Privacy Policy

When you create an account and use our underwriting platform, we collect:

• Profile Information: Name, email address, company name, professional title, phone number
• Business Information: Company type, underwriting specialization, industry focus, team size
• Professional Credentials: Licensing information, certifications, years of experience
• Subscription Details: Plan type, billing information, usage preferences, feature access
• Communication Preferences: Notification settings, alert configurations, report delivery preferences
• Authentication Data: Login credentials, multi-factor authentication settings, API keys

For risk assessment and underwriting analysis, we process:

• Application Information: Loan applications, insurance applications, borrower/applicant details
• Financial Documents: Income statements, bank statements, tax returns, credit reports
• Property Information: Appraisals, property details, title information, inspection reports
• Business Data: Financial statements, business plans, cash flow projections
• Risk Factors: Credit history, employment verification, asset documentation
• Supporting Documentation: Identity verification, asset verification, income verification

Data Confidentiality: All financial and personal information is encrypted and processed in secure, isolated environments with strict access controls.

We automatically collect information about how you use our platform:

• Decision Activity: Underwriting decisions requested, analysis types used, decision outcomes
• Performance Metrics: Decision turnaround times, accuracy rates, user satisfaction scores
• Feature Usage: Risk assessment tools used, report types generated, compliance checks run
• System Information: Browser type, IP address, device information, session duration
• Integration Data: Connected loan origination systems, CRM platforms, compliance tools
• Workflow Patterns: Decision workflow usage, approval/denial patterns, escalation frequency

For subscription billing (processed securely by Stripe):

• Billing Details: Name, billing address, payment method information
• Subscription Data: Plan type, billing cycle, usage limits, feature access
• Transaction History: Payment confirmations, invoices, refunds, disputes
• Usage Tracking: Decision volume, API calls, storage usage for billing purposes

Payment Security: We do not store credit card numbers. All payment processing is handled securely by Stripe with industry-standard encryption.

We understand that financial documents and personal information are extremely sensitive. Here's how we handle them:

• Encrypted Processing: All financial data is encrypted both in transit and during analysis
• Isolated Environments: Each underwriting decision is processed in a completely isolated, secure environment
• Access Controls: Strict role-based access controls limit who can view financial information
• Audit Trails: Complete logs of all data access and processing activities
• Temporary Analysis: Data is analyzed in memory and automatically purged after decision completion
• Compliance Built-In: All processing adheres to financial services regulations (GLBA, FCRA, state regulations)

To protect sensitive financial information, we explicitly do NOT permanently store:

• Social Security Numbers or other government ID numbers
• Full bank account numbers or credit card information
• Detailed financial statements or tax returns
• Personal health information or medical records
• Proprietary business financial data or trade secrets
• Complete loan or insurance application files

Best Practice: Always ensure you have proper authorization before submitting any financial documents, even though we implement multiple layers of protection.

To improve our underwriting algorithms, we may learn from anonymized risk patterns:

• Pattern Extraction: We extract general risk indicators and decision patterns (without specific financial details)
• Complete Anonymization: All patterns are anonymized and cannot be traced back to specific applicants
• Aggregated Analysis: Patterns are aggregated across thousands of decisions to improve accuracy
• No Data Reproduction: These patterns cannot be used to reproduce original financial information
• Opt-Out Available: You can opt out of contributing to pattern learning in your privacy settings

For team accounts and collaborative underwriting:

• Team Permissions: Only authorized team members can access shared underwriting decisions
• Role-Based Access: Granular permissions control who can view what level of financial information
• Complete Audit Logs: Full tracking of who accessed what data and when
• Secure Collaboration: All team data sharing happens through encrypted, secure channels

Our AI systems analyze financial data and risk patterns to provide intelligent underwriting insights:

• Multi-Factor Risk Assessment: Analyzing 200+ risk factors across financial, behavioral, and market variables
• Document Verification: Automated validation of financial documents and identity verification
• Income and Asset Analysis: Comprehensive analysis of borrower/applicant financial capacity
• Credit Risk Modeling: Advanced algorithms for credit risk assessment and default prediction
• Compliance Checking: Automated regulatory compliance verification across jurisdictions
• Decision Rationale: Clear explanations for all underwriting decisions and risk ratings

Our AI systems continuously improve while protecting sensitive financial data:

• Federated Learning: Model improvements without centralizing sensitive financial data
• Differential Privacy: Mathematical guarantees that individual financial patterns cannot be identified
• Anonymized Training: AI models trained on completely de-identified datasets
• Privacy-Preserving Analytics: Decision patterns analyzed without exposing individual financial information
• Secure Computation: All AI processing in isolated, encrypted environments

We are committed to fair and ethical underwriting practices:

• Bias Prevention: Regular auditing to prevent discriminatory underwriting outcomes
• Fair Lending Compliance: Adherence to Fair Credit Reporting Act, Equal Credit Opportunity Act
• Transparent Decisions: Clear explanations for all underwriting decisions and risk factors
• Human Oversight: Expert underwriter review for complex decisions and edge cases
• Regulatory Alignment: Continuous alignment with CFPB, state, and federal lending regulations

We use your information to provide and improve our underwriting services:

• Risk Assessment: Analyze applications to determine risk levels and underwriting decisions
• Document Analysis: Verify and validate financial documents, income, and asset information
• Decision Engine: Generate underwriting decisions with detailed rationale and risk scoring
• Compliance Review: Ensure all decisions meet regulatory requirements and fair lending standards
• Performance Monitoring: Track decision accuracy and provide ongoing quality assurance

We use your data for essential account functions:

• Authentication & Security: Secure login and account access protection
• Billing & Subscriptions: Process payments and manage underwriting service subscriptions
• Customer Support: Provide technical assistance and resolve underwriting questions
• Communication: Send important updates, regulatory notifications, and service news
• Usage Analytics: Monitor platform performance and identify service improvements

We analyze usage patterns to enhance our underwriting platform:

• Decision Accuracy: Improve our 90% accuracy rate through continuous model refinement
• Speed Optimization: Maintain our 2-hour average turnaround through performance optimization
• Risk Model Enhancement: Refine our 200+ risk factor analysis for better outcomes
• Regulatory Compliance: Stay current with changing regulations and compliance requirements
• User Experience: Optimize the interface and workflow for underwriter productivity

Within your underwriting team, certain information is shared to enable collaboration:

• Underwriting Decisions: Risk assessments and decisions shared with authorized team members
• Team Activity: Collaboration history and shared decision workflows
• Role-Based Access: Information sharing controlled by team permissions and underwriter roles
• Audit Trails: Complete logs of who accessed what information and when

Control: You have full control over team permissions and can manage what information is shared with each team member.

We work with trusted partners to provide our underwriting services:

• Payment Processing: Stripe for secure billing and subscription management
• Cloud Infrastructure: AWS/Google Cloud for hosting and secure data processing
• Credit Data: Authorized credit bureaus for credit report data (with proper consent)
• Document Verification: Third-party verification services for identity and income validation
• Compliance Services: Regulatory technology providers for compliance monitoring

Protection: All service providers are bound by strict confidentiality agreements and GLBA compliance requirements. Financial data is never shared beyond what's necessary for service delivery.

We may disclose information when required by law:

• Regulatory Compliance: Respond to valid regulatory examinations and compliance requests
• Legal Process: Comply with subpoenas, court orders, or other legal processes
• Fraud Prevention: Investigate suspected fraudulent applications or activities
• Safety Protection: Protect the safety and rights of applicants and the public

Financial Data Protection: Any legal disclosure is limited to what's required by law. We will never voluntarily share sensitive financial information without proper authorization.

In the event of a merger, acquisition, or sale of Agents & Co., your information may be transferred as part of that transaction. We will notify you of any such change and ensure your data continues to be protected under this Privacy Policy or an equivalent policy that meets or exceeds these privacy protections.

We implement comprehensive security measures specifically designed to protect financial data and underwriting information:

• Bank-Level Encryption: AES-256 encryption for data at rest, TLS 1.3 for data in transit
• GLBA Compliance: Full compliance with Gramm-Leach-Bliley Act financial privacy requirements
• Isolated Processing: Each underwriting decision processed in completely isolated environments
• Multi-Factor Authentication: Required for all accounts with access to financial data
• Role-Based Access Controls: Granular permissions based on underwriter roles and responsibilities
• 24/7 Security Monitoring: Continuous monitoring with automated threat detection and response
• SOC 2 Type II Compliance: Independently audited security controls and processes

Special protections for sensitive financial information:

• In-Memory Processing: Financial data processed in memory without persistent storage
• Automatic Data Destruction: All sensitive data automatically deleted after decision completion
• Network Isolation: Financial processing environments isolated from external networks
• Complete Access Logging: Detailed audit trails of all financial data access
• Encrypted Backups: Decision metadata (not source documents) backed up with encryption
• Secure APIs: All API communications encrypted and authenticated

We retain your data only as long as necessary for legitimate business purposes:

• Financial Documents: Never stored permanently - deleted immediately after analysis
• Decision Results: Retained for 90 days to enable decision history and audit trails
• Account Metadata: Retained while your account is active
• Deleted Accounts: All data deleted within 30 days of account closure
• Regulatory Requirements: Some data retained longer for compliance (transaction records: 5-7 years)
• Anonymized Analytics: May be retained indefinitely for platform improvement

Our comprehensive incident response plan:

• Immediate Detection: Automated systems detect security anomalies within minutes
• Rapid Response: Security team responds to incidents within 15 minutes
• Incident Investigation: Full forensic analysis to determine scope and impact
• Regulatory Notification: Immediate notification to relevant financial regulators as required
• Customer Notification: Affected users notified within 72 hours as required by law
• Remediation: Immediate steps to secure systems and prevent future incidents

You have complete control over your account and underwriting data:

• Profile Management: Update your professional and business information anytime
• Privacy Settings: Control what information is visible to team members
• Decision Preferences: Choose which types of underwriting analysis to enable
• Data Export: Download your decision history and analysis results in portable formats
• Account Deletion: Permanently delete your account and all associated data
• Team Permissions: Manage who has access to your underwriting decisions and data

Special rights related to your financial data and underwriting decisions:

• Data Ownership: You retain complete ownership of all submitted financial information
• Decision Control: Choose which applications and documents to analyze
• Decision Management: Accept, reject, or modify AI-generated underwriting decisions
• Pattern Learning Opt-Out: Exclude your data patterns from AI training
• Integration Control: Manage which loan origination systems can access our platform

If you're in the EU, California, or other applicable jurisdictions, you have additional rights:

• Right to Access: Request a copy of all personal data we have about you
• Right to Correction: Request correction of inaccurate or incomplete data
• Right to Deletion: Request deletion of your personal data ("right to be forgotten")
• Right to Portability: Receive your data in a machine-readable format
• Right to Restriction: Limit how we process your data
• Right to Object: Object to processing based on legitimate interests
• Right to Withdraw Consent: Withdraw consent for data processing at any time

You can control all communications from us:

• Email Preferences: Choose which emails to receive (security, regulatory updates, product updates)
• Platform Notifications: Customize in-app alerts and notifications
• Decision Alerts: Control when and how you're notified of underwriting decisions
• Team Communications: Manage notifications from team collaboration features

To exercise any of these rights, contact us at privacy@corbu.dev or use the privacy controls in your account settings. We'll respond within 30 days and may need to verify your identity before processing certain requests.

For financial data-related requests (deletion, export), we can process them immediately since we don't store sensitive financial information permanently.

Agents & Co. operates globally with data centers in multiple regions to provide optimal performance and reliability for underwriting services. Your data may be processed in the United States and other countries where we operate.

For users outside the United States:

• Data Protection: We implement appropriate safeguards for international transfers
• EU Users: We comply with GDPR requirements for cross-border data transfers
• Adequacy Decisions: We transfer data only to countries with adequate protection
• Standard Contractual Clauses: Used for transfers to countries without adequacy decisions
• Data Minimization: We only transfer data necessary for providing underwriting services

We use cookies and similar technologies to enhance your underwriting experience:

• Essential Cookies: Required for platform functionality (login, security, session management)
• Preference Cookies: Remember your settings, theme, and underwriting preferences
• Analytics Cookies: Help us understand platform usage and decision patterns
• Security Cookies: Detect suspicious activity and protect against attacks

You can control cookies and tracking through:

• Browser Settings: Most browsers allow you to block or delete cookies
• Platform Settings: Adjust tracking preferences in your account settings
• Analytics Opt-Out: Disable analytics tracking while maintaining functionality
• Do Not Track: We respect browser Do Not Track signals

Note: Disabling essential cookies may limit platform functionality and underwriting tools.

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. When we make changes:

• Notification: We'll notify you via email or platform notification
• Effective Date: Changes take effect 30 days after notification
• Material Changes: Significant changes will be clearly highlighted
• Continued Use: Using the platform after changes constitutes acceptance

We recommend reviewing this Privacy Policy periodically. The "Last updated" date at the top indicates when the policy was last revised. You can also subscribe to privacy policy updates in your account settings.