ReadyToUnderwrite is built for insurance agencies that handle sensitive business data every day. We treat your data with the same care you treat your clients’ information. This policy explains exactly what we collect, why, and how we protect it.
1. Who We Are
ReadyToUnderwrite (“we,” “us,” or “our”) is operated by NorthArc Labs, Inc. We provide an AI-powered pre-underwriting intelligence platform for commercial insurance agencies. Our platform helps agencies evaluate prospects, score quote readiness, match carriers, and prepare submission packages.
2. Information We Collect
Account Information
When your agency creates an account, we collect:
- Agency name, legal entity name, and business address
- User names, work email addresses, and job roles
- Billing information (processed and stored securely by Stripe — we do not store full card numbers)
Prospect Data You Enter
When you use ReadyToUnderwrite to evaluate prospects, you may enter:
- Business names, addresses, NAICS codes, and entity types
- Financial information (revenue, payroll, employee counts)
- Coverage requirements and current carrier information
- Business contacts and FEIN (Federal Employer Identification Number)
- Documents you upload (loss runs, ACORD forms, financial statements)
Your prospect data belongs to your agency. We do not sell, share, or use your prospect data to benefit other agencies. Ever.
Data from Third-Party Sources
With your initiation, we may retrieve publicly available business information from sources including:
- Business websites (for AI-powered risk profiling)
- SAM.gov (federal entity verification and exclusion checks)
- Secretary of State records (business entity verification)
- OSHA violation databases (workplace safety records)
- Court records (litigation history via CourtListener)
Usage Data
We collect standard usage data to improve our service:
- Login timestamps, session duration, and feature usage patterns
- Analysis counts (for subscription management)
- Error logs and performance metrics (with PII automatically scrubbed)
- IP addresses and device information (for security and session management)
3. How We Use Your Information
We use your information to:
- Provide the ReadyToUnderwrite platform services — scoring, matching, analysis
- Process your subscription billing through Stripe
- Send transactional emails (account invitations, password resets, usage alerts)
- Maintain security (audit logs, session management, fraud prevention)
- Improve our scoring algorithms and platform performance
- Generate anonymized, aggregated platform analytics (only if you opt in to Peer Intelligence)
4. How We Protect Your Information
- Encryption in transit: All data transmitted via TLS 1.3
- Encryption at rest: Sensitive fields (including FEIN) are encrypted at the application level using AES-256
- Tenant isolation: PostgreSQL Row-Level Security ensures your agency’s data is completely isolated from every other agency at the database level
- Access controls: Role-based permissions (Admin, Manager, Producer Lead, Producer) limit access within your agency
- Audit logging: Every data access and modification is logged with timestamps, user identity, and IP address
- PII scrubbing: Error monitoring and logging systems automatically strip personally identifiable information before external transmission
5. Data Sharing
We do not sell your data. We share data only in these limited circumstances:
- Service providers: Stripe (billing), Resend (email delivery), Supabase (database hosting), Sentry (error monitoring with PII scrubbed), Axiom (log analytics with PII scrubbed)
- At your direction: When you send submissions to carriers, export data, or share portal links with prospects
- Legal requirements: When required by law, subpoena, or court order
- Aggregated insights: Only if you opt in to our Peer Intelligence feature, and only in anonymized, aggregated form that cannot identify your agency or any individual prospect
6. Data Retention
We retain your data for as long as your agency maintains an active account. When you close your account:
- You can export all your data before departure (full ZIP export with SHA-256 integrity verification)
- After export confirmation, data is scheduled for deletion per your instructions
- Audit logs may be retained for up to 7 years for compliance purposes
- Anonymized, aggregated analytics data may be retained indefinitely
7. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access: Request a copy of all data we hold about your agency
- Portability: Export your data in standard formats (JSON, CSV) at any time — no request needed, it’s built into the platform
- Correction: Update or correct any inaccurate data
- Deletion: Request deletion of your data, subject to legal retention requirements
- Restriction: Request that we limit how we process your data
We support GDPR Article 20 (data portability), CCPA §1798.100 (right to know and delete), and applicable state insurance data privacy regulations.
8. Cookies & Tracking
We use essential cookies only — session management and authentication tokens. We do not use advertising cookies, third-party tracking pixels, or analytics cookies that track you across other websites.
9. Children’s Privacy
ReadyToUnderwrite is a business-to-business platform for licensed insurance professionals. We do not knowingly collect information from anyone under 18.
10. Changes to This Policy
We may update this policy periodically. If we make material changes, we will notify active account holders by email at least 30 days before the changes take effect. Continued use after the effective date constitutes acceptance.
11. Contact
For privacy-related questions or to exercise your data rights: