Privacy Policy

We take your privacy seriously.

We value your privacy and your customers’ privacy and the trust you place in us. To better protect your privacy we provide this notice to explain our online information practices and the choices you can make about the way your information is collected and used.

InsuredHQ System

Personal data is added to IHQ via third-party agencies or service providers which utilise the INSUREDHQ system. Any information you submit to such agencies or service providers is collected under their privacy policies and you should contact them with any privacy requests or inquiries.

Data Retention

INSUREDHQ retains personal information as directed by third party agencies or service providers.

How We Share & Disclose Information

INSUREDHQ may share and disclose user Information as reasonably necessary for the purposes stated in this policy to the following entities:

INSUREDHQ employees. INSUREDHQ may disclose Personal Information to its employees if necessary for the purpose of managing the INSUREDHQ system.
Customer access. INSUREDHQ may disclose Personal Information to system administrators or any other authorised user that has permission to access, modify, audit or restrict access to personal information.
To comply with laws. If we receive a request for information, we may disclose information if we reasonably believe disclosure is in accordance with or required by any applicable law, regulation or legal process.

Users of the INSUREDHQ system may disclose personal information which belongs to another person, such as when creating policies or endorsements on behalf of other persons. By doing so, they will be taking the role of the controller and will be responsible for ensuring consent has been obtained.

Security Assurance

To prevent unauthorised access, maintain data accuracy, and ensure the correct use of information, we have put in place appropriate physical, electronic, and managerial procedures to safeguard and secure the information we collect online.

INSUREDHQ is also in the process of achieving internationally recognized security certifications for ISO 27001 (information security management system) in alignment with ISO 27017 (cloud security) and ISO 27018 (for protecting personal data in the cloud. More information on INSUREDHQ security practices can be found here:

InsuredHQ Website

We collect personal information from you, including information about your:

name
contact information
interactions with us

We collect your personal information in order to:

help us schedule demonstrations of our product
send you newsletters about updates on our company and products

You have the right to ask for a copy of any personal information we hold about you, and to ask for it to be corrected if you think it is wrong. If you’d like to ask for a copy of your information, or to have it corrected, please contact us at support@insuredhq.com.

Use of Third Party Services

1. Google Analytics

We use Google Analytics to help us to understand how you use our site and tools, so we can improve our products for your benefit. Google Analytics follows your progress through our website, collecting anonymous data on where you have come from, which pages you visit, and how long you spend on the site. Google then stores this data in order to create reports. For more information on Google’s privacy policies, please visit https://policies.google.com/privacy. Google Analytics services are governed by the Google Analytics Terms of Service which can be found at: https://marketingplatform.google.com/about/analytics/terms/us/

2. Hubspot

We use third-party analytics services to help understand your usage of our services. In particular, we provide a limited amount of your information (such as sign-up date and some personal information like your email address) to Hubspot and utilise Hubspot to collect data for analytics purposes when you visit our website or use our product. As a data processor acting on our behalf, Hubspot analyses your use of our website and/or product and tracks our relationship by way of cookies and similar technologies so that we can improve our service to you. For more information on Hubspot’s use of cookies, please visit https://legal.hubspot.com/cookie-policy. We may also use Hubspot as a medium for communications, either through email, or through messages within our product(s). For more information on Hubspot’s privacy practices, please visit https://legal.hubspot.com/product-privacy-policy. Hubspot’s services are governed by its terms of use which can be found at https://legal.hubspot.com/terms-of-service

3. Mandrill

We use Mandrill to send transactional emails, such as a welcome email, purchase receipt, or forgot password email. We provide a limited amount of your information, such as your email address, to The Rocket Science Group LLC, who operate Mailchimp and Mandrill. We utilise Mandrill to collect data for analytics purposes when you view the email. For more information on Mandrill’s privacy practices, please visit https://mailchimp.com/legal/privacy/. Mandrill’s services are governed by Mailchimp’s terms of use which can be found at https://mailchimp.com/legal/terms/.

4. Amazon Web Services

We use Amazon Web Services (AWS) which provides us with cloud storage services. AWS has demonstrated compliance with a range of internationally recognised standards for content, data and infrastructure security, such as information security management system- ISO-27001, System and Organization Controls Report- SOC1/2, and The Payment Card Industry Data Security Standard. In addition, AWS has demonstrated alignment with the MPAA Content Security Best Practices. The AWS infrastructure is compliant with all applicable MPAA controls. For more information on AWS’ privacy policy please see: https://aws.amazon.com/privacy/

InsuredHQ, Privacy, Security and the GDPR

In its relationships with its clients, InsuredHQ is a data processor for the purposes of the General Data Protection Regulation (GDPR) which comes into force on 25 May 2018. Each client which is in the EU or UK, or which collects data from any UK or EU resident, is a data controller under the GDPR and each therefore is obliged to ensure that processors meet the GDPR’s requirements.

InsuredHQ is hosted on Amazon Web Services virtual servers in Frankfurt, North Carolina and Sydney. Going forwards, the use of AWS servers will be specified in InsuredHQ’s contracts. Clients in the EU and the UK will be automatically hosted on the Frankfurt servers and data originating from those clients will therefore not be transferred out of the EU except in extreme circumstances, which will be contractually provided for. Any transfer will be only to another AWS data centre.

AWS has announced that it is fully GDPR compliant (https://aws.amazon.com/blogs/security/all-aws-services-gdpr-ready/), and its website lists the rigorous international standards which AWS applies to ensure data privacy.

InsuredHQ’s contracts with its clients specify that all data is owned by those clients, although ultimately personal information is owned by the natural person from whom it originated. InsuredHQ does not assert any ownership rights over that data. In the event that the relationship between a client and InsuredHQ comes to an end, all data is returned to the client. InsuredHQ does not mine, sell or otherwise use the data for any of its own purposes. Data is processed strictly in accordance with the instructions of the client.

Although multiple clients may have their data hosted on the same server, every controller has a separate database. Data from two or more clients is never co-mingled.

InsuredHQ’s contracts also record that any data breaches will be promptly notified to any affected clients.

So far as requests by individuals for erasure of data are concerned, agreement by the client is not automatic and it will be for the client in each case to determine whether grounds for erasure exist under GDPR Article 17, and as to the application of any exceptions or limitations. InsuredHQ will respond to a request by a client to delete data after the client has made the necessary determinations.

InsuredHQ maintains stringent security processes. In addition to its in-house controls InsuredHQ is tested annually by a third party security agency which audits all aspects of SaaS-based security. This includes, but is not limited to, penetration testing and reviewing code procedures to make sure that any vulnerabilities are identified and guarded against.

InsuredHQ has deployed CloudFlare as an extra layer of protection, including against DDoS attacks. CloudFlare is GDPR-compliant (https://www.cloudflare.com/gdpr/introduction/).