Privacy Policy
- Effective
- May 31, 2026
- Last revised
- May 31, 2026
- Version
- 2026.05.31
- Issued by
- RAgencyOS, ragencyos.com
We do not sell or share your data. We do not use it to train AI models for purposes outside your account. We do notrun analytics or marketing tracking. The only cookie we set is a session cookie so you stay signed in. We tell you who hosts what, when weâd notify you of a breach, and which categories of sensitive data we handle for you. The rest of this page is the long version.
1.Who we are
RAgencyOS is operated by an independent insurance agency owner and is the back-office software used by independent insurance agencies to manage agent rosters, reconcile carrier statements, and pay agents. âWe,â âus,â and âourâ refer to RAgencyOS. âYouâ refers to the agency owner, admin, or agent using the Service.
This Privacy Policy describes how we collect, use, share, and protect Personal Data (âPersonal Dataâ) when you interact with the Service. It pairs with our Terms of Service.
2.What information we collect
- Account information. Email address (used for magic-link sign in), your role inside an agency (owner, admin, or agent), and the agency name and slug you choose during onboarding.
- Agency operating data you upload. Reconciled carrier statement files (.xlsx), agent deal trackers, upline statements, and the per-agent payout figures parsed from those files. This includes FFM enrollment IDs, member counts, advance amounts, and carrier-of-record names. These files do not contain end-customer personally identifiable information beyond what is required for agent payroll reconciliation.
- Agent personal information. Names, work email addresses, phone numbers, dates of birth (if provided), state licensing numbers (NPN), uploaded W-9 forms, voided checks, photo IDs, and any documents your agents submit during onboarding.
- Pay rules and configuration. The per-policy rates, bonuses, tier structures, AOR aliases, and operator overrides you configure for your agency.
- Communications data. Messages you send through the in-app messaging feature, content of broadcasts you post to a connected team chat, and metadata about those messages (sender, timestamp, recipient set).
- Time-tracking data. Clock-in / clock-out events, lunch and break durations, and call-log entries agents submit through the Service.
- Connected services (optional). If you choose to connect Google Drive, we store an OAuth refresh token issued by Google so we can save copies of your uploads and exports to a Drive folder you control. If you choose to connect a Telegram bot, we store the bot token you provide. You can disconnect either at any time from your agency settings; revoking removes the stored token.
- Operational logs. Standard server logs (timestamp, IP address, request path, error codes) generated by our hosting providers. We do not run third-party tracking pixels or advertising trackers.
3.Sensitive personal information we handle
Some of the data you upload is more sensitive than the rest. We call this out explicitly so there is no ambiguity about what the Service stores and how it is handled.
- Social Security Numbers. SSNs appear inside W-9 PDFs that agents upload during onboarding. We do not extract, index, or store the SSN in our database, the PDF lives in a private Supabase Storage bucket gated by row-level security. Owners and admins of the agency access the document via short-lived signed URLs; the SSN itself never appears in plain text in our application database. Envelope encryption of stored PDFs is on our roadmap for agencies that need it.
- State insurance license numbers (NPN). Stored on the agent record. Visible to owners and admins of the agency the agent belongs to.
- Photo identification.If your agents upload a driverâs license or passport during onboarding, the image lives in the same private storage bucket as W-9 PDFs, with the same RLS gating and signed-URL access pattern.
- Bank or routing numbers. The Service does notcurrently collect agent bank account or routing numbers. Payroll deposit is handled outside the Service by your agencyâs chosen payroll processor (ADP, Gusto, Paychex, etc.).
- Health, medical, or insurance enrollment records of end customers.The Service is notdesigned to receive Protected Health Information (PHI) as defined under HIPAA. Your reconciliation files include FFM enrollment IDs and member counts, they should not include the end customerâs name, date of birth, diagnosis, or any other PHI. See Section 14 for HIPAA scope.
4.Our roles, controller and processor
For data you provide directly about yourself as an agency owner, admin, or agent, your email, your role, your account preferences, we act as a data controller. We decide why and how this information is processed.
For data your agency uploads about other people, your agentsâ personal information, the contents of carrier statements, deal trackers, time-tracking logs, and communications, we act as a data processor on your behalf. You are the controller; you decide what to upload, why, and who gets access. We process this data under your direction in order to provide the Service to you.
This distinction matters for compliance: if an agent or other data subject asks us about data we process on your behalf, we will direct them to you (the controller) and help you respond if needed. If an agent or data subject asks about data we control directly (such as their own login email), we will respond to them directly.
5.How we use it
- To run the Service you signed up for: parsing statements, calculating payouts, showing dashboards, delivering notifications, and routing messages.
- To send you transactional email, magic-link sign-in, agent invites, account notices, pay-period summaries, daily reminder digests, and security alerts. We do not send marketing email without your explicit opt-in.
- To investigate bugs, abuse, security incidents, or policy violations.
- To meet legal obligations if a valid government request is received.
- To analyze aggregated, anonymized usage patterns so we can improve the Service. Anonymized data cannot reasonably be linked back to any individual or agency.
We do not sell your data, we do not share your data for cross-context behavioral advertising, and we do not use it to train artificial intelligence models for purposes outside your account.
7.How Google user data is handled
When you connect Google Drive, we request only the minimum scopes needed to save files into a folder we create on your behalf: drive.file (create / read / write only the files this app creates) and basic profile/email so we know which Google account you authorized. We do not request access to read other files in your Drive. Data received from Google APIs is used only to provide the user-facing features described in this policy and is not shared with any third party for advertising or analytics. Use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
8.Subprocessors, where data lives
We use the following third-party subprocessors to operate the Service. Each operates under its own privacy and security terms.
- Supabase (US region), primary application database, file storage for uploaded statements and W-9 PDFs, and magic-link authentication.
- Vercel (US region), application hosting and edge serving.
- Cloudflare, DNS and content delivery network.
- Resend, outbound transactional email delivery.
- Google (optional, only when you connect Drive), file backups to a folder you control.
- Telegram (optional, only when you configure a team chat bot), bot-routed messages between the Service and your team chat.
We keep this list updated. If it changes materially, we will notify account owners by email at least fifteen (15) days before the change takes effect, when reasonable.
9.International data transfers
The Service is hosted in the United States. If you access the Service from outside the United States, you understand that your information will be transferred to, stored, and processed in the United States, where data-protection law may differ from the law of your jurisdiction.
We do not currently offer the Service to customers based in the European Economic Area, the United Kingdom, or Switzerland. If we begin offering it to those regions, we will implement appropriate transfer mechanisms (such as the European Commissionâs Standard Contractual Clauses) and update this Policy accordingly.
10.How long we keep it
We keep your data while your agencyâs account is active. If you delete your agency, we permanently remove uploaded files and parsed records within 30 days, except where retention is required by law (for example, tax or audit obligations on your payouts) or to defend a legal claim. You may request earlier deletion by emailing us.
Backups are retained on the rolling schedule maintained by our storage subprocessor (Supabase). Data in backups is overwritten in the normal course of operations within 30 days of the deletion request.
11.Your rights
You may at any time:
- Access or export your data, the dashboard provides a one-click .xlsx export of every pay period and an audit-log report (Premium).
- Correct inaccurate information by re-uploading a corrected statement, editing pay rules, or updating your profile.
- Delete your agency, which removes all associated data on the schedule above.
- Disconnect Google Drive or a connected Telegram bot, which deletes the stored OAuth token or bot token immediately.
- Contact us to make a request under GDPR, CCPA, or any other applicable law (see Section 12).
12.State privacy rights (California, Virginia, Colorado, Connecticut)
Residents of certain U.S. states have additional privacy rights under state law, including the California Consumer Privacy Act (CCPA, as amended by the California Privacy Rights Act), the Virginia Consumer Data Protection Act (VCDPA), the Colorado Privacy Act (CPA), and the Connecticut Data Privacy Act (CTDPA). These rights include:
- Right to know what Personal Data we have collected about you and how we use it.
- Right to access and receive a copy of that data.
- Right to correct inaccurate Personal Data.
- Right to delete your Personal Data, subject to legal exceptions.
- Right to opt out of the sale or sharing of Personal Data for cross-context behavioral advertising, though we do not sell or share Personal Data in the first place.
- Right to limit the use of sensitive personal information to what is necessary for the Service.
- Right to non-discrimination for exercising any of the above.
We do not sell Personal Data, and we do not âshareâ it for cross-context behavioral advertising as those terms are defined under California law. We do not use Personal Data for targeted advertising. We do not engage in profiling that produces legal or similarly significant effects.
To exercise any of these rights, email support@ragencyos.com from the address on your account. We will respond within 45 days. We will not charge you a fee or treat you differently for making a request. If we cannot verify your identity from your email address alone, we may ask one additional question to confirm you are the account holder.
13.Security and breach notification
Data is encrypted in transit (TLS 1.2 or higher) and at rest (Supabase-managed encryption). Access is gated by row-level security policies tied to your agency, so members of one agency cannot read another agencyâs data. We do not store passwords, sign in uses a one-time link sent to your email.
Uploaded W-9 PDFs and photo IDs live in a private Supabase Storage bucket. Owners and admins access these documents through short-lived signed URLs that we generate on demand. The bucket is not publicly readable.
Breach notification. If we become aware of a confirmed security incident that compromises the confidentiality, integrity, or availability of your Customer Data, we will notify affected account owners by email within 72 hours of confirming the incident. The notice will describe what happened, what data was affected, what we are doing about it, and what (if anything) you should do.
If you suspect a security issue, email support@ragencyos.com right away.
14.Healthcare data and HIPAA scope
The Service is designed for insurance-agency back-office workflows. It is not a HIPAA-covered service. We do not sign HIPAA Business Associate Agreements (BAAs) and we are not equipped to process Protected Health Information (PHI) as defined under HIPAA.
Carrier reconciliation data (FFM enrollment IDs, member counts, advance amounts, carrier-of-record names) is commercial commission-tracking data, not PHI. Please do not upload, paste, or otherwise transmit end-customer health records, diagnoses, treatment information, or other PHI to the Service. If you inadvertently include PHI in a file you upload, contact us at support@ragencyos.com and we will work with you to remediate.
15.Children
RAgencyOS is a business tool and is not intended for anyone under 18. We do not knowingly collect Personal Data from minors. If we learn that we have collected Personal Data from a child, we will delete it.
16.Changes to this policy
We may update this policy as the Service evolves. Material changes will be announced by email to account owners at least 15 days before they take effect, when reasonable. The âlast revisedâ date and version number at the top of this document will always reflect the most recent revision.
17.Contact
Questions, data-subject requests, security reports:
This document is provided in good faith and reflects RAgencyOSâs current practices as of the effective date shown above. It does not constitute legal advice. For questions, please contact support@ragencyos.com.
â RAgencyOS