Last updated: April 11, 2026

Effective: April 11, 2026

AI-Drafted Disclaimer: These documents were drafted with AI assistance and have not been reviewed by an attorney. Consult legal counsel before relying on them.

ClearQuote Privacy Policy

Last updated: April 2026

Defined Terms

• "Personal Information" means information that identifies or could identify a natural person.
• "NPI" or "Nonpublic Personal Information" means information as defined under the Gramm-Leach-Bliley Act (GLBA) — insurance-related financial information about a consumer that is not publicly available.
• "Agent Data" means Personal Information the Agent provides about themselves: name, email, phone number, license number, agency name, and agency logo.
• "Client Data" means Personal Information and NPI about the Agent's insurance clients, including client names, email addresses, carrier quotes, and policy details that the Agent uploads or enters into the Service.
• "Service" means the ClearQuote platform at clearquoteapp.com.
• "Agent" or "you" means a licensed insurance producer who holds an account with ClearQuote.

Introduction

This Privacy Policy explains how ClearQuote collects, uses, shares, and protects Personal Information and NPI when you use the Service.

ClearQuote provides proposal software for independent insurance agents. We process Agent Data on our own behalf and Client Data as a service provider on your behalf — the Client Data belongs to you and your clients.

Questions? Contact us at support@clearquoteapp.com.

Information We Collect

a. Account Information (Agent Data)

When you create and maintain your ClearQuote account, we store:

• Your name
• Your email address
• Your phone number
• Your insurance license number
• Your agency name
• Your agency logo (stored in Supabase Storage public logos bucket)

b. Client Proposal Data (Client Data — you provide this)

When you create proposals for your clients, we store:

• Client name
• Client email address
• Insurance type (auto, home, renters)
• AI-generated proposal content (coverage comparison, recommendation, introduction, and closing sections)

c. Carrier Quote Data (Client Data — extracted from uploaded documents)

When you upload carrier quote documents, we extract and store:

• Carrier name
• Annual premium amount
• Extracted quote text (may contain policy numbers, coverage limits, client address)
• Structured quote data (coverage details, deductibles, premium breakdown)
• AI-generated quote summary

The original carrier quote PDF files are used transiently for extraction and are not permanently retained after successful processing.

d. Usage Data (automatically collected)

When your clients view proposals you have shared with them, we automatically collect:

• Device type (phone, tablet, desktop)
• Browser and operating system (user agent string)
• IP address

These tracking events record when a proposal was viewed so you can see engagement on your dashboard.

e. Data Transmitted but Not Stored by ClearQuote

The following data passes through or to third-party services for specific purposes, but is not permanently retained by ClearQuote:

• AI processing: Proposal content (including carrier quote data and client identifiers) is sent to Anthropic to generate proposals and extract text. Anthropic does not retain this data beyond processing the API request.
• Email delivery: Your client's email address and the proposal share link are sent to Resend to deliver proposals to your clients.
• Payment processing: Payment information (card number, billing address, cardholder name) is submitted directly to Stripe Checkout. This information never touches ClearQuote servers. We receive only opaque identifiers (Stripe customer ID and subscription ID) after payment completes.
• Runtime logs: Vercel (our hosting provider) may capture user identifiers and IP addresses in server logs on error paths. These logs are retained for 30 days per Vercel's default retention policy.

How We Use Your Information

We use your information to:

• Provide the Service — generate proposals, extract carrier quote data, present your branded proposals to clients
• Process payments — manage your subscription and billing through Stripe
• Send transactional emails — deliver proposals to your clients via Resend; send account-related notifications
• Generate AI content — send relevant data to Anthropic API to generate proposal text and extract quote information
• Prevent abuse — apply rate limiting on sensitive operations using Upstash Redis

We do NOT use your information for advertising, behavioral profiling, or selling to third parties.

How We Share Your Information

We share your information only with the following service providers, each of which processes data solely to support delivery of the Service:

• Supabase — Database, authentication, and file storage. Supabase processes all Agent Data and Client Data stored in our database and storage buckets. Region: US (AWS us-east-1).

• Vercel — Application hosting and edge functions. Vercel processes all HTTP traffic metadata and may retain runtime logs for up to 30 days. Region: US.

• Stripe — Payment processing and subscription management. Stripe processes payment method details, billing address, and email address for subscription billing. Region: US.

• Resend — Transactional email delivery. Resend processes your client's email address and the full HTML content of the proposal email (which includes client PII and NPI from the proposal). Region: US.

• Anthropic — AI inference for proposal generation and carrier quote extraction. Anthropic processes carrier quote content (NPI), including carrier names, premium amounts, coverage details, and client identifiers needed to generate accurate proposals. Region: US.

• Upstash — Rate limiting (Redis). Upstash processes user identifiers and request counts to enforce rate limits on sensitive API endpoints. Region: US (multi-region).

We do not sell your Personal Information. We do not share your Personal Information for cross-context behavioral advertising. We do not disclose your information to data brokers or advertising networks.

For a complete list of our service providers, see our Subprocessor List.

Cookies and Tracking

We use a single essential cookie for authentication (the Supabase session token). We do not use tracking cookies, analytics cookies, or advertising cookies. No consent banner is shown because no tracking occurs.

For details on the specific cookie we use, see our Cookie Notice.

Data Retention

We retain your information for the duration of your active account plus 30 days after account termination. After the 30-day grace period, your data is permanently deleted from our systems.

Stripe retains payment and billing records in accordance with their own privacy policy and legal obligations. We do not control Stripe's retention of your payment history.

Vercel runtime logs are retained for up to 30 days per Vercel's default policy.

Public Proposal Disclosure

When you share a proposal with a client via the Service, your agency name, email address, and phone number are visible to anyone who accesses the proposal share link.

This is a core feature of the Service — proposals are designed to be shared with your clients and include your contact information so they can reach you. If you prefer not to display your phone number or email address on the public proposal, contact us at support@clearquoteapp.com.

Your Rights — California Residents (CCPA)

If you are a California resident, the California Consumer Privacy Act gives you specific rights regarding your Personal Information.

Right to Know

You have the right to request that we disclose:

• The categories of Personal Information we have collected about you
• The specific pieces of Personal Information we have collected about you
• The categories of sources from which we collected your Personal Information
• The business or commercial purpose for collecting your Personal Information
• The categories of third parties with whom we shared your Personal Information

Right to Delete

You have the right to request deletion of your Personal Information. We will process deletion requests within 30 days, subject to exceptions required by law (such as retaining billing records to comply with financial regulations).

Right to Opt-Out of Sale

We do not sell your Personal Information. You do not need to opt out because no sale occurs. We do not share your Personal Information for cross-context behavioral advertising.

Non-Discrimination

We will not discriminate against you for exercising your privacy rights. Exercising your rights will not affect your access to or pricing of the Service.

How to Exercise Your Rights

Email support@clearquoteapp.com from the email address associated with your account. We will verify your identity via that email address before processing your request.

Account Deletion

To delete your account and all associated data, email support@clearquoteapp.com. We will process your request within 30 days. Account deletion is currently a manual process — there is no self-serve deletion button.

What gets deleted:

Upon account deletion, we remove from our systems:

• Your agency profile (name, email, phone, license number, logo, branding settings)
• All proposals and proposal content
• All carrier quotes and extracted data
• All proposal view tracking events
• Your account credentials (Supabase Auth)

What is retained:

• Stripe retains records of past payments and subscriptions in accordance with their own retention policies and applicable financial regulations. We do not control this retention.
• Vercel runtime logs may retain server log entries for up to 30 days after deletion if those entries were recorded before deletion was processed.

Security

We maintain the following technical safeguards to protect your information:

• Encryption at rest: All data stored in our database and file storage is encrypted using AES-256 at rest via Supabase on AWS infrastructure.
• Encryption in transit: All connections between your browser, our servers, and our service providers use TLS encryption.
• Row-Level Security: Our database enforces Row-Level Security (RLS) policies on all tables. Your data is only accessible to your account. No other agent or user can access your proposals, client data, or agency settings.
• Rate limiting: Sensitive API endpoints (proposal generation, document upload) are protected by rate limiting to prevent abuse.
• CI security pipeline: Our continuous integration pipeline runs automated vulnerability scanning (npm audit, Gitleaks, Semgrep) on every code change.
• Content Security Policy: Our application enforces a Content Security Policy to restrict what external resources can be loaded by your browser.

We are a small, independently operated SaaS. We do not have a SOC 2 certification, formal employee security training program, or business continuity plan. We are honest about this.

Insurance Industry — GLBA Service-Provider Framing

ClearQuote, as a service provider, supports Customer's compliance with applicable regulations, including the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule.

We are not a financial institution and do not independently certify compliance with the GLBA. We do not make representations about your compliance obligations under the GLBA, the NAIC Model Audit Rule, or RCW 48.135 (the Washington Insurance Commissioner's regulations). Those obligations belong to you as a licensed insurance producer.

For details on the technical and organizational security measures we maintain in support of your compliance needs, see our Data Processing Addendum.

Changes to This Policy

We will notify you of material changes to this Privacy Policy via email at least 30 days before the changes take effect. The "Last updated" date at the top of this document reflects the most recent revision. Continued use of the Service after the effective date constitutes acceptance of the updated Policy.

Contact Information

• General inquiries and privacy requests: support@clearquoteapp.com
• Security disclosures: security@clearquoteapp.com
• Responsible disclosure policy: See our Security Policy.