Privacy Policy
Effective date: April 2026 · GlobalDeal Inc.
1. What we collect and why
| Data | Why we collect it | Deleted when? |
|---|---|---|
| Email address | Deliver your report, send optional outcome follow-ups | On request (see Section 5) |
| Insurance policy PDF | AI analysis only — never stored beyond 24 hours | Within 24 hours of upload |
| Settlement letter PDF | AI analysis only — never stored beyond 24 hours | Within 24 hours of upload |
| Claim description & metadata (insurer, state, claim type, offer amount) | Improve analysis quality; build anonymized outcome database | On request or account deletion |
| Analysis output (gap estimates, letter text) | Deliver your report; retained for re-access | On request or account deletion |
| Payment information | Processed by Stripe — we never see your card number | Stripe manages retention |
2. Your documents are deleted in 24 hours
Your insurance policy PDF and settlement letter are uploaded to encrypted storage (Supabase, hosted in the United States) solely for AI processing. After the analysis completes — and in any case within 24 hours of upload — both files are permanently deleted. They cannot be recovered after deletion.
The AI provider (Anthropic) processes your document text via its API. Anthropic does not use API-submitted content to train its models, per Anthropic's data usage policy.
3. How we use your data
We use your data to:
- Perform the AI analysis and generate your report
- Deliver your report by email
- Send optional outcome follow-up emails (7, 14, and 30 days post-purchase)
- Build an anonymized aggregate outcome database (insurer + state + claim type + resolution outcome) to improve future analysis quality — no personal identifiers are included
We do not sell, rent, or share your personal information with third parties for marketing purposes. See Section 3a for our aggregated data practices.
3a. Aggregated and de-identified data
We compile anonymized, aggregated statistics from claim metadata — including insurer name, U.S. state, claim type, settlement amount ranges, and outcome patterns. This dataset contains no personal identifiers (no name, no email, no claim-specific text) and cannot reasonably be used to re-identify any individual.
We may share or license this aggregated, de-identified data with third parties such as insurance industry research firms, consumer advocacy organizations, or enterprise business partners. Any such sharing is limited to statistical summaries and does not involve the transfer of personal data.
CCPA notice (California residents): The sharing of aggregated, de-identified data as described above does not constitute a "sale" of personal information under the California Consumer Privacy Act because it contains no personal identifiers. You retain the right to opt out of any future data practices that would qualify as a sale; to exercise this right, email [email protected].
4. Third-party services
| Service | Purpose | What they receive |
|---|---|---|
| Supabase | Database & file storage | Encrypted files and claim metadata |
| Anthropic (Claude API) | AI analysis | Document text (not trained on) |
| Stripe | Payment processing | Payment card details — we never see them |
| Resend | Email delivery | Your email address and report link |
| Cloudflare Pages | Hosting & CDN | Request logs (standard) |
5. Your rights (CCPA / GDPR)
You have the right to:
- Access: Request a copy of the data we hold about you
- Deletion: Request deletion of your email address and associated claim records at any time
- Opt-out of outcome emails: Unsubscribe from follow-up emails via the link in any email we send
- Non-discrimination: We will not deny service or charge different prices based on the exercise of privacy rights
To exercise any of these rights, email [email protected] with "Privacy Request" in the subject line. We will respond within 10 business days.
6. Cookies
ClaimGap uses minimal cookies: one HTTP-only session cookie for admin authentication purposes only. We do not use advertising cookies, tracking pixels, or third-party analytics cookies.
7. Security
All data is transmitted over HTTPS. Uploaded files are stored with encryption at rest. We enforce the principle of minimal data retention — documents are deleted within 24 hours and we store only what is necessary to deliver and improve the service. In the event of a data breach affecting your personal information, we will notify affected users within 72 hours.
Privacy questions or requests
Contact us at [email protected] — subject line: "Privacy Request".
GlobalDeal Inc. · Wilmington, Delaware, United States