← Back to home
LegalEffective January 1, 2024 · Last updated May 15, 2026

Privacy Policy

How PolicyTek, LLC collects, uses, shares, retains, and protects personal information — and the privacy choices and rights available to you.

1. Introduction and Scope

PolicyTek operates a business-to-business technology platform for licensed insurance professionals, agencies, lead vendors, marketing organizations, and other commercial Users. The Services are not intended for personal, family, or household use, and all transactions conducted through the Services are business-to-business commercial transactions.

This Privacy Policy explains how PolicyTek, LLC (“PolicyTek,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects personal information in connection with our websites, applications, customer relationship management (CRM) systems, agency management (AMS) systems, lead marketplace features, call routing and display tools, analytics dashboards, AI and automation features, payment and payout tools, APIs, webhooks, integrations, and related services (collectively, the “Services”).

This Policy applies to (a) individuals who visit our websites or correspond with us (“Visitors”), (b) individuals who register, sign in, or transact through the Services (“Users”), and (c) consumers whose information is uploaded, transmitted, routed, displayed, or stored through the Services by a User (“Consumer Contacts”). For information processed on behalf of a User (for example, a buyer or vendor that uploads leads or routes calls), PolicyTek typically acts as a service provider, processor, or third party under applicable U.S. state privacy laws. The User that determines the purposes and means of processing is the business or controller with respect to that data and is responsible for providing direct notice to its Consumer Contacts.

Capitalized terms not defined here have the meanings given in our Terms of Use.

2. Categories of Personal Information We Collect

2.1 Notice at Collection

The following table summarizes the categories of personal information we may collect, the sources of that information, the purposes for which we use it, and the categories of third parties to which we may disclose it. The categories listed reference the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the “CCPA”), Cal. Civ. Code § 1798.140.

Category (CCPA)ExamplesRetention
IdentifiersName, business name, email, phone number, mailing address, IP address, account ID, device identifier.For the life of the account plus a commercially reasonable period (typically up to 7 years) for tax, dispute, and legal-hold purposes.
Customer records (Cal. Civ. Code § 1798.80)Billing address, payment method metadata (tokenized; we do not store full card numbers), signature, payout banking metadata.As required by tax, accounting, and financial-services laws (typically up to 7 years).
Commercial informationTransaction history, lead and call purchases, wallet balances, refund history, support tickets, marketplace activity.Life of the account plus dispute-window and legal-hold extensions.
Internet or network activityPages viewed, clicks, session telemetry, referring URL, browser type, OS, log files, cookie identifiers.Up to 24 months unless preserved for security or legal hold.
GeolocationApproximate location derived from IP. We do not collect precise GPS location through the Services.Up to 24 months.
Audio / electronic / visualCall recordings, voicemail, call metadata, transcripts, SMS/MMS content, email content, and attachments transmitted through or stored on the Services.As configured by the controlling User; default retention is set by that User.
Professional or employment-relatedProducer licenses, NPN, carrier appointments, agency role.Life of the account.
InferencesLead scoring, propensity, suggested next-best action, fraud risk signals.Up to 24 months unless preserved for fraud-prevention purposes.
Sensitive personal informationAccount credentials (in combination with password), Social Security or government ID numbers, financial account numbers (where uploaded by a User as part of insurance intake), and any health, medical, racial, religious, biometric, or sexual-orientation information that a User chooses to upload or transmit through the Services.As configured by the controlling User; only used to provide the Services and as otherwise permitted by Cal. Civ. Code § 1798.121.

PolicyTek does not use or disclose Sensitive Personal Information for purposes other than those permitted by Cal. Civ. Code § 1798.121(a) and analogous laws (such as performing the services requested, preventing fraud, ensuring security, and short-term transient use).

2.2 Information You Provide

We collect information you provide directly, including name, business name, contact information, login credentials and authentication data, account roles and permissions, billing information, wallet balances, transaction history, payout metadata, tax identification (W-9 / W-8 / 1099 information), and communications with our support or onboarding teams.

2.3 User Content and Consumer Contact Data

We process User Content and third-party data uploaded, transmitted, stored, displayed, or routed through the Services, including consumer, prospect, lead, or policyholder information; call recordings, logs, metadata, voicemails, transcripts, and dispositions; SMS, MMS, and email content and metadata; forms, webhook payloads, API responses, notes, tags, workflow data, analytics, and AI-generated outputs.

2.4 Automatically Collected Information

We automatically collect IP addresses, device identifiers, browser and operating system information, timestamps, usage logs, error reports, cookie data, and similar telemetry used to operate, secure, troubleshoot, improve, and enforce the Services.

3. Sources of Personal Information

  • Directly from you when you register, transact, or contact support;
  • From your devices and browsers (cookies and telemetry);
  • From Users that upload, route, or transmit Consumer Contact data through the Services;
  • From integrated Third-Party Services that you authorize (e.g., dialers, AI providers, carriers, marketing platforms, identity-verification or consent-capture vendors such as TrustedForm and Jornaya, payment processors, accounting systems);
  • From service providers, fraud-prevention vendors, and publicly available sources; and
  • From governmental, regulatory, or law-enforcement sources where applicable.

4. How We Use Personal Information

We use personal information to:

  • provide, maintain, secure, authenticate, and improve the Services;
  • process transactions, calculate commissions, and disburse payouts;
  • operate the lead marketplace, including matching, routing, and delivery;
  • monitor abuse, prevent fraud, enforce our Terms, and protect platform integrity;
  • respond to inquiries, provide support, and communicate with you about your account;
  • comply with legal, regulatory, tax, and accounting obligations;
  • perform analytics, debugging, and product research;
  • generate de-identified or aggregated data; and
  • with separate notice and any required consent, send marketing communications (you can opt out at any time).

5. Automated Decision-Making, AI Features, and Profiling

PolicyTek may use automated systems, rules engines, algorithms, and AI tools to monitor account activity, transaction patterns, refund requests, dispute behavior, fraud indicators, abuse patterns, platform misuse, and system integrity, and to generate features such as transcription, summarization, suggested responses, and lead scoring.

These tools do not make medical or underwriting determinations. AI-generated outputs may be incomplete or inaccurate and are provided for User review. PolicyTek does not knowingly use the personal information of Consumer Contacts to train third-party generative AI models without instructions from the controlling User or applicable consent.

California residents have the right to opt out of certain forms of automated decision-making to the extent required by the California Consumer Privacy Act and any related regulations issued by the California Privacy Protection Agency (including the agency’s rules addressing automated decision-making technology). See Section 11.

6. How We Disclose Personal Information

We do not sell personal information for monetary consideration in the traditional sense. We do not share personal information for cross-context behavioral advertising as that term is defined in the CCPA.

We may disclose personal information to:

  • Service providers / processors acting under written contracts that restrict use to providing the Services, including cloud hosting, telephony, transcription, AI, analytics, payment processing, email and SMS delivery, customer support, fraud prevention, identity and consent verification, and engineering support;
  • Integrations enabled by Users (at the User’s direction);
  • Other Users within the marketplace, where required to facilitate the buyer-vendor relationship that the User initiated;
  • Professional advisors such as auditors, lawyers, and accountants;
  • Legal, regulatory, and law-enforcement authorities when required by law or appropriate to protect rights, safety, or property; and
  • Successors in connection with a merger, financing, acquisition, restructuring, or sale of assets.

PolicyTek is not responsible for the downstream handling of data once shared at a User’s direction or once data leaves PolicyTek-controlled systems.

7. Cookies and Tracking Technologies

We use cookies, pixels, SDKs, local storage, and similar technologies for authentication, preferences, analytics, attribution, security, and fraud prevention. Disabling these technologies may impair functionality. Where required by law, we present a cookie banner allowing you to manage non-essential categories.

8. Global Privacy Control and Opt-Out Preference Signals

We honor recognized opt-out preference signals, including the Global Privacy Control (GPC), on browsers and devices from which the signal can reasonably be detected. When we detect a valid GPC signal, we treat it as a request to opt out of any “sale” or “sharing” of personal information for cross-context behavioral advertising and to opt out of targeted advertising for that browser or device, to the extent required by California, Colorado, Connecticut, Delaware, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, and Texas law (and any additional jurisdictions whose laws require recognition of opt-out preference signals).

9. Retention

We retain information for as long as reasonably necessary to provide the Services, operate the platform, comply with law, collect amounts owed, resolve disputes, investigate abuse, preserve evidence, enforce agreements, and protect platform integrity. Retention periods for specific categories are summarized in the table in Section 2.1.

We may preserve account records, acceptance logs, communications, billing records, call metadata, recordings, transcripts, routing records, device and IP logs, support records, and investigative materials when we reasonably believe such preservation is useful or necessary in connection with disputes, chargebacks, fraud reviews, collections, litigation, arbitration, or regulatory inquiries.

Users are solely responsible for exporting, backing up, archiving, and deleting their own data where required for their operations or compliance obligations.

10. Security

We maintain commercially reasonable administrative, technical, and physical safeguards designed to protect personal information within our systems, including access controls, encryption in transit, vulnerability monitoring, and incident response. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. See Section 18 of the Terms of Use for security responsibilities allocated to Users.

If we become aware of a security incident affecting personal information in our control, we will notify affected Users without undue delay, consistent with applicable law. Users acting as “controllers” are responsible for notifying their own Consumer Contacts where required.

11. Your California Privacy Rights (CCPA / CPRA)

If you are a California resident, you have the following rights, subject to verification and statutory exceptions:

  • Right to know — request the categories and specific pieces of personal information we have collected about you, the sources, purposes, and categories of recipients;
  • Right to delete — request deletion of personal information we collected from you;
  • Right to correct — request correction of inaccurate personal information;
  • Right to opt out of sale/sharing — although we do not sell or share personal information for cross-context behavioral advertising;
  • Right to limit use of Sensitive Personal Information — request that we limit use of Sensitive Personal Information to purposes permitted under Cal. Civ. Code § 1798.121;
  • Right to data portability — receive a portable copy of certain personal information;
  • Right to opt out of certain automated decision-making — as required by CCPA regulations regarding automated decision-making technology; and
  • Right to non-discrimination — we will not discriminate against you for exercising these rights.

California residents may also exercise “Shine the Light” rights (Cal. Civ. Code § 1798.83) by contacting us as described below. You may designate an authorized agent to submit requests on your behalf; we will verify the agent’s authority. To exercise your rights, see Section 15.

12. Other U.S. State Privacy Rights

Depending on your state of residence, you may have additional rights under one or more of the following comprehensive privacy laws, each of which is in effect or scheduled to take effect by 2026: Virginia Consumer Data Protection Act (VCDPA); Colorado Privacy Act (CPA); Connecticut Data Privacy Act (CTDPA); Utah Consumer Privacy Act (UCPA); Texas Data Privacy and Security Act (TDPSA); Oregon Consumer Privacy Act (OCPA); Montana Consumer Data Privacy Act (MCDPA); Delaware Personal Data Privacy Act (DPDPA); Iowa Consumer Data Protection Act (ICDPA); Nebraska Data Privacy Act (NDPA); New Hampshire Privacy Act (NHPA); New Jersey Data Privacy Act (NJDPA); Tennessee Information Protection Act (TIPA); Minnesota Consumer Data Privacy Act (MCDPA); Maryland Online Data Privacy Act (MODPA); Indiana Consumer Data Protection Act; Kentucky Consumer Data Protection Act; Rhode Island Data Transparency and Privacy Protection Act; and the Florida Digital Bill of Rights for qualifying controllers.

These laws generally provide rights to:

  • access, correct, delete, and obtain a portable copy of personal data;
  • opt out of (i) sale of personal data, (ii) targeted advertising, and (iii) profiling that produces legal or similarly significant effects; and
  • limit processing of sensitive data, which under several of these laws requires opt-in consent.

Maryland’s MODPA additionally prohibits the sale of sensitive data and the sale of any data of a known minor under 18, and restricts targeted advertising to known minors.

Appeals. If we decline to act on your request, you may appeal that decision by replying to our response or by contacting privacy@policytek.com with “Privacy Appeal” in the subject line. We will respond to appeals within the time required by applicable law (generally 45 to 60 days). If the appeal is denied, your state’s laws may permit you to contact your state Attorney General.

13. GLBA and HIPAA

Many U.S. state privacy laws contain entity-level exemptions for financial institutions subject to the Gramm-Leach-Bliley Act and for covered entities and business associates subject to HIPAA. To the extent a User or its data is covered by GLBA or HIPAA, the User’s own notices and obligations govern, and PolicyTek processes that data as a service provider under the User’s direction. PolicyTek itself is not a HIPAA Covered Entity or Business Associate; the Services are not designed for and should not be used to upload, transmit, or store Protected Health Information.

14. Biometric, Voice, and Consumer Health Data

PolicyTek does not currently extract or use voiceprints, facial geometry, retinal patterns, or other biometric identifiers within the meaning of the Illinois Biometric Information Privacy Act (740 ILCS 14), the Texas Capture or Use of Biometric Identifier Act (Tex. Bus. & Com. Code § 503.001), or the Washington biometric statute (RCW 19.375). If we add features that involve biometric processing, we will provide separate notice and obtain any required consent.

If a User uploads or routes content that may include “consumer health data” under the Washington My Health My Data Act (RCW 19.373), Nevada SB 370, or the Connecticut Data Privacy Act’s health-data provisions, that User is the controller and is responsible for obtaining any required consent, posting any required separate consumer-health-data privacy notice, and honoring rights requests directly.

15. How to Exercise Your Rights

To submit a privacy request, please:

  • Email privacy@policytek.com with the subject line “Privacy Rights Request”; or
  • Write to PolicyTek, LLC, Attn: Privacy, at the address listed in Section 22.

We will verify your identity using information reasonably necessary to confirm your request. For requests relating to Consumer Contact data uploaded by a User, we will route your request to the appropriate User (the controller) and assist as required by law.

16. International Users; GDPR and UK GDPR

The Services are operated from and primarily intended for use in the United States. If you access the Services from outside the United States, you consent to the transfer, storage, and processing of information in the United States and other jurisdictions where PolicyTek or its service providers operate.

Where the EU General Data Protection Regulation, the UK GDPR, the Swiss Federal Act on Data Protection, or other non-U.S. data-protection laws apply, our lawful bases for processing typically include performance of a contract, our legitimate interests in operating and securing the Services, compliance with legal obligations, and, where required, consent. International transfers from the EEA, the UK, or Switzerland to the United States may be made pursuant to the EU Standard Contractual Clauses (Commission Implementing Decision (EU) 2021/914), the UK International Data Transfer Addendum, the Swiss Addendum, and/or the EU-U.S. Data Privacy Framework (and UK and Swiss extensions) where the recipient is certified. A data processing addendum is available on request.

17. Children’s Privacy

The Services are not directed to, and PolicyTek does not knowingly collect personal information directly from, individuals under the age of eighteen (18). If we learn that we have collected personal information from a child under 13 in violation of the Children’s Online Privacy Protection Act, we will delete it. Users that collect or process minors’ data through the Services are responsible for any required parental consent and for compliance with state minor-protection laws (including MODPA’s prohibitions on selling minors’ data and targeted advertising to known minors).

18. Sub-Processors and Data Processing Addendum

We engage sub-processors (including cloud-infrastructure, telephony, transcription/AI, analytics, payment, email/SMS delivery, customer-support, identity- and consent-verification, and fraud-prevention vendors) to provide and improve the Services. A current list of categories of sub-processors and, where applicable, a data processing addendum, are available on request at privacy@policytek.com.

19. Job Applicants

Information collected from job applicants is used to evaluate candidates, communicate about employment, and comply with law. We do not use applicant information for marketing.

20. Do Not Track

Our websites do not respond to legacy “Do Not Track” browser signals because no industry standard for response has been adopted. We do honor Global Privacy Control signals as described in Section 8.

21. Changes to This Policy

We may update this Policy from time to time. We will update the “Last updated” date at the top of this page. For material changes, we will provide reasonable advance notice by email or in-product notice where required by law.

22. Contact

PolicyTek, LLC
Privacy inquiries: privacy@policytek.com
General: contact@policytek.com