ClaimTroveClaimTrove

Privacy Policy

Last updated: February 15, 2026

1. Introduction

Claim Trove ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, and safeguard information when you use the Claim Trove DBA Carrier Search Engine (the "Service"). This policy is designed to comply with applicable privacy regulations, including the California Consumer Privacy Act (CCPA), California SB 37, and HIPAA privacy standards where applicable.

2. HIPAA & PII Compliance by Design

This tool is designed to be HIPAA and PII-compliant from the ground up.

The Service operates on a "Contract-Centric" model: it identifies insurance coverage associated with contracts and employers, which is public/business data, rather than personal data about individual claimants.

  • No PII Collected: Users are prohibited from inputting Personal Identifying Information such as Social Security Numbers, full birth dates, home addresses, phone numbers, or specific medical records.
  • Non-Identifiable Inputs Only: The Service accepts only Location (country, base/installation), Date (fiscal year or month/year), and Employer Name.
  • No Protected Health Information (PHI): The Service does not collect, store, or process any health-related data about individuals.

For more information, see the HHS HIPAA Privacy Rule.

3. Information We Collect

a. Account Information

When you create an account, we collect your email address and authentication credentials. If you sign in with Google OAuth, we receive your name and email from Google. We do not store your Google password.

b. Search Queries

We log the non-identifiable search parameters you submit (employer name, location, date, sector) for the purpose of providing search history, improving accuracy, and system monitoring. These queries contain no PII by design.

c. Usage Data

We automatically collect standard technical data including IP address, browser type, device type, and pages visited. This data is used solely for security, performance monitoring, and service improvement.

d. Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers, bank account details, or other sensitive financial data on our servers. See Stripe's Privacy Policy for details.

4. How We Use Your Information

  • To provide and operate the DBA carrier identification Service
  • To maintain your search history and saved investigations
  • To improve the accuracy and reliability of carrier identification results
  • To process your subscription and payments
  • To communicate with you about your account or the Service
  • To detect and prevent fraud, abuse, or unauthorized access
  • To comply with legal obligations

5. Data Storage & Security

Your data is stored on Supabase, a SOC 2 Type II compliant platform with:

  • Encryption at rest: All data is encrypted using AES-256
  • Encryption in transit: All communications use TLS 1.2+
  • Row-level security: Database policies ensure users can only access their own data
  • Authentication: Industry-standard PKCE OAuth flow with JWT tokens

6. Data Sharing & Third Parties

We do not sell, rent, or share your personal information with third parties for marketing purposes.

We may share limited data with the following service providers who assist in operating the Service:

  • Supabase: Database hosting and authentication
  • OpenAI: AI-powered search processing (receives only non-identifiable query parameters)
  • Stripe: Payment processing
  • Vercel: Application hosting

We may also disclose information if required by law, court order, or governmental regulation.

7. Your Rights

Depending on your jurisdiction, you may have the following rights:

  • Right to Access: Request a copy of the data we hold about you.
  • Right to Deletion: Request deletion of your account and associated search history. We will comply within 30 days.
  • Right to Correction: Request correction of inaccurate account information.
  • Right to Data Portability: Request your data in a machine-readable format.
  • Right to Opt Out: You may opt out of non-essential data processing by contacting us.

California residents: Under the CCPA, you have additional rights including the right to know what personal information is collected and the right to non-discrimination for exercising your privacy rights.

8. Cookies & Local Storage

The Service uses essential cookies and local storage for authentication session management and user preferences (such as consent acknowledgment). We do not use tracking cookies, advertising cookies, or third-party analytics that track individual users across websites.

9. Data Retention

We retain your account data and search history for as long as your account is active. If you request account deletion, we will remove your data within 30 days. Anonymized, aggregated usage statistics may be retained indefinitely for service improvement.

10. Children's Privacy

The Service is intended for legal professionals and is not directed at individuals under 18 years of age. We do not knowingly collect information from minors.

11. Changes to This Policy

We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last updated" date. Your continued use of the Service after changes constitutes acceptance of the revised policy.

12. Contact Us

For privacy-related questions, data access requests, or to exercise any of your rights, please contact us at privacy@claimtrove.com.

Copyright © 2026 Claim Trove LLC. All Rights Reserved.