Privacy Policy

Last updated: April 19, 2026

1. Information We Collect

We collect the following categories of personal information:

A. Identifiers: When you create an account, we collect your email address, name, and password. Passwords are hashed and stored securely — we never store or have access to your plain-text password.

B. Professional Information: During onboarding, you may provide your focus area (personal lines, commercial lines, etc.), carrier appointments, aggregator affiliation, and state selections. This information is used to personalize your dashboard and experience.

C. User-Submitted Content: When you rate carriers, submit reviews, contribute commission data, or report lead vendor experiences, we collect and store that information. Reviews and ratings are displayed anonymously on the Platform. We never display your name, email, or agency name alongside your submissions unless you explicitly choose to do so.

D. Commercial Information: If you use the My Book feature, premium amounts and carrier selections you enter are stored locally in your browser and optionally synced to your account. This data is private to you and is never shared with other users, carriers, or third parties.

E. Internet or Network Activity: We collect anonymous usage data such as pages visited, features used, browser type, device type, referring URL, and time spent on the Platform. This helps us improve the product. We do not track you across other websites.

F. Geolocation Data: We collect the state(s) you select during signup to personalize carrier and aggregator information to your market. We do not collect precise GPS location data.

2. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Platform and its features.
• Personalize your dashboard, alerts, and recommendations.
• Aggregate and anonymize user-submitted data to create carrier and aggregator intelligence that benefits all users.
• Communicate with you about your account, product updates, and relevant platform changes.
• Detect and prevent fraud, abuse, or violations of our Terms of Service.

3. What We Do NOT Do

InSifter is built on trust. We commit to the following:

• We do not sell your personal data to carriers, aggregators, marketing companies, or any third party.
• We do not share your identity with carriers or aggregators. Your ratings and reviews are anonymous.
• We do not send your information to insurance companies for appointment solicitation, marketing, or underwriting purposes.
• We do not display ads or allow third-party advertisers to target you based on your InSifter data.
• We do not use your Book of Business data for any purpose other than showing it to you in your private dashboard.

4. Data Sharing and Third-Party Service Providers

We share data only in the following limited circumstances:

• Aggregated, anonymized data: We may publish or share aggregated statistics about carrier ratings, commission trends, lead vendor performance, or industry benchmarks. This data never identifies individual users.
• Service providers: We use the following categories of third-party service providers to operate the Platform:
  • Authentication and database: Supabase (stores account data, user content).
  • Hosting: Netlify (serves the website).
  • Payment processing: Stripe (processes subscription payments, if applicable). Stripe receives only payment-related information; InSifter does not store credit card numbers.
  • Analytics: If we implement analytics tools in the future, they will be privacy-respecting and disclosed here before activation. We currently do not use Google Analytics, Facebook Pixel, or any cross-site tracking tools.
  These providers access only the minimum data necessary to perform their services and are bound by their own privacy policies and data processing agreements.
• Legal requirements: We may disclose your information if required by law, court order, or governmental request, or if we believe in good faith that disclosure is necessary to protect the rights, property, or safety of InSifter, its users, or the public.

We do not sell, rent, or lease personal information to any third party for any purpose.

5. Data Security

We implement industry-standard security measures to protect your data, including encrypted connections (HTTPS/TLS), hashed passwords, row-level security policies on our database, and secure authentication tokens. However, no method of electronic transmission or storage is 100% secure, and we cannot guarantee absolute security.

6. Data Retention

We retain your account information for as long as your account is active. If you delete your account, we will remove your personal information within 30 days. Anonymized ratings and reviews that have been aggregated into carrier scores may be retained in anonymized form after account deletion, as they are no longer tied to your identity.

7. Your Rights

You have the right to:

• Access the personal information we hold about you.
• Correct inaccurate information in your profile at any time.
• Delete your account and associated personal data by contacting us.
• Export your data in a portable format upon request.
• Opt out of non-essential communications at any time.

To exercise any of these rights, contact us at privacy@insifter.com. We will respond to verifiable requests within 45 days.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), provides you with additional rights regarding your personal information. This section applies to you regardless of where InSifter is headquartered.

Categories of Personal Information Collected: In the preceding 12 months, InSifter has collected the following categories of personal information as defined by the CCPA:

• Identifiers — email address, name, account username.
• Professional or employment-related information — carrier appointments, aggregator affiliation, lines of business, license status.
• Commercial information — premium volume data entered in tools, commission data contributed to the platform.
• Internet or other electronic network activity — browsing history on the Platform, search queries, feature usage, pages visited.
• Geolocation data — state selections provided during signup (not precise location).

Business Purpose for Collection: All personal information is collected for the following business purposes: providing and improving the Platform, personalizing your experience, aggregating anonymous data for carrier and aggregator intelligence, communicating about your account, and detecting fraud or abuse.

Sale and Sharing of Personal Information: InSifter does not sell your personal information to third parties as defined by the CCPA. InSifter does not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding 12 months.

Your California Rights: As a California resident, you have the right to:

• Right to Know: Request that we disclose the categories and specific pieces of personal information we have collected about you, the categories of sources, the business purpose for collection, and the categories of third parties with whom we share it.
• Right to Delete: Request that we delete the personal information we have collected from you, subject to certain exceptions.
• Right to Correct: Request that we correct inaccurate personal information we maintain about you.
• Right to Opt Out of Sale/Sharing: Although we do not sell or share personal information, you may submit an opt-out request at any time.
• Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights. We will not deny you services, charge you different prices, provide a different quality of service, or suggest that you will receive a different level of service for exercising your rights.

How to Submit a Request: To exercise your California privacy rights, email us at privacy@insifter.com with the subject line "CCPA Request." We will verify your identity before processing your request and respond within 45 days. You may also designate an authorized agent to submit requests on your behalf.

Do Not Sell My Personal Information: InSifter does not sell personal information. If our practices change in the future, we will update this policy and provide a clear opt-out mechanism before any sale occurs.

9. Cookies and Local Storage

InSifter uses browser local storage to maintain your session, store your preferences, and cache your book of business data for performance. We use essential cookies for authentication. We do not use third-party tracking cookies, advertising cookies, or cross-site tracking technologies.

10. Children's Privacy

InSifter is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we make significant changes, we will notify you via email or a prominent notice on the Platform. Your continued use of InSifter after changes are posted constitutes acceptance of the updated policy.

12. Data Breach Notification

In the event of a data breach that affects your personal information, InSifter will notify affected users as required by applicable law. We will provide notification via email to the address associated with your account as promptly as reasonably practicable, and in no case later than 72 hours after we become aware of a breach that is likely to result in risk to your rights and freedoms. The notification will describe the nature of the breach, the categories of data affected, the likely consequences, and the measures we have taken or plan to take to address the breach. We will also notify applicable regulatory authorities as required by law.

13. International Users and GDPR

InSifter is operated from the United States and is intended primarily for U.S.-based insurance professionals. If you access the Platform from outside the United States, you do so at your own initiative and are responsible for compliance with local laws. If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) or equivalent legislation. The lawful basis for processing your personal information is your consent (provided at account creation), the performance of our agreement with you (account management and platform access), and our legitimate interests (platform security, fraud prevention, and product improvement). You may withdraw consent at any time by deleting your account. To exercise your GDPR rights, including the right to access, portability, erasure, restriction, or objection, contact us at privacy@insifter.com.

14. Do Not Track

Some browsers transmit Do Not Track (DNT) signals. InSifter does not currently respond to DNT signals because there is no industry-standard interpretation of what DNT requires. We do not use cross-site tracking technologies regardless of DNT status. Our data practices are described in full in this Privacy Policy.

15. Contact

If you have questions about this Privacy Policy or want to exercise your data rights, please contact us at privacy@insifter.com.