Customer Data Privacy and Security

This commitment is not only a matter of ethical responsibility but also a legal requirement. InsurFront's adherence to the General Data Protection Regulation (GDPR) in Europe and the California Consumer Privacy Act (CCPA) in California exemplifies our dedication to protecting customer data. This article will explore how InsurFront handles customer data, focusing on data retention, automatic deletion, and compliance within the highly regulated insurance sector.

GDPR and CCPA Compliance

GDPR Compliance

The GDPR is a stringent data protection regulation in the European Union that sets guidelines for the collection and processing of personal information. InsurFront's compliance with GDPR means that we handle customer data with the utmost care, ensuring that:

• Consent: When the customer is interacting directly with InsurFront, such as through "My Account", data is collected only with explicit customer consent. Agents and representatives of insurance companies on the InsurFront platform are required to obtain such consent before entering information into the database.

• Transparency: Customers must be informed about how their data is being used through a privacy policy. The insurance company is required to put together this policy and make it available to customers.

• Data Minimization: Only necessary data is collected and processed when InsurFront is interacting directly with users. However, representatives are required to take the same precautions when entering information manually on the customer's behalf.

• Security: Robust measures are implemented to protect data from unauthorized access or breaches, including end-to-end encryption.

CCPA Compliance

The CCPA provides similar protections in California, USA, granting consumers rights over their personal information. Compliance with CCPA ensures that InsurFront:

• Respects Consumer Rights: Including the right to know about and delete their personal information. These features are displayed in the "My Account" portion of the platform.

• Maintains Transparency: About the categories of data collected and the purposes for which it is used.

• Offers Opt-Out Opportunities: For the sale of personal information. InsurFront will encourage the company to add an opt-out section to their website, but these settings must be set manually.

Data Retention in the Insurance Industry

The insurance sector is highly regulated, and certain laws and regulations require the retention of customer data for specified periods. InsurFront navigates this landscape by:

• Retaining Required Data: Maintaining records necessary for legal, tax, or regulatory reasons.

• Regular Review: Periodically assessing the data we hold to ensure it is still necessary and relevant.

• Secure Archiving: Keeping historical data secure and inaccessible for everyday operations but available for regulatory or legal purposes.

Automatic Deletion: Balancing Compliance and Privacy

InsurFront employs automatic deletion protocols to balance the need for data retention with the right to privacy. This means:

• Timely Deletion: Once the legally mandated retention period expires, customer data is automatically deleted from our systems.

• Custom Deletion Requests: In accordance with GDPR and CCPA, customers can request the deletion of their data, which InsurFront will comply with, provided there are no overriding legal or regulatory requirements to retain it.

Manually adjusting data retention settings

InsurFront allows companies to manage their data retention settings from the Settings-page. These settings are only available to super admins.

The Impact on Customers

What does this mean for our customers?

• Trust and Transparency: Customers can trust that their data is handled responsibly, with respect and in compliance with the law.

• Control Over Personal Data: Customers have significant control over their data, including the right to access, correct, and delete their information.

• Security Assurance: Customers can be assured that their data is protected against unauthorized access and data breaches.