Privacy Policy

1. Overview

BrokerStream is committed to protecting the privacy and security of your data. This policy explains what information we collect, how we use it, how we protect it, and your rights regarding your data.

2. Information We Collect

Account Information

• Name, email address, and password (hashed)
• Selected subscription tier
• Selected insurance carriers

Carrier Portal Credentials

• Carrier portal usernames and passwords that you provide
• These credentials are encrypted using AES-256 encryption at rest
• Credentials are only used to access carrier portals on your behalf

Policy and Commission Data

• Policy numbers, status, premiums, face amounts, and dates
• Commission rates and advance amounts
• Insured party names and states
• This data is retrieved from carrier portals using your credentials

Lead Information

• Lead names, phone numbers, email addresses, states, and dates of birth
• Lead source and disposition
• Notes and custom fields you create
• This data is imported by you via CSV or Google Sheets

Usage Data

• Login timestamps and session duration
• Feature usage patterns
• AI Admin conversation history (per session, not permanently stored)

3. How We Use Your Information

• To provide and operate the BrokerStream platform
• To retrieve your policy data from carrier portals on your behalf
• To calculate and display commission estimates
• To power the AI Admin assistant with relevant context about your leads and carriers
• To send account-related communications (verification codes, service updates)
• To improve the platform and fix issues

4. How We Protect Your Information

• Carrier portal credentials are encrypted with AES-256-CBC before storage
• Account passwords are hashed using bcrypt
• All data transmission uses HTTPS/TLS encryption
• Database access is restricted and authenticated
• We do not store carrier portal session tokens beyond the duration of a sync

5. Data Sharing

We do not sell, rent, or trade your personal information. We may share data only in these circumstances:

• AI Processing: Lead context is sent to Anthropic's API for the AI Admin feature. This data is processed per Anthropic's usage policies and is not used to train AI models.
• Service Providers: We use hosting and infrastructure providers (such as Vercel) to operate the platform. These providers process data on our behalf under contractual obligations.
• Legal Requirements: We may disclose information if required by law, court order, or government regulation.

6. Data Retention

• Your data is retained for as long as your account is active.
• Upon account deletion, all personal data, credentials, policy data, and lead information will be permanently deleted within 30 days.
• Anonymized usage statistics may be retained for analytics purposes.

7. Your Rights

You have the right to:

• Access: Request a copy of all data we hold about you.
• Export: Download your policy data and lead information at any time via the dashboard.
• Correction: Update or correct your account and lead information through the platform.
• Deletion: Request permanent deletion of your account and all associated data.
• Credential Removal: Remove carrier portal credentials at any time through the platform.

8. Cookies

BrokerStream uses essential cookies only for authentication and session management. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

9. Children's Privacy

BrokerStream is designed for licensed insurance professionals and is not intended for use by individuals under 18 years of age. We do not knowingly collect information from minors.

10. Changes to This Policy

We may update this privacy policy from time to time. We will notify you of material changes via email or through the platform at least 15 days before they take effect.

11. Contact

For privacy-related questions or to exercise your data rights, contact us at [email protected].