Privacy Policy
Last updated: June 2026
1. Introduction
CopyCat Technologies, Inc. ("CopyCat AI," "we," "our," or "us") provides an AI workspace for commercial insurance brokers: proposal generation, quote comparison, and risk analysis built on top of carrier quote PDFs and supplemental documents. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use the platform and related services (collectively, the "Services").
By accessing or using the Services, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please discontinue use of the Services.
2. Information We Collect
Information You Provide
- Contact information (name, email address, phone number)
- Organization information (agency name, address, lines of business written)
- Account credentials, API keys, and SSO identifiers (via Clerk)
- Proposal templates, brand assets (logo, color palette, fonts), and template configuration
- Carrier quote PDFs, supplemental documents, loss runs, and statements of value you upload
- Editor activity (proposal edits, comments, version history)
- Communications you send to us
Information Collected Automatically
- Device and browser information
- IP address and approximate location data
- Usage data, including proposal generation logs, extraction telemetry, and performance metrics
- Cookies and similar tracking technologies (PostHog analytics)
Customer Data
When generating proposals, comparing carrier quotes, or running risk analysis on your behalf, we process the carrier PDFs, policy documents, and supplemental files you upload ("Customer Data"). This data is processed solely to perform the requested service (extraction, analysis, proposal rendering) and is handled in accordance with our agreements with you. Customer Data is not used to train foundation models.
3. How We Use Your Information
- To provide, operate, and maintain the Services
- To execute automations and process workflows on your behalf
- To communicate with you about your account, support requests, and service updates
- To improve, optimize, and develop new features for our platform
- To monitor and analyze usage patterns and performance
- To detect, prevent, and address security issues and fraud
- To comply with legal obligations
4. Data Security
We implement industry-standard technical and organizational measures to protect your information, including:
- Encryption of data in transit (TLS) and at rest (AES-256)
- Role-based access controls and multi-factor authentication
- Audit logging and continuous monitoring
- Regular security assessments and penetration testing
- Encrypted credential vaults for stored portal access credentials
- SOC 2 Type II certified infrastructure and processes
No method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.
5. Data Sharing and Disclosure
We do not sell your personal information or Customer Data. We may share information with:
- Service providers who assist in operating our platform (hosting, analytics, communication tools), subject to confidentiality obligations
- Professional advisors (lawyers, accountants, auditors) as needed for business operations
- Law enforcement when required by law, subpoena, or legal process
- Business transfers in connection with a merger, acquisition, or sale of assets, with notice to affected users
6. Data Retention
We retain your information for as long as necessary to provide the Services and fulfill the purposes described in this policy. Automation execution logs are retained for the duration of your subscription unless you request earlier deletion. Upon termination of your account, we will delete your data within thirty (30) days, unless retention is required by law or our contractual obligations.
7. Your Rights
Depending on your location, you may have the right to:
- Access the personal information we hold about you
- Correct inaccurate or incomplete information
- Request deletion of your information
- Restrict or object to certain processing activities
- Request portability of your data in a structured format
- Withdraw consent where processing is based on consent
To exercise any of these rights, please contact us at the address below. We will respond to your request within thirty (30) days.
8. Compliance
SOC 2
CopyCat AI maintains SOC 2 Type II certification, demonstrating our commitment to security, availability, and confidentiality controls. Audit reports are available upon request under NDA.
HIPAA
For customers processing Protected Health Information (PHI), CopyCat AI is HIPAA compliant and will enter into a Business Associate Agreement (BAA) as required.
Data Protection Regulations
Where applicable, we process data in accordance with relevant data protection regulations, including CCPA and GDPR. We honor Do Not Track signals and similar mechanisms where required by law.
9. Cookies and Tracking
We use cookies and similar technologies to operate and improve the Services. These include essential cookies for authentication and security, and analytics cookies to understand usage patterns. You can manage cookie preferences through your browser settings, though disabling certain cookies may affect functionality.
10. Third-Party Links
The Services may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.
11. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated with at least thirty (30) days' notice by posting the updated policy on this page and updating the "Last updated" date. Continued use of the Services after the effective date constitutes acceptance of the revised policy.
12. Contact Us
If you have questions about this Privacy Policy or our data practices, please contact us at:
Email: hello@runcopycat.com
Website: runcopycat.com