Privacy Policy
Pallis.ai Inc. ("Pallis", "we", "us", or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose and safeguard your information when you use our platform, website, and related services (collectively, the "Services").
1. Information We Collect
Information you provide
- Account registration details: name, email address, job title, organization name
- Platform content: policies, claims, reinsurance data, documents you upload or create
- Communications: support tickets, enquiry form submissions, email correspondence
- Payment information: processed via our payment provider; we do not store card details
Information collected automatically
- Usage data: pages visited, features accessed, time spent, actions taken
- Device information: browser type, operating system, IP address, screen resolution
- Cookies and similar technologies: session tokens, preference cookies, analytics
2. How We Use Your Information
We use the information we collect to:
- Provide, operate and improve the Pallis platform and Services
- Authenticate users and maintain account security
- Respond to support requests and communicate service updates
- Generate anonymised, aggregated analytics to improve our product
- Comply with legal obligations and enforce our Terms of Use
- Send transactional emails (account notifications, security alerts)
We do not sell, rent or trade your personal data to third parties for marketing purposes.
3. Data Security
We implement industry-standard security measures including:
- TLS 1.3 encryption in transit for all data exchanged with our platform
- AES-256 encryption at rest for stored data via Supabase infrastructure
- Row-Level Security (RLS) database policies ensuring strict organizational data isolation
- Multi-factor authentication support for all user accounts
- Regular security audits and penetration testing
- SOC 2-aligned operational practices
4. Data Retention
We retain your data for as long as your account is active or as necessary to provide Services. Upon account termination, data is deleted within 90 days unless we are required to retain it by law. Audit logs are retained for 7 years for financial regulatory compliance purposes.
5. Your Rights
Depending on your jurisdiction, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data ("right to be forgotten")
- Object to or restrict processing of your data
- Data portability — receive your data in a structured, machine-readable format
- Withdraw consent where processing is based on consent
To exercise any of these rights, contact us at privacy@pallis.ai.
6. Third-Party Services
We use the following sub-processors to deliver our Services:
- Supabase — database, authentication, and storage infrastructure
- Cloudflare — CDN, DNS, and DDoS protection
- Anthropic — AI inference for Intelligence Pro features (data is not used for model training)
Each sub-processor is contractually bound to appropriate data protection standards.
7. Cookies
We use essential cookies required for platform authentication and session management. We do not use third-party advertising cookies. You can disable cookies in your browser settings, but this may affect platform functionality.
8. Changes to This Policy
We may update this Privacy Policy periodically. Material changes will be communicated via email to registered users and updated on this page with a revised effective date.
9. Governing Law
This Privacy Policy is governed by the laws of the State of Delaware, United States of America. Any disputes arising under this policy shall be subject to the exclusive jurisdiction of the state and federal courts located in Delaware, USA.
10. Contact
For privacy-related enquiries, contact our Data Protection team at privacy@pallis.ai or write to: Pallis.ai Inc., Data Protection Officer, [Registered Address, Delaware, USA — to be added].