Privacy Policy
Last updated: February 2025
GDPR Compliant: This policy complies with UK GDPR and the Data Protection Act 2018.
1. Introduction
RyskWeave ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered underwriting platform. We are the data controller. Contact: privacy@ryskweave.com
2. Information We Collect
Account Information
Email address, full name, password (hashed), organization name, role.
Underwriting Data
Motor: driver age, license history, vehicle details, claims history, postcode. Plant: equipment details, operator info, maintenance records. Property: property details, construction info, location. We do not require names of insured individuals.
Usage Data
IP address, browser type, pages visited, API request logs, timestamps.
3. How We Use Your Information
| Purpose | Legal Basis |
|---|---|
| Provide the Service | Contract |
| Process underwriting requests | Contract |
| Generate audit trails | Legitimate interest / Legal obligation |
| Improve the Service | Legitimate interest |
| Prevent fraud | Legitimate interest |
| Legal compliance | Legal obligation |
4. AI Processing
We use Claude AI (Anthropic) to analyze risk data. Data is transmitted securely; Anthropic does not retain data after processing. AI decisions are advisory only and subject to human review. You have the right to request human review of automated decisions.
5. Data Storage and Security
Location: Data is stored in PostgreSQL databases on Railway (US). AI processing occurs via Anthropic (US). International transfers use Standard Contractual Clauses.
Security: HTTPS/TLS encryption, encrypted database connections, password hashing, JWT authentication, role-based access control, regular security reviews.
6. Data Retention
| Data Type | Period |
|---|---|
| Account information | Account duration + 2 years |
| Underwriting submissions | 7 years (regulatory) |
| Audit logs | 7 years (regulatory) |
| Usage analytics | 2 years |
7. Data Sharing
We do not sell your data. We share with: service providers (Railway, Anthropic), your organization's authorized users, legal authorities when required. All processors are bound by data processing agreements.
8. Your Rights (GDPR)
Access
Request a copy of your data
Rectification
Correct inaccurate data
Erasure
Request deletion
Portability
Receive data in portable format
Object
Object to processing
Restrict
Limit processing
Contact privacy@ryskweave.com. Response within 30 days.
9. Cookies
We use only essential cookies for authentication (JWT tokens stored in localStorage). No tracking or advertising cookies. No third-party analytics.
10. Children's Privacy
Our Service is not intended for individuals under 18. We do not knowingly collect data from minors.
11. Changes to This Policy
We may update this policy periodically. Changes will be posted here with an updated date. Continued use constitutes acceptance.
12. Contact and Complaints
Data Protection Contact: privacy@ryskweave.com
You have the right to lodge a complaint with the Information Commissioners Office (ICO): ico.org.uk