Privacy Policy
This Privacy Policy applies to the information and data that Insure Things (“Insure Things,” “we,” “us,” or “our”), [full legal entity name and registered address], collects when you use our website at insurethings.forestrylabs.io or our products and services.
Summary
This policy applies to:
- Visitors to our website
- Customers
- Users of our products and services
The purpose of this Privacy Policy is to let you know how we collect, use, store, share, retain, transfer, and process your Personal Information. It also describes your choices and rights with respect to your Personal Information and how to exercise those rights. “Personal Information” is any information relating to an identified or identifiable individual.
We may amend this policy from time to time. We encourage you to review it periodically, as changes will be posted on this page. If we make any material changes, we will provide a prominent notice. If you do not agree with this policy, you should not use our website, products, or services.
What Personal Information We Collect
We collect various types of information depending on how you interact with us and what products or services you use.
Personal Information you provide to us
If you fill out a form on our website — for example, requesting a quote, submitting a request for information, or signing up for updates — we will collect and process that information to provide you with the communication, products, or services. This may include your name, email address, company name, job title, physical address, and payment and billing information.
Personal Information collected when you visit our website
When you use our website, we may automatically collect Personal Information such as IP address, user-agent information (automatically sent by your web browser, which may include device type), and information collected by cookies and similar technologies. See Cookies and Tracking Technologies below.
Personal Information collected when you use our products or services
When you use our products and services, we may collect:
- Username
- IP address
- Name
- Email address
- Street address
- Telephone number
We may also collect usage data regarding your use of our products and services, which may contain Personal Information. We collect payment and billing information when you register to use our products and services, and use it solely to process payments and deliver our products and services.
If we need sensitive personal information (such as health information, government-issued identification, or information about your race, religion, or political opinions), we will only collect such information with your explicit consent.
Unless otherwise noted in this policy, we act as the “controller” of the personal data that we collect and process.
How We Collect Information
We collect Personal Information from you when you visit our website or use our products and services. Some of this information is provided directly by you (for example, when you complete a form), and some is collected automatically (for example, through cookies and server logs).
We may also collect personal information from other sources, such as [public databases, affiliates, and third-party partners — list as applicable].
How We Use Your Information
We process your personal information for the following purposes:
- To provide our services.
- To respond to your requests for information.
- To contact you with updates about our services.
- To market and advertise our services, including sending marketing communications, with your consent.
- To analyze and improve our website and services.
The Legal Basis for Collecting and Processing Information
We rely on the following legal bases for collecting and processing Personal Information:
- Consent — such as when you subscribe to our newsletter, ask for information, or sign up for services.
- Contract — where processing is necessary to provide our services or fulfill a contractual obligation.
- Legal obligation — where processing is necessary to comply with the law.
- Legitimate interests — such as for marketing, where our legitimate interests are not outweighed by your rights.
- Vital interests — where necessary to protect the vital interests of you or another individual.
How We Share Information
We share Personal Information with our affiliates and partners as needed to provide our services, and with service providers such as accountants, payment processors, and other vendors we use to operate our website and provide our products and services.
Our vendors and service providers are not permitted to use your personal information for any purpose other than to provide contracted services. They may not use your personal information for their own marketing, and are not allowed to share your information for marketing purposes.
We may share personal information in response to a legal summons or subpoena, or if required by law enforcement agencies.
How Long We Retain Your Information
How long we keep Personal Information depends on the type of information and the purpose for which it was collected. After a reasonable period of time, or the completion of the purpose for which it was collected, we will either delete or anonymize the information.
We retain Personal Information where we have an ongoing legitimate business purpose to do so — for example, to resolve disputes or comply with ongoing legal obligations — and for a reasonable period after our services to you are completed.
Cookies and Other Tracking Technologies
Cookies are small files stored in your web browser when you visit our website. Some cookies last only as long as you remain on the website; others (“persistent cookies”) may be stored for longer periods. Cookies can make browsing easier by storing your preferences, and they collect information such as your IP address, browser settings, and information about how you use the website. Your general location may be estimated from your IP address. Some cookies track activity across websites in order to deliver personalized advertising.
Our website uses, among others:
- Google Analytics 4 (
_ga,_ga_*) — to understand how visitors use our site. - Meta Pixel (
_fbp) — to measure and improve our advertising. - Embedded YouTube videos (
VISITOR_INFO1_LIVE,YSC) — to display video content. - Google Fonts — to render our typography.
We use the Osano consent management platform to obtain and record your cookie preferences. You can review and change your choices at any time using the Cookie preferences link. You may also change your browser settings to reject or delete cookies, and find more information about cookies — including how to opt out of interest-based advertising — at www.cookiesandyou.com.
Your Rights Regarding Access to and Control over Personal Information
If you reside in the EU/EEA, you may have the following rights with regard to your personal information:
- Right of information and access — to access your Personal Information and receive a copy of it.
- Right to rectification — to correct or update inaccurate or out-of-date Personal Information.
- Right of erasure — to request that your Personal Information be permanently deleted.
- Right to restrict processing — to restrict the processing of your Personal Information.
- Right to object to processing — to object to specific types of processing of your Personal Information.
- Right to portability — to receive a portable copy of your personal information in a transferable format.
- Right not to be subject to solely automated decisions, including profiling.
- Right to complain to a data protection authority in the country in which you reside. Our lead supervisory authority is [name and contact details of designated data protection authority].
- Right to withdraw consent at any time, where we rely on your consent.
- The right to non-discrimination — we will not discriminate against you for exercising your privacy rights.
To exercise any of these rights, please [submit a request via your DSAR form or contact us using the details below]. We may charge a reasonable fee if your request is not valid under applicable law, or is repetitive or excessive, and we may request additional information to verify your identity before processing your request.
Information for California Residents
The California Consumer Privacy Act (CCPA), as amended by the CPRA, applies to information collected from California residents. If you are a California resident, you have the following rights:
- The right to know and access the categories and specific pieces of personal information we collect, the sources, and the purposes for collection (see “What Personal Information We Collect” above).
- The right to have personal information deleted.
- The right to portability — to request a copy of your personal information in a transferable format.
- The right to non-discrimination for exercising your privacy rights.
You may be asked for more information so that we can verify your identity when you make a request. You may exercise your rights by [insert two methods, e.g., a toll-free number and an email address / online form].
We do not sell or share Personal Information to or with third parties within the meaning of the California Consumer Privacy Act. The categories of Personal Information we have collected in the preceding 12 months are described in “What Personal Information We Collect” above. [If applicable, add CPRA disclosures on sale/share by category, sensitive data handling, and retention periods per category.]
International Data Transfers
Personal Information may be transferred from users residing in the European Union to our servers, partners, or vendors located in the United States and other non-EU countries where an adequacy decision may not be in place. When we transfer Personal Information of individuals in the EEA, Switzerland, or the United Kingdom to the US, we make use of the Standard Contractual Clauses and the UK Addendum, along with additional safeguards where appropriate. To obtain a copy of the safeguards we use, please contact us at [privacy contact].
Security
We take reasonable steps to protect the information we receive from you from accidental or unlawful destruction, loss, alteration, and unauthorized disclosure or access. We have put in place appropriate physical, technical, and administrative measures to safeguard your information, but no security measures are perfect and the risk of a data breach cannot be entirely eliminated. Measures we use include:
- Encryption of personal data in transit.
- Access to personal information on a “need to know” basis.
- Information-security training for employees.
- Confidentiality agreements for employees with access to personal information.
- Vendor due diligence before sharing personal information.
Automated Decision Making and Profiling
We do not make decisions that produce legal or similarly significant effects about you based solely on automated processing, including profiling. [If your organization does perform such processing — including uses of AI — describe the logic involved and the potential consequences for the individual.]
Children's Privacy
We do not knowingly collect or solicit personal information from children under age 13 without parental consent, unless permitted by law. If we become aware that we have collected personal information from a child under 13 without parental consent, we will delete it. If you believe a child may have provided us with personal information, please contact us.
California consumers: We will not sell the information of California consumers who are 16 or younger unless we have prior parental authorization (for consumers under 13) or opt-in consent from the minor (for consumers aged 13–16).
EU residents: We do not collect or process the personal information of data subjects in the EU under the age of 16 without explicit consent from a parent or guardian.
Sensitive Information
Unless specifically requested by us or required by law, we ask that you do not send us, or disclose on or through our website, any sensitive personal information (such as health information, government identifiers, or information about race, religion, or political opinions).
Contact Us
If you have any questions about this privacy policy, or if you want to exercise your privacy rights as outlined above, please contact us at:
Insure Things
Email: privacy@insurethings.forestrylabs.io
[mailing address]
[phone number]
Additional Information
Where we are the data controller located outside of the EU/EEA, our designated European Union representative is [name and contact details of EU representative].
If you are unsatisfied with our response to a privacy complaint, you may contact our dispute-resolution organization at [dispute-resolution provider].