Privacy Policy

Effective Date: March 5, 2026

This Privacy Policy applies to ReliaPilot, a product of Reliaminds, and covers our website, web platform, and Google Chrome extension (Chrome Web Store ID: clkpfclokphmpfonckfogkpdecammmnb). We are committed to protecting your personal information and handling it responsibly. If you have questions, contact us at solutions@reliaminds.com.

1. Data Collection & Purpose

This section describes all data collected by ReliaPilot across our website, web platform, and Chrome extension.

1.1 Website Data Collection

A. Personal Information You Provide

When you fill out forms on our website (e.g., "Book a Demo," "Contact Us," newsletter sign-up), we may collect:

  • Full name
  • Email address
  • Phone number
  • Company name and job title
  • Any additional information you voluntarily include in message fields

B. Technical & Usage Data Collected Automatically

When you visit our website, we automatically collect certain technical information through cookies and similar technologies:

  • IP address
  • Browser type and version
  • Operating system and device type
  • Pages visited, time spent on pages, and referring URLs
  • Click patterns and scroll behavior (aggregated)

C. Cookies & Tracking Technologies

Our website uses Google Tag Manager (GTM-KZR6TFCZ) and Google Analytics to understand how visitors interact with our site. These services place the following cookies on your device:

  • _ga — Used by Google Analytics to distinguish unique users. Expires after 2 years.
  • _gid — Used by Google Analytics to distinguish unique users. Expires after 24 hours.
  • _gat — Used by Google Analytics to throttle the request rate. Expires after 1 minute.

These cookies collect aggregated, anonymized usage data. They do not collect personal information such as your name or email. You can opt out of Google Analytics tracking by installing the Google Analytics Opt-out Browser Add-on. You may also manage or disable cookies through your browser settings.

Note: The ReliaPilot Chrome extension does not use cookies. It uses chrome.storage solely to store your authentication session token (JWT) locally on your device.

1.2 Chrome Extension Data Collection (Single Purpose)

ReliaPilot (ID: clkpfclokphmpfonckfogkpdecammmnb) operates under a strict "Single Purpose" model. Data collected specifically through the Chrome extension is used exclusively to facilitate insurance case creation and is never used for marketing, profiling, or unrelated business operations.

A. Data You Provide Directly

  • Identity & Contact Info: Full name, email address, and phone number.
  • Authentication Information: Your account username and password. We collect these credentials solely to authenticate your identity and grant you secure access to the ReliaPilot platform.
  • Insurance Preferences: Type of insurance requested (Auto, Home, Life, Commercial, Health) and relevant property/vehicle details.

B. Email Content (Sensitive Personal Communications Data)

When you click the "Create Case" button within Gmail or Outlook, the extension reads the following data from the email you are currently viewing:

  • Email sender (name and email address)
  • Email subject line
  • Email body content

This email content is classified as sensitive personal communications data. It is accessed only when you explicitly click the "Create Case" button — the extension never reads, scans, or monitors your email in the background. The extracted data is used solely to pre-populate insurance case fields in the ReliaPilot platform. We do not collect browsing history, keystrokes, or any data from pages where the extension is not explicitly invoked.

What the extension does NOT access: The extension does not access email attachments, email thread history, contact lists, calendar data, draft emails, or any email other than the one currently open in your browser tab. It does not read, index, or scan emails from your inbox automatically, on page load, or without your direct action. The extension does not use the Gmail API or any OAuth scopes — it operates solely through host permissions and content scripts on the supported email domains listed in Section 1.3.

C. Data Handling & Storage

All data is collected via direct user interaction within the extension side panel or through the "Create Case" button. Data is transmitted securely via HTTPS encryption to our servers. We retain this data for the duration of your active account to fulfill your requests, after which it is archived or deleted upon request.

D. Data Sharing & Disclosure

We share the data collected by the extension only with:

  • Insurance Partners: Licensed carriers or brokers required to generate the quotes you requested.
  • Service Providers: Secure infrastructure providers (AWS). We do not sell your data to third-party data brokers or ad networks.

1.3 Browser Permissions & Host Access

To fulfill its single purpose of creating insurance cases from your email, the ReliaPilot Chrome extension requires the following technical permissions:

  • activeTab: Allows the extension to temporarily interact with the email you are currently viewing when you click "Create Case," to populate the case creation form.
  • scripting: Used to inject the "Create Case" button interface into supported email domains, enabling a seamless workflow between your email and our platform.
  • storage: Used solely to maintain your secure login session via an industry-standard JSON Web Token (JWT) stored locally on your device. We do not store session logs or persistent identifiers on our servers.
  • sidePanel: Used to provide a persistent workspace for managing your insurance cases. All data displayed or processed within the side panel is encrypted and handled in accordance with the security standards defined in Section 8.

Host Permissions

The extension declares the following host permissions in its manifest. These are the only domains where the extension can activate:

  • https://rp.reliaminds.com/* — The ReliaPilot platform, used to authenticate your session and submit case data.
  • https://mail.google.com/* — Gmail, used to inject the "Create Case" button and read email content when you click it.
  • https://outlook.live.com/* — Outlook.com (personal), used to inject the "Create Case" button and read email content when you click it.
  • https://outlook.office.com/* — Outlook (business/enterprise), used to inject the "Create Case" button and read email content when you click it.
  • https://outlook.office365.com/* — Outlook 365, used to inject the "Create Case" button and read email content when you click it.

We do not use these permissions to track your activity across other websites or for any purpose outside of insurance case management. The extension does not activate on any domains other than those listed above.

Minimum necessary permissions: ReliaPilot requests only the minimum browser permissions necessary to provide the "Create Case" feature. We do not request broad host permissions (such as <all_urls>), nor do we request permissions to send email, modify labels, access contacts, or perform any action beyond reading the currently open email when explicitly triggered by the user.

2. How We Use Your Information

We use the information we collect for the following purposes:

  • Processing and routing your insurance requests to appropriate providers
  • Creating and managing insurance cases in ReliaPilot on your behalf
  • Providing and maintaining our AI-powered insurance assistance services
  • Communicating with you about your account, insurance requests, demo requests, or support
  • Improving product features and performance using aggregated, non-identifiable data
  • Ensuring platform security and preventing fraudulent activity
  • Complying with legal obligations

We will not use your data for any purpose not described in this Privacy Policy without first obtaining your explicit consent.

3. Data Storage and Data Retention

A. Where Your Data Is Stored

Personal data collected through our website and Chrome extension is encrypted and stored on secure servers hosted in the United States. We use AWS enterprise cloud infrastructure with industry-standard security controls.

B. How Long We Retain Your Data

  • Account and insurance request data: Retained for as long as your account is active, or as needed to provide services and fulfill legal obligations.
  • Email content (from "Create Case"): Email sender, subject, and body content are processed in real time to pre-populate case fields and are not stored independently beyond the active session. If you explicitly save the case, only the structured case data (name, contact information, insurance type) is retained for the duration of your account or until you request deletion. Raw email content is not persisted on our servers.
  • Usage and analytics data: Retained in aggregated, anonymized form for up to 24 months for product improvement purposes.
  • Payment information: Not stored on our servers; retained by Stripe per their applicable terms.

C. Data Deletion

You may request deletion of your personal data at any time:

  • Email solutions@reliaminds.com with the subject line "Data Deletion Request"
  • Include the email address associated with your account
  • We will process your request and confirm deletion within 30 days

Upon deletion, your personal data will be permanently removed from our active systems. Anonymized, aggregated data derived from your usage may be retained as it cannot be linked back to you individually.

4. How We Share Your Information

IMPORTANT: We maintain a strict data silo between our website marketing and our Chrome extension operations. Personal data extracted from emails via the ReliaPilot extension is never shared with HubSpot or other marketing platforms, nor is it sold to third parties.

We do not sell your personal information. We share your information only in the following circumstances:

  • Insurance Providers: We share your insurance request data (name, contact details, insurance type, and relevant property/vehicle information) with licensed insurance carriers or brokers to fulfill your service request.
  • AI Inference Providers (Amazon Bedrock / AWS): Insurance request inputs may be transmitted to AI inference infrastructure within our AWS environment. AWS Bedrock processes data solely to return responses and does not use customer data to train base foundation models or share it with third-party model providers.
  • Cloud Infrastructure (AWS): Our AWS hosting provider stores and processes data on our behalf under data processing agreements.
  • Payment Processors (Stripe): Payment information is shared with Stripe and governed by their privacy policy.
  • CRM and Business Tools (HubSpot): We integrate with HubSpot to manage customer relationships. Contact information may be stored in these systems.
  • Legal Requirements: We may disclose your information if required by law, court order, or in response to valid requests by public authorities.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, user data may be transferred to the acquiring entity, with prior notice to affected users.

Email content disclosure: Raw email content (sender, subject, body) accessed through the "Create Case" feature is never shared directly with insurance providers or any third party. Only structured case data (name, contact information, insurance type requested) derived from user-confirmed extractions is submitted to insurance partners.

Authentication Security & Sharing: Your login credentials (passwords) are handled with the highest level of security. We never share your passwords with third-party partners, insurance providers, or marketing platforms. They are used exclusively for internal authentication within the ReliaPilot ecosystem.

All third-party service providers are contractually required to protect your data and use it only for the purposes we specify.

Third-Party Exclusion: We do not share any data collected by the Reliapilot extension with third-party tracking services, advertising networks, or data brokers for any purpose other than the core functional services listed above.

5. AI Data Processing

ReliaPilot uses AI models to provide insurance business intelligence. To protect your privacy:

  • Data Minimization: We only process the data necessary to provide the specific service requested.
  • No Training on Your Data: By default, we do not use your proprietary business data or personal information to train our AI models without your explicit consent.
  • Secure Processing: All AI processing is performed over encrypted connections (HTTPS/TLS).
  • Provider: AI-powered suggestions are generated through Amazon Bedrock hosted within our AWS environment. AWS Bedrock does not use your data to train base foundation models or share it with third-party model providers.

6. Google Limited Use Disclosure (Mandatory)

ReliaPilot's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • No Advertising: We do not use or transfer user data for serving or targeting advertisements.
  • No Human Reading: We do not allow humans to read user data unless we have your affirmative agreement for specific troubleshooting or security purposes.
  • No Selling: We do not sell user data to third parties, data brokers, or ad networks.

7. In-Product Data Consent

When you first install and activate the ReliaPilot Chrome extension, you will be presented with a clear disclosure screen describing what data the extension collects and how it is used. You must affirmatively accept this disclosure before the extension begins processing any data.

If we update the types of data we collect or how we use it, you will be presented with an updated disclosure and asked to re-confirm consent before the new data practices take effect.

7.1 How to Revoke Consent

You may revoke your consent for data collection at any time by:

  • Uninstalling the extension via the Chrome menu.
  • Disabling the extension in chrome://extensions.
  • Contacting solutions@reliaminds.com to request the permanent deletion of all previously extracted data.

8. Data Security

We implement the following security measures to protect your data:

  • Authentication Security: We use JWTs to manage user sessions. These tokens are stored locally on your device and are used only to authenticate your requests to our secure CMS. No session data is retained on our servers.
  • Encryption: All data transmitted by the Chrome extension and website is encrypted in transit using HTTPS/TLS 1.2 or higher.
  • At-Rest Protection: Data stored at rest within our CMS is protected using AES-256 encryption.
  • Access Control: Access to personal data is restricted to authorized personnel on a strict need-to-know basis.
  • Payment Security: Payment data is handled in compliance with PCI-DSS standards via Stripe.
  • Password Security: All user passwords are securely hashed before being stored in our database. We never store passwords in plain text. Transmission of credentials between the extension and our servers is strictly encrypted using HTTPS/TLS 1.2 or higher.

No method of internet transmission or electronic storage is 100% secure. In the event of a data breach that affects your personal information, we will notify you in accordance with applicable law.

9. Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Right to Access: Request a copy of the personal data we hold about you.
  • Right to Correction: Request correction of inaccurate or incomplete data.
  • Right to Deletion: Request deletion of your personal data (see Section 3C for the process).
  • Right to Portability: Request your data in a machine-readable format.
  • Right to Object: Object to certain types of data processing.
  • Right to Restrict Processing: Request that we limit how we use your data.

To exercise any of these rights, contact us at solutions@reliaminds.com. We will respond within 30 days. You will not be discriminated against for exercising your privacy rights.

Virginia Residents (VCDPA)

If you are a Virginia resident, the Virginia Consumer Data Protection Act (VCDPA) grants you the following additional rights:

  • Opt out of sale of personal data — We do not sell personal data.
  • Opt out of targeted advertising — We do not use your data for targeted advertising.
  • Opt out of profiling — We do not engage in automated profiling that produces legal or similarly significant effects.
  • Right to appeal: If we decline your data rights request, you may appeal by emailing solutions@reliaminds.com with "VCDPA Appeal" in the subject line. We will respond within 60 days.

California Residents (CCPA / CPRA)

If you are a California resident, the CCPA as amended by the CPRA grants you the following rights:

  • Right to Know: Request disclosure of the categories and specific pieces of personal information collected, the sources, our business purpose, and the third parties with whom it is shared.
  • Right to Delete: Request deletion of your personal information, subject to certain legal exceptions.
  • Right to Correct: Request correction of inaccurate personal information.
  • Right to Opt-Out of Sale or Sharing: We do not sell or share personal information for cross-context behavioral advertising.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your rights.
  • Right to Limit Sensitive Data Use: We only use sensitive personal information to provide our insurance workflow services.

To submit a California rights request, email solutions@reliaminds.com with "California Privacy Request" in the subject line. We will respond within 45 days (with one 45-day extension if necessary).

10. Children's Privacy

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page, updating the effective date at the top, and — where appropriate — notifying you by email. Your continued use of our services after any changes constitutes acceptance of the revised policy.

12. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us: