provide and improve the Service for you.

This Privacy Policy is designed to comply with the California Consumer Privacy Act ("CCPA"), the California Privacy Rights Act ("CPRA"), and other applicable U.S. privacy laws. Please read this policy carefully. By using the Service, you agree to the collection and use of your information as described herein. If you do not agree with this policy, please do not use the Service.

2. Information We Collect

We collect information in three categories: information you provide directly, information collected automatically, and information from third-party services.

2.1 Information You Provide Directly

• Account information: Your name, email address, and password when you register for an account. If you register using Google SSO, we receive your name and email address from Google.
• State of residence: The U.S. state you select during onboarding, which determines the laws and regulations applicable to your claim.
• Claim information: Insurance carrier name, claim number, policy number, incident date, description of the accident, fault percentage determinations, claimed amounts, offered amounts, and other details you provide about your insurance dispute.
• Uploaded documents: Denial letters, repair estimates, police reports, insurance correspondence, and any other documents you upload to the Evidence Vault.
• Uploaded photos and videos: Photographs and videos of accident scenes, vehicle damage, road conditions, dashcam footage, and other visual evidence.
• Chat messages: Questions, instructions, and conversations you have with the AI research assistant.
• Communications you draft: Appeal letters, emails, regulatory complaints, and other documents you create, edit, or approve within the Service.
• Support communications: Messages and information you provide when you contact our support team.

2.2 Information Collected Automatically

When you access or use the Service, we automatically collect certain technical and usage information:

• Usage data: Pages visited, features used, interactions with the Service (such as buttons clicked and forms submitted), timestamps of activity, and referring URLs.
• Device information: Browser type and version, operating system, device type (desktop, mobile, tablet), and screen resolution.
• IP address: Used for security monitoring, fraud prevention, rate limiting, and approximate geographic location (city/state level, not precise location).
• Cookies and similar technologies: Essential cookies for authentication and session management (see Section 10 for details).

2.3 Information from Third-Party Services

• Google SSO: If you register or sign in using Google, we receive your name, email address, and Google account identifier. We do not receive your Google password.
• Stripe: When you make a payment, Stripe provides us with your payment status, transaction identifier, Stripe customer ID, and the last four digits of your card number for receipt purposes. We do NOT receive or store full credit card numbers, CVVs, or complete card details.

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing the Service

• Creating and managing your account
• Storing and organizing your claim documents, photos, and videos in the Evidence Vault
• Processing your claim information through AI models for analysis, legal research, and communication drafting
• Generating AI-powered claim analysis, strength assessments, and strategy recommendations
• Powering the AI research assistant to answer your questions about insurance claims and regulations
• Providing state-specific escalation guides and regulatory contact information

3.2 Operations and Improvement

• Processing payments and managing billing
• Sending transactional emails, including account verification, payment receipts, and deadline reminders
• Monitoring and improving the accuracy, reliability, and performance of the Service
• Tracking AI model usage and costs for operational purposes

3.3 Security and Legal

• Detecting, preventing, and addressing fraud, abuse, security incidents, and technical issues
• Maintaining audit logs of data access for security compliance
• Enforcing our Terms of Service
• Complying with applicable legal obligations, including responding to lawful requests from law enforcement or government agencies

4. AI Processing and Third-Party AI Providers

A core function of the Service is AI-powered analysis of your claim. To provide this, we transmit your claim data to third-party AI model providers. We believe in full transparency about this process.

4.1 What Data Is Sent to AI Providers

When you use AI-powered features (claim analysis, communication drafting, the research assistant, or photo/video analysis), the following data may be sent to AI model providers:

• Your claim description and details (carrier, state, incident description, fault percentages, amounts)
• Text extracted from uploaded documents (denial letters, estimates, police reports, correspondence)
• Uploaded photos and videos (for vision analysis features)
• Your chat messages and questions to the AI assistant
• The U.S. state associated with your claim (for legal research purposes)

We do NOT send your email address, password, payment information, or account credentials to AI providers.

4.2 Which AI Providers We Use

• Google (Gemini models): Used for Basic and Pro tier analysis, document processing, vision analysis, and text extraction. Google's data processing is governed by their Data Processing Addendum.
• Anthropic (Claude models): Used for Ultra tier analysis and advanced reasoning. Anthropic's data processing is governed by their usage policies.

4.3 How AI Providers Handle Your Data

We use enterprise-tier API access with data processing agreements from our AI providers. Under these agreements:

• Your data is NOT used to train or improve the AI providers' general-purpose models
• Your data is processed only to generate responses to your specific requests
• AI providers may temporarily retain input and output data for abuse monitoring and safety purposes, consistent with their data processing agreements
• AI providers are contractually obligated to protect the confidentiality of your data

5. Data Storage and Security

We implement industry-standard technical and organizational security measures designed to protect your data from unauthorized access, alteration, disclosure, or destruction.

5.1 Infrastructure

The Service is hosted on Cloudflare's global edge network. Your data is stored using the following Cloudflare services:

• Cloudflare D1: Structured data (account information, claim details, analysis results, chat history)
• Cloudflare R2: File storage (uploaded documents, photos, and videos)
• Cloudflare KV: Session tokens and rate-limiting data

5.2 Encryption

• In transit: All data transmitted between your browser and our servers is encrypted using TLS (Transport Layer Security). We enforce HTTPS on all connections.
• At rest: Uploaded documents and personally identifiable information are encrypted at rest using AES-256-GCM encryption.
• Passwords: Passwords are hashed using Argon2id, a memory-hard hashing algorithm designed to resist brute-force attacks. We never store passwords in plaintext or reversible form.

5.3 Access Controls

• Your data is access-controlled to your account. No other user can access your claim data, documents, or analysis results.
• Authentication uses short-lived JWT tokens (15-minute access tokens with 7-day refresh tokens) stored in secure, httpOnly cookies.
• All data access is logged in an audit trail for security monitoring.

While we implement rigorous security measures, no method of electronic storage or transmission is completely secure. We cannot guarantee absolute security of your data, but we are committed to promptly notifying affected users in the event of a data breach, as required by applicable law.

6. Payment Processing

Payments are processed by Stripe, Inc. When you make a purchase, your payment card information is transmitted directly from your browser to Stripe over an encrypted connection. YourClaimant does NOT receive, process, or store your full credit card number, CVV, or expiration date on our servers.

We receive from Stripe only the information necessary to manage your account: your Stripe customer ID, payment status (succeeded or failed), transaction ID, the last four digits of your card (for display on receipts), and the tier you purchased. Stripe's handling of your payment data is governed by their Privacy Policy.

7. Data Sharing and Third Parties

We share your information only in the following limited and specific circumstances:

• AI model providers (Google, Anthropic): Claim data, document text, photos, videos, and chat messages are sent to AI providers for analysis, as described in Section 4. These providers are contractually prohibited from using your data to train their models.
• Payment processor (Stripe): Payment card information is transmitted directly to Stripe for transaction processing, as described in Section 6.
• Infrastructure provider (Cloudflare): Your data is stored on Cloudflare's infrastructure. Cloudflare acts as a data processor on our behalf and is bound by their data processing agreement.
• Email service provider (Resend): Your email address and name are shared with our email service provider to deliver transactional emails such as account verification, payment receipts, and deadline reminders. We do not send marketing emails.
• Error monitoring (Sentry): Technical error data (error messages, stack traces, browser information) may be sent to Sentry for debugging and reliability monitoring. This data does not include your claim content or personal documents.
• Legal requirements: We may disclose your information if required to do so by law, regulation, subpoena, court order, or other governmental request. Where permitted, we will make reasonable efforts to notify you before disclosure.
• Protection of rights: We may disclose information where we believe it is necessary to investigate, prevent, or take action regarding potential violations of our Terms of Service, suspected fraud, situations involving potential threats to the safety of any person, or as evidence in litigation in which we are involved.
• Business transfers: In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or substantially all of our assets, your information may be transferred as part of that transaction. We will notify you by email or prominent notice within the Service before your information becomes subject to a different privacy policy.

8. Data Retention

We retain your data only as long as necessary to provide the Service and fulfill the purposes described in this policy, unless a longer retention period is required by law.

• Account data (name, email, state): Retained for as long as your account remains active. Deleted within 30 days of account termination, subject to legal holds and the exceptions below.
• Claim data and uploaded documents: Retained for 3 years after your claim is marked as resolved or your account is closed, whichever is later. This extended period allows you to access your records if your claim is reopened or if you need documentation for related matters.
• AI analysis results: Retained for as long as the associated claim data is retained.
• AI chat history: Retained for 1 year after creation, then automatically deleted.
• Audit logs: Retained for 2 years for security and compliance monitoring, then automatically deleted.
• Payment records: Retained for 7 years as required by tax and financial regulations (IRS record-keeping requirements).
• Session and authentication data: Session tokens expire automatically (access tokens after 15 minutes, refresh tokens after 7 days).

You may request deletion of your data at any time (see Section 9). Certain data may be retained as required by law even after a deletion request, as described above.

9. Your Privacy Rights

Regardless of your location within the United States, we provide all users with the following rights regarding their personal information:

9.1 Rights Available to All Users

• Right to access: You may request a copy of the personal information we hold about you, including your account data, claim information, uploaded documents, AI analysis results, and chat history.
• Right to correction: You may request that we correct inaccurate personal information. You can also update most account information directly within the Service.
• Right to deletion: You may request that we delete your personal information and close your account. We will comply with your request, subject to legal retention requirements described in Section 8.
• Right to data portability: You may request a copy of your data in a structured, commonly used, machine-readable format (JSON or CSV).
• Right to withdraw consent: Where processing is based on your consent, you may withdraw that consent at any time. Withdrawal does not affect the lawfulness of processing performed before the withdrawal.

9.2 How to Exercise Your Rights

To exercise any of these rights, contact us at privacy@yourclaimant.com. To protect your privacy, we will verify your identity before processing your request. Verification typically requires confirming the email address associated with your account.

We will respond to verified requests within 45 days. If we need additional time (up to an additional 45 days), we will notify you of the extension and the reason for it.

We will not discriminate against you for exercising your privacy rights. You will not receive a different level of service or quality for making a privacy request.

10. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and the California Privacy Rights Act ("CPRA"). This section provides the specific disclosures required by those laws.

10.1 Categories of Personal Information Collected

In the preceding 12 months, we have collected the following categories of personal information, as defined by the CCPA:

• Identifiers: Name, email address, IP address, account ID
• Personal information under Cal. Civ. Code 1798.80(e): Name, insurance policy and claim numbers
• Commercial information: Purchase history, tier selection, payment amounts
• Internet or electronic network activity: Browsing history within the Service, feature usage, interaction data
• Geolocation data: Approximate location derived from IP address (city/state level)
• Audio, visual, or similar information: Photographs and videos you upload to the Evidence Vault
• Professional or employment-related information: Only if voluntarily included in claim descriptions
• Inferences: AI-generated claim analysis, strength scores, and strategy recommendations derived from your data

10.2 Business Purposes for Collection

We collect each category of personal information for the business purposes described in Section 3, which include: providing the Service, processing payments, security and fraud prevention, legal compliance, and Service improvement.

10.3 Sale and Sharing of Personal Information

We do NOT sell your personal information as defined by the CCPA/CPRA. We do NOT share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

10.4 Your California Rights

As a California resident, you have the right to:

• Right to know: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources from which it was collected, the business purposes for collection, and the categories of third parties with whom we share it.
• Right to delete: Request deletion of your personal information, subject to certain exceptions provided by law (such as data needed to complete a transaction you requested, comply with a legal obligation, or detect security incidents).
• Right to correct: Request correction of inaccurate personal information.
• Right to opt out of sale/sharing: Because we do not sell or share personal information for advertising, there is no need to opt out. However, if our practices change, we will provide a clear opt-out mechanism.
• Right to limit use of sensitive personal information: You may request that we limit our use of sensitive personal information (such as insurance claim details) to what is strictly necessary to provide the Service.
• Right to non-discrimination: We will not deny you the Service, charge you different prices, or provide a different level of quality because you exercised your CCPA rights.

10.5 How to Submit a CCPA Request

You or your authorized agent may submit a CCPA request by emailing privacy@yourclaimant.com with the subject line "CCPA Request." We will verify your identity by confirming the email address associated with your account. If an authorized agent is making a request on your behalf, we may require written authorization or power of attorney.

We will respond to verified requests within 45 days, as required by law. You may make a verifiable consumer request up to twice within a 12-month period.

11. Cookies and Tracking Technologies

We use a minimal set of cookies, limited to those essential for the Service to function. We do not use advertising cookies, tracking pixels, or third-party analytics cookies that identify individual users.

11.1 Essential Cookies We Use

• Authentication cookies: Secure, httpOnly cookies that maintain your login session. These cookies contain encrypted session tokens and cannot be read by client-side scripts or third parties. They expire when your session ends or after a set period.
• CSRF protection cookies: Cookies used to prevent cross-site request forgery attacks. These are security cookies that protect your account.

11.2 What We Do Not Use

• No advertising or retargeting cookies
• No third-party tracking cookies (no Google Analytics, no Facebook Pixel, no similar tools)
• No browser fingerprinting
• No cross-site tracking of any kind

11.3 Analytics

We use Cloudflare Analytics, a privacy-respecting analytics service that provides aggregate traffic data without using cookies, tracking individual users, or collecting personal information. Cloudflare Analytics does not use any client-side tracking code or fingerprinting techniques.

12. Children's Privacy

The Service is intended for adults only. You must be at least 18 years of age to create an account or use the Service. We do not knowingly collect, solicit, or maintain personal information from anyone under the age of 18.

If we learn that we have collected personal information from a person under 18, we will take prompt steps to delete that information and terminate the associated account. If you believe we may have collected information from a person under 18, please contact us immediately at privacy@yourclaimant.com.

13. International Users

The Service is operated in the United States and is intended exclusively for users located in the United States and the District of Columbia. Our AI analysis, legal research, and escalation guides are based on U.S. state and federal laws and are not applicable to other jurisdictions.

If you access the Service from outside the United States, you understand and agree that your information will be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your country.

14. Do Not Track Signals

Some browsers transmit "Do Not Track" (DNT) signals to websites. Because we do not engage in cross-site tracking of our users, our Service operates the same way whether or not a DNT signal is received. We do not track our users across third-party websites or services.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. If we make material changes, we will notify you by:

• Sending an email to the address associated with your account, and
• Posting a prominent notice within the Service

We will provide at least 30 days' notice before material changes take effect. The "Last updated" date at the top of this page indicates when this Privacy Policy was last revised. We encourage you to review this page periodically.

Your continued use of the Service after the effective date of a revised Privacy Policy constitutes your acceptance of the updated terms. If you do not agree with the revised policy, you should stop using the Service and may request account termination and data deletion.

16. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy or the handling of your personal data, please contact us:

California residents may submit CCPA/CPRA requests by emailing privacy@yourclaimant.com with the subject line "CCPA Request."