RiskRunway

Privacy Policy

Effective Date: May 19, 2025

RiskRunway ("we," "our," or "us") is a commercial insurance workflow platform built for insurance agencies. This Privacy Policy explains how we handle information when you use our application at app.risk-runway.com.

We take your privacy seriously. Our core principle is simple: we process your data to do the job, then it's gone. We do not sell, share, or store your clients' information beyond what is necessary to operate the service.

1. Information We Collect

Account Information

When you create an account, we collect:

  • Your name and email address
  • Authentication credentials via Microsoft or Google OAuth (we never see your password)
  • Your agency name

Email Data (Outlook and Gmail)

With your explicit permission, RiskRunway connects to your Outlook or Gmail inbox to check for quote emails and broker correspondence related to your active submissions. Specifically:

  • We read emails from brokers you have configured in the application
  • We display those emails to you for review
  • We do not store email content in our database — emails are processed in memory and discarded
  • We never access emails unrelated to your insurance submissions
  • You can revoke access at any time from your Microsoft or Google account settings

Insurance Submission Data

To operate the pipeline workflow, we store the following in our secure database:

  • Insured names and coverage details you enter into the application
  • Quote data extracted from PDF documents you upload
  • Policy status and workflow stage information
  • Broker contact information you configure

2. How We Use Your Information

We use information solely to provide and improve the RiskRunway service:

  • To operate the submission-to-bind workflow pipeline
  • To extract and normalize quote data from uploaded PDFs using AI
  • To check your inbox for relevant broker emails on your behalf
  • To send submission emails to brokers you have configured
  • To provide AMS data entry assistance via the local desktop agent
  • To authenticate you securely via Microsoft or Google

We do not use your data for advertising, analytics resale, or any purpose unrelated to the service you signed up for.

3. AI Processing

RiskRunway uses artificial intelligence to extract and normalize data from quote PDFs. This processing is performed using Amazon Bedrock (Claude by Anthropic), hosted within our AWS infrastructure in the United States.

Document content submitted for AI processing is used only for the purpose of extraction and is not used to train AI models. AWS and Anthropic's data processing terms apply to this processing.

4. How We Store and Protect Your Data

  • All data is stored on Amazon Web Services (AWS) infrastructure in the United States
  • All data in transit is encrypted using TLS/HTTPS
  • Database credentials and API keys are stored in AWS Secrets Manager, never in application code
  • Uploaded documents are stored in Amazon S3 with restricted access controls
  • We do not store email content — it is processed in memory only

5. Data Sharing

We do not sell your data. We do not share your data with third parties for marketing. We share data only in the following limited circumstances:

  • Amazon Web Services — infrastructure hosting (AWS data processing terms apply)
  • Anthropic / AWS Bedrock — AI quote extraction only
  • SendGrid — transactional email delivery (submission emails to brokers)
  • Microsoft / Google — OAuth authentication only
  • Law enforcement — only if required by law or valid legal process

6. Your Rights and Choices

You have the right to:

  • Access the data we hold about you — contact us at the email below
  • Request deletion of your account and associated data
  • Revoke Microsoft or Google OAuth access at any time via your Microsoft or Google account settings
  • Export your submission data upon request

To make any of these requests, contact us at: privacy@risk-runway.com

7. The Local Desktop Agent

The optional RiskRunway desktop agent (local_agent.py) runs on your local machine and assists with entering bound policy data into your agency management system (AMS). This agent takes screenshots of your screen solely to identify the AMS window and field locations. Screenshots are processed locally and transmitted to our AI service only for the purpose of completing the data entry task. Screenshots are not stored after the task is complete.

8. Data Retention

Submission and policy data is retained for as long as your account is active. Email content is never stored. Upon account cancellation, your data will be deleted within 30 days upon request. Backups may retain data for up to 90 days after deletion.

9. Children's Privacy

RiskRunway is a business-to-business application intended for use by licensed insurance professionals. We do not knowingly collect information from anyone under the age of 18.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice in the application. Continued use of RiskRunway after changes take effect constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or how we handle your data, please contact:

RiskRunway

Email: privacy@risk-runway.com

Website: https://risk-runway.com