Privacy Policy

1. Introduction & Scope

XactaClaim ("we", "our", or "us") respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the XactaClaim website and use our application (the "Service") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

If you do not agree with our policies and practices, your choice is not to use our Service.

2. The Role of XactaClaim (Data Processor)

For the majority of the data processed within our system—such as the personal, property, and financial information of your clients (the claimants)—you, the public adjusting firm or attorney, act as the Data Controller. XactaClaim acts strictly as a Data Processor.

You represent and warrant that you hold the legal right and have obtained explicit, informed consent from your clients to upload their sensitive data into a third-party cloud environment for AI processing and analysis. We are not liable for your failure to secure such consent.

3. Information We Collect

We collect several types of information from and about users of our Service, including:

• Account Information: Your name, email address, brokerage name, phone number, and billing details.
• Claim Data: Personal and property information, policy PDFs, estimates, photos, documents, client tasks and action items, adjusting logs, portal uploads, notification preferences, SMS/MMS consent status, email consent status, phone and email contact snapshots used for consent matching, portal PIN verification metadata, call and voicemail metadata, transcripts and summaries when voice is enabled, AI analysis outputs, and audit or timeline history events associated with claim workflows.
• Usage Data: Metadata concerning your usage of the application, action logs, IP addresses, browser types, and operating systems.

3A. Client Portal Users

Client portal users are PIN-based participants on a specific claim file. They are not necessarily registered Firebase or staff application users. When portal access is enabled, clients may view claim-related portal content, complete action items, upload documents, sign agreements when that workflow is enabled, and provide or update SMS/MMS and email notification preferences.

Portal authentication uses a claim-specific PIN and is re-verified with our servers. Portal sessions may use browser session storage for convenience as described in section 3E below.

3B. Telephony, SMS/MMS, Email, and Voicemail Data

If your workspace enables messaging and voice features, we may process phone numbers, SMS/MMS message content and metadata (sender/recipient numbers, timestamps, delivery status from carriers), STOP/HELP/START and similar opt-out or help keywords, phone call and IVR session metadata, voicemail recordings, voicemail transcripts, portal PIN and phone access code verification flows (for verification only—we do not send PINs in SMS portal-link messages), SMS/MMS and email notification preference selections, SMS/MMS consent status, email consent status, and contact snapshots used to evaluate consent and opt-out state, and document or photo uploads submitted through the client portal or inbound MMS.

These features are powered by third-party providers including Google Firebase and Google Cloud (hosting, authentication, and storage), Stripe (billing), Twilio (messaging and voice when configured), Resend (email when configured), and AI service providers such as Google Gemini when you use analysis features.

You are responsible for obtaining any required consent from clients/claimants for SMS/MMS messaging, phone calls, voicemail recording, and transcription in your jurisdiction. Message frequency varies. Message and data rates may apply.

If a recipient replies STOP or a similar opt-out keyword, we log the request and rely on Twilio/carrier opt-out processing. Users must not continue sending claim-related SMS to recipients who have opted out. Recipients may reply HELP for help or contact hello@xactaclaim.com. See also our SMS Consent & Messaging Disclosures.

Transcription may be delayed, incomplete, or inaccurate. Staff should review recordings and transcripts before taking action.

Inbound email replies from clients are not automatically captured in the timeline unless manually added or handled by a specific supported workflow. SMS/MMS and voicemail capture depend on workspace configuration, consent, opt-out state, and provider availability. Delivery and receipt may be affected by carriers, email providers, consent status, and configuration.

3C. Billing, Subscriptions, and Entitlements

We may process subscription, billing status, claim credit, booster, extra-seat, and usage-related account information to manage plan entitlements, workspace access, fair-use limits, customer support, fraud prevention, and billing operations. Payment card details are processed by Stripe and are not stored by XactaClaim.

3D. Cookies and Similar Technologies

We use essential cookies and local storage needed for sign-in, security, session management, and basic preferences. We do not currently use advertising cookies. For details, see our Cookie Policy.

3E. Children

XactaClaim is a business tool for adjusters and claim teams. It is not intended for use by children under 13, and we do not knowingly collect personal information directly from children.

3F. Browser and Session Storage

The Service uses browser storage technologies for different purposes:

• Staff authentication: Firebase Auth and related browser storage or cookies needed to keep staff users signed in.
• Client portal session restore: When a client successfully verifies a portal PIN, the browser may store minimal session data in sessionStorage for that claim, including the claim or portal identifier, PIN, and authentication timestamp. This data expires after approximately twelve (12) hours, is re-verified with our servers before portal claim data is shown, and does not store claim payloads, documents, tasks, notification preferences, or staff Firebase tokens.
• Registration and legal acknowledgement: Selected registration plan choice, pending legal acceptance, and related flow state may use session storage during sign-up.
• Preferences: Theme and cookie-notice acknowledgement may use local storage or similar browser storage.

See our Cookie Policy for more detail.

4. How We Use and Process Information

We use information that we collect about you or that you provide to us:

• To operate, maintain, and provide the features and functionality of the Service.
• To process and analyze documents, images, and communications (including voicemail transcripts) via our proprietary systems and trusted third-party AI models (for example, Google Gemini).
• To manage your account, process billing, and carry out our obligations arising from any contracts entered into between you and us.
• To analyze usage trends to improve the platform's stability and feature set.

5. Disclosure of Your Information

We do NOT sell your personal information or your clients' claim data. We may disclose aggregated information about our users without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy:

• To Sub-processors: We use trusted third parties to run the infrastructure (Google Cloud/Firebase), process payments (Stripe), handle telecommunications (Twilio), send email (Resend), and process AI tasks (Google Gemini and related Google AI services). These third parties are strictly bound by data processing agreements.
• For Legal Compliance: To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
• To Protect Rights: If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of XactaClaim, our customers, or others.

6. Security and AI Constraints

We have implemented rigorous, industry-standard measures designed to secure your personal information from accidental loss and from unauthorized access. For detailed information, please review our Security Policy.

However, we cannot guarantee that malicious third parties will not bypass those measures. We are not liable for breaches of infrastructure outside of our direct, negligent control.

7. Account Deletion and Data Retention

When you use Delete Account from Profile settings, we remove your Firebase Authentication login and your user profile document (users/{uid}). This removes your ability to sign in and your personal account record in our application database.

Delete Account does not automatically delete your agency/workspace, claims, documents, uploaded PDFs or other files, timelines, notes or tasks, client updates, SMS/MMS or voice communication records, AI analyses, demand letters, or other workspace data. That data may remain for teammates, operational continuity, or records retention unless a separate full workspace deletion request is completed.

Stripe and other payment providers may retain billing records (customers, subscriptions, invoices, charges, and related metadata) according to their own policies and legal obligations. We do not delete Stripe customers, invoices, charges, or provider-side billing history as part of Delete Account.

We may retain security, audit, legal, abuse-prevention, and operational logs where required by law or legitimate business need. Backups and disaster-recovery copies may persist for a limited period before being overwritten.

Export any records you need before deleting your account. If you are the workspace owner and need full deletion of agency data, contact hello@xactaclaim.com. We will verify ownership and scope before processing deletion requests.

8. Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' personal information, we will notify you by email to the email address specified in your account.