Instly Technologies Inc. (“Instly”, “we”, “us”, or “our”) provides software, APIs, and services for the insurance industry (collectively, the “Services”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have. It applies to our website, dashboards, APIs, mobile experiences, and other Services that link to this Policy.

1. Information we collect

We collect the following categories of information:

Account data: name, business email, phone, job title, employer, and login credentials when you create an Instly account or are invited to one.
Customer-provided data: policyholder, quote, claim, document, and underwriting data that our customers (or their end-users) submit to the Services. We process this data on behalf of our customers as a processor.
Usage data: pages viewed, features used, referring URLs, device and browser type, operating system, IP address, and timestamps, collected via cookies and similar technologies.
Communications: messages you send us by email, forms, chat, or support tickets, including attachments.
Billing data: billing contact, tax IDs, and limited payment metadata. Card details are handled directly by our PCI-DSS compliant payment processors and are not stored on our servers.

2. How we use information

Provide, operate, secure, and improve the Services.
Authenticate users, prevent fraud, and enforce our Terms.
Provide customer support and respond to inquiries.
Send service, security, and transactional notifications. With your consent (where required), send product updates and marketing.
Comply with legal, regulatory, audit, and tax obligations applicable to insurance technology providers.
Generate aggregated, de-identified analytics that do not identify any individual.

3. Legal bases (EEA / UK)

Where the GDPR or UK GDPR applies, we rely on the following legal bases: performance of a contract (to provide the Services), legitimate interests (to secure, improve, and market our Services), consent (for optional cookies and marketing where required), and legal obligation (to comply with applicable laws).

4. Sharing of information

We share information only as described below:

Sub-processors: hosting, storage, analytics, email, error monitoring, and payment vendors that process data under written contracts and data processing agreements.
Customers and their authorized users: data is accessible to the Instly customer that controls the workspace.
Legal and safety: when required by law, court order, or to protect rights, property, or safety.
Business transfers: in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

We do not sell personal information.

5. International transfers

We may transfer personal data to countries other than where you reside. Where required, we use Standard Contractual Clauses, the UK IDTA / Addendum, or other lawful transfer mechanisms.

6. Data retention

We retain personal data for as long as needed to provide the Services, comply with legal obligations (including insurance record-keeping requirements), resolve disputes, and enforce our agreements. Customer-provided data is retained according to the customer’s configuration and contract; on termination, it is deleted or returned in accordance with our DPA.

7. Security

We implement administrative, technical, and physical safeguards appropriate to the risk, including encryption in transit (TLS), encryption at rest, role-based access controls, audit logging, least-privilege provisioning, and regular vulnerability assessments. No system is 100% secure; please notify us immediately if you suspect unauthorized access.

8. Your rights

Depending on your jurisdiction, you may have the right to access, correct, delete, port, restrict, or object to processing of your personal data, and to withdraw consent. To exercise these rights, contact info@instlytechnologies.com. If your data was provided by an Instly customer, we will refer your request to that customer.

9. Cookies

We use strictly necessary cookies to operate the Services, and optional analytics cookies to understand usage. You can control cookies through your browser settings. Disabling certain cookies may impact functionality.

10. Children

The Services are not directed to children under 16, and we do not knowingly collect personal data from them.

11. Changes to this Policy

We may update this Policy from time to time. Material changes will be communicated by posting the updated Policy with a new effective date and, where appropriate, by additional notice.

12. Contact us

Questions about this Policy or our data practices? Contact our Privacy Team at info@instlytechnologies.com.