RiskCube Website Privacy Policy

This Privacy Policy explains how RiskCube, Inc. and RiskCube Insurance Services, LLC (together, "RiskCube," "we," "us," or "our") collect, use, disclose, and protect personal information when you visit our website, request a quote, apply for insurance, or use our online platform and dashboard (collectively, the "Services").

Important entity disclosure

RiskCube Insurance Services, LLC is the licensed insurance producer/broker that helps customers obtain and manage insurance coverage. RiskCube, Inc. provides the software platform and operational support for the Services. Depending on the context, one or both entities may act as the business/controller of personal information processed under this Privacy Policy.

Insurance-related notices

If you request a quote, apply for insurance, or obtain coverage through RiskCube, additional privacy notices required by insurance and financial-services laws may apply to certain information we collect in connection with insurance placement and servicing (an "Insurance Privacy Notice"). Where applicable, those notices supplement this Privacy Policy and may describe additional rights or opt-out options for certain insurance-related information.

This Privacy Policy does not apply to third-party websites, apps, or services that link to the Services.

Business Accounts; Authorized Users; Customer Data

Business accounts and authorized users

If you use the Services as an employee, contractor, or other authorized user of a RiskCube business customer (for example, your employer or another organization that manages an account), that business customer may be able to access and manage information associated with your use of the Services (such as account information and usage/activity related to the business account). The business customer's privacy practices may govern how it processes such information.

Customer Data processed on behalf of business customers

In some cases, we process personal information on behalf of a business customer pursuant to our agreement with that customer ("Customer Data"). In those cases, the business customer's privacy notice governs its collection and use of Customer Data, and our processing of Customer Data is governed by our contract with the business customer. Requests relating to Customer Data should be directed to the business customer.

1. Information We Collect

We collect personal information in three main ways: (A) information you provide, (B) information collected automatically, and (C) information from third parties.

A. Information You Provide to Us

Depending on how you use the Services, you may provide:

• Contact and account information: Name, email address, phone number, login credentials and authentication information (e.g., password, multi-factor authentication method)
• Business and insurance application information: Company name, role/title, business address, website/domain, business characteristics relevant to insurance (e.g., industry, headcount, revenue ranges, operations, vendors), insurance-related information (e.g., coverage needs, prior coverage details, claims/loss history, and other risk details you submit in questionnaires)
• Documents you submit: Materials you upload or provide (e.g., questionnaires, policy documents, loss runs, security documents, financial or operational summaries) where relevant to quoting or servicing
• Payment and billing information (if applicable): Billing contact details and transaction metadata. Note: Payments are processed by third-party payment processors. We generally do not store full payment card numbers.
• Communications: Information you provide via email, chat, phone, forms, webinars/events, or support requests
• Sensitive personal information (limited): We may collect limited sensitive information only when necessary for account security, fraud prevention, compliance, or insurance transactions (for example, login credentials, and in some cases government identifiers if required for a specific insurance workflow). If collected, we use it only for permitted purposes described in this Privacy Policy and Annex A.

B. Information Collected Automatically

When you visit or use the Services, we may automatically collect:

• Device and network information: IP address, device type, operating system, browser type, language settings
• Usage information: pages visited, time spent, links clicked, navigation patterns, form interactions
• Approximate location: inferred from IP address
• Cookies and similar technologies: identifiers and signals collected through cookies, pixels, SDKs, and similar tools (see Section 6)

C. Information from Third Parties

We may receive information from third parties in connection with providing the Services, such as:

• Insurance carriers/underwriters and market participants: underwriting questions, quotes, bind/issue status, policy details
• Service providers: analytics, security/fraud prevention, customer communications tools
• Public or business sources: basic business verification information (e.g., entity registration details) where relevant to quoting/servicing

We do not intentionally collect information from social media profiles for underwriting unless you directly provide it or it is included in business documentation you submit.

2. How We Use Personal Information

We use personal information for the following business purposes:

A. Provide and Operate the Services

• Create and manage accounts and dashboards
• Provide quotes and facilitate insurance placement (including submitting applications on your behalf)
• Provide policy servicing, renewals, and customer support
• Send transactional communications (e.g., account, policy, billing, and security notices)

B. Improve, Secure, and Maintain the Services

• Operate, debug, and improve site functionality and user experience
• Monitor performance and analyze usage trends
• Protect against fraud, abuse, and security incidents
• Maintain system integrity, logging, and auditing

C. Communications and Marketing

• Send newsletters or product updates where permitted by law
• Respond to inquiries and provide support
• You can opt out of marketing emails by using the unsubscribe link (transactional messages may still be sent)

D. Compliance, Legal, and Safety

• Comply with applicable laws, regulations, and industry obligations
• Enforce agreements and protect rights, property, and safety
• Respond to lawful requests and legal process

E. AI-Assisted Features

RiskCube may use AI-assisted tools to help summarize inputs, surface recommendations, and improve the Services (for example, extracting relevant fields from documents you submit and highlighting potential coverage gaps). We implement reasonable safeguards designed to protect personal information processed in these workflows.

No solely automated significant decisions (website context). We do not intend for our processing to result in decisions based solely on automated processing that produce legal or similarly significant effects on individuals, except where necessary to provide the Services, with your direction/consent, or as permitted by law. Insurance underwriting and pricing decisions are ultimately made by insurance carriers/underwriters.

AI training. We do not use personal information you provide in connection with insurance applications or your dashboard to train publicly available or general-purpose AI models. We may use de-identified or aggregated data, where permitted, to improve the Services and internal tooling.

3. How We Disclose Personal Information

We disclose personal information in the following circumstances:

A. Service Providers

We share information with vendors that help us operate and deliver the Services (e.g., hosting, customer support tools, analytics, security, communications, document management, payment processors). Service providers are contractually restricted from using personal information for purposes other than providing services to us.

B. Insurance Market Participants

If you request a quote or coverage, we disclose information to relevant insurance carriers, underwriters, wholesalers, and other market participants as needed to obtain quotes, bind coverage, and service policies. Those parties' use of information is governed by their own privacy practices and applicable law.

C. Affiliates

We may share information between RiskCube, Inc. and RiskCube Insurance Services, LLC for internal business purposes such as providing and improving the Services, security, and customer support.

D. Business Transfers

If we are involved in a merger, acquisition, reorganization, bankruptcy, or sale of assets, personal information may be disclosed or transferred as part of that transaction, subject to appropriate protections.

E. Legal and Safety

We may disclose information if we believe in good faith it is necessary to comply with law, respond to lawful requests, protect rights/safety, investigate fraud, or enforce our agreements.

F. We do not sell personal information for money

We do not sell personal information for monetary consideration.

"Sale"/"Share" for targeted advertising (state law definitions). Depending on how cookies and advertising technologies are configured, certain disclosures (e.g., to advertising partners) may be considered a "sale" or "sharing" under some U.S. state privacy laws. You can opt out of such disclosures as described in Section 6 and Annex A.

4. Your Privacy Choices and Rights

A. Account Information

You may update certain account information through your dashboard. You may also contact us to request corrections.

B. Marketing Preferences

• Email: Use the unsubscribe link in marketing emails.
• Transactional messages: You may continue to receive necessary service communications.

C. State Privacy Rights (U.S.)

Depending on your state of residence, you may have rights to:

• access/confirm processing
• delete
• correct
• obtain a copy/portability
• opt out of targeted advertising
• opt out of "sale"/"sharing" (as defined)
• opt out of certain profiling in furtherance of decisions with legal/similarly significant effects (where applicable)

How to exercise rights. Submit a request using: E-mail privacy@riskcube.com with the subject line "Privacy Request."

Verification. We will take reasonable steps to verify your identity before fulfilling requests (e.g., confirming control of the email address on file and/or requesting additional information appropriate to the sensitivity of the request).

Authorized agents. Where permitted, you may use an authorized agent to submit a request on your behalf; we may require proof of authorization.

Appeals. Where required by law, you may appeal a denial by replying to our response and stating you wish to appeal.

Non-discrimination. We will not discriminate against you for exercising privacy rights.

5. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, maintain business records, comply with legal obligations, resolve disputes, enforce agreements, and for security and fraud prevention. Retention periods may vary depending on the nature of the information and the purpose for which it is processed. Insurance-related records may be subject to longer retention requirements under applicable law.

6. Cookies, Tracking Technologies, and Global Privacy Control

We and our service providers may use cookies, pixels, SDKs, and similar technologies to operate the Services and understand usage.

A. Categories of Cookies/Technologies

• Strictly Necessary: required for core site functionality, security, and login
• Analytics/Performance: help us understand usage and improve the Services
• Functional: remember preferences and settings
• Advertising/Targeted Advertising (if enabled): used to measure ad performance and deliver more relevant ads

B. Global Privacy Control (GPC)

Some browsers provide a Global Privacy Control (GPC) signal. Where required by applicable law, we treat a valid GPC signal as a request to opt out of "sale"/"sharing" and targeted advertising for the browser/device that sends the signal. In practice, this means we will disable Advertising/Targeted Advertising cookies and similar technologies for that browser/device, while keeping Strictly Necessary cookies enabled so the site can function.

You can confirm or adjust your settings at any time using Do Not Sell or Share My Personal Information .

C. Do Not Track

Because "Do Not Track" signals are not standardized, we do not respond to all DNT signals. We do, however, honor GPC where required as described above.

7. Security

We maintain reasonable administrative, technical, and physical safeguards designed to protect personal information. No method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

8. International Users

The Services are operated from the United States. If you access the Services from outside the U.S., your information may be transferred to and processed in the United States and other locations where our service providers operate.

9. Children's Privacy

The Services are not directed to children under 18. We do not knowingly collect personal information from children under 13. If you believe a child has provided personal information to us, please contact us and we will take appropriate steps.

10. Third-Party Links

The Services may contain links to third-party sites and services. We are not responsible for their privacy practices. Please review third-party privacy policies before providing information.

11. Contact Us

If you have questions, concerns, or requests related to this Privacy Policy, contact:

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will post an updated version on our website and may provide additional notice as required by law. Your continued use of the Services after the update becomes effective means you accept the updated Privacy Policy.

Annex A – Supplemental U.S. Privacy Notice (Notice at Collection)

This Annex applies to personal information collected from U.S. residents in states with comprehensive privacy laws.

A1. Categories of Personal Information Collected

Depending on how you use the Services, we may collect:

• Identifiers: name, email, phone number, IP address, online identifiers
• Commercial information: insurance quote/application information and policy-related information you submit or receive through the dashboard
• Professional/business information: company name, role, business contact details, business attributes relevant to insurance
• Internet/network activity: pages visited, interactions, cookie identifiers, device/browser data
• Geolocation (approximate): derived from IP address
• Sensitive personal information (limited, if applicable): login credentials; and in limited cases government identifiers if necessary for a specific insurance workflow

A2. Purposes of Collection and Use

We use personal information for:

• providing and operating the Services (quotes, placement, servicing, account access)
• security, fraud prevention, and debugging
• analytics and improvement
• communications and marketing (where permitted)
• legal compliance and enforcement

A3. Disclosures for Business Purposes; "Sale" / "Sharing"

We may disclose personal information to:

• Service providers (hosting, communications, analytics, security, payments, support)
• Insurance carriers/underwriters and market participants to provide quotes and coverage
• Affiliates (RiskCube entities) for internal business purposes
• Legal/safety recipients as required/permitted by law

We do not sell personal information for money.

If we use advertising cookies or pixels, some disclosures to advertising partners may be considered "selling" or "sharing" under certain state laws.

A4. Retention

We determine retention based on legal requirements, the nature and sensitivity of the data, the purposes of processing, and operational needs such as security and dispute resolution. Insurance-related records may require longer retention.

A5. Sensitive Personal Information

We use sensitive personal information only as reasonably necessary for:

• providing the Services requested
• account security, authentication, and fraud prevention
• ensuring system integrity
• legal compliance

We do not use sensitive personal information to infer characteristics about individuals.