Privacy Policy for Protection and Responsible Handling of Personal Data
Privacy Policy
Clinch (“Company,” “we,” “our,” or “us”) is committed to protecting the privacy and confidentiality of all users who access or interact with our platforms, applications, websites, and digital services (“Services”). This Privacy Policy explains how we collect, use, store, disclose, and safeguard personal data when providing our insurance-technology solutions to insurers, brokers, corporate clients, and individual users.
By accessing or using our Services, you acknowledge that you have read and understood this Policy. If you do not agree with its terms, you must discontinue use of the Services immediately.
1. Scope and Applicability
This Privacy Policy applies to all forms of personal information processed by the Company in the context of providing the Services. Our solutions include digital aggregation systems, health insurance technology platforms, commission automation tools, claim experience analysis modules, integration and consultancy services, and any related cloud-based or hosted technologies. The policy covers both online and offline processing activities and applies to insurers, brokers, corporate clients, partners, individual users, and any authorized personnel who access the Services.
Depending on the specific contractual arrangements, the Company may act as a data processor on behalf of insurers or corporate clients, or as a data controller for limited categories of information that relate to platform maintenance, security, and operational management.
2. Information We Collect
The Company collects personal information necessary to deliver the Services effectively. This may include identifying details such as names, identification numbers, dates of birth, and demographic information. We may also collect contact details including email addresses, telephone numbers, and physical addresses. When required for the provision of insurance-related services, we may process information about policies, claims, and coverage selections. In the context of health insurance applications or claims analysis, we may process health-related information strictly to the extent allowed under applicable law and only when it is necessary to provide the requested services.
In addition to user-provided information, we may collect technical information generated through interaction with our systems, such as device identifiers, browser data, IP addresses, access logs, and system usage metrics. We also process information that users upload into the system, such as claim files, enrollment data, policy documents, corporate records, or financial information. Users are responsible for ensuring that the information they upload is accurate, lawful, and submitted with appropriate authorization.
3. Legal Basis for Processing
The Company processes personal information under various lawful bases depending on the nature of the service and the jurisdiction in which it is provided. We may process information because it is necessary for performing contractual obligations, such as enabling users to access the platform, process insurance requests, generate comparisons, evaluate claims, or manage commissions. Some processing activities are carried out because they serve the legitimate interests of the Company or our clients, such as improving system performance, preventing fraud, maintaining security, and ensuring compliance. In certain jurisdictions, we may also process information to comply with legal obligations arising from insurance, financial, health, or data-protection regulations. When required, we will obtain explicit consent for specific processing activities, particularly when handling sensitive information such as health data.
4. Use of Personal Information
Personal information is used to provide, maintain, and enhance the Services. This includes verifying user identities, granting platform access, fulfilling service requests, processing comparisons, claims, or commission workflows, and generating system outputs. Data may also be used to improve user experience, develop new features, support customer service operations, and ensure system security. We may process personal information to detect unauthorized access, investigate misuse, or comply with regulatory and legal requirements. Information is not used for marketing unless expressly agreed upon, and the Company does not sell personal information under any circumstances.
5. Sharing and Disclosure
The Company may disclose personal information to insurers, third-party administrators, brokers, or corporate clients when necessary for the delivery of contracted services. Data may also be shared with third-party service providers that support our technical infrastructure, such as hosting providers, security partners, integration partners, or analytics services. These providers are required to maintain strict confidentiality and implement robust safeguards. In situations where we are legally required to do so, we may share personal information with regulatory authorities, courts, or law enforcement agencies. Personal information is never disclosed to entities unrelated to the service relationship without appropriate authorization or legal basis.
6. Data Retention
Personal information is retained only for as long as required to perform the purposes described in this Policy. Retention periods depend on the type of data, contractual requirements, and applicable regulatory frameworks. Once retention periods expire, information is securely deleted, anonymized, or archived in accordance with industry standards to protect confidentiality and prevent unauthorized access.
7. International Transfers
The Company may transfer personal information across borders to jurisdictions where our servers, partners, or affiliates operate. When data is transferred internationally, we implement appropriate legal safeguards such as contractual data protection clauses, secure transfer agreements, or compliance frameworks recognized under applicable law. We also offer data residency solutions when required by specific regulatory environments, such as jurisdictions within the European Union, the United Arab Emirates, or other regions with strict data-localization rules.
8. Security Measures
We implement technical and organizational measures designed to protect personal information from loss, misuse, unauthorized access, or disclosure. These measures include encryption of data in transit and at rest, access controls, authentication requirements, monitoring systems, audit logging, intrusion detection, and regular testing of our security infrastructure. Although we take strong precautions, no system connected to the internet can guarantee absolute security, and users are encouraged to maintain secure passwords and follow best practices when accessing our Services.
9. User Rights
Users may have rights under applicable law to request access to their personal information, correct inaccurate data, request deletion, restrict processing, withdraw consent, or request a copy of their data in a portable format. These rights may vary depending on jurisdiction and the specific service arrangement. Requests should be submitted through official communication channels provided by the Company or, if applicable, through the user’s employer or insurer when the Company acts as a processor.
10. Children’s Information
Our Services are not intended for individuals who are not legally adults within their jurisdiction. We do not knowingly process personal information of minors unless it is required for insurance purposes and authorized by the relevant guardian or policyholder. If we become aware that information pertaining to a minor has been collected without authorization, we will take appropriate steps to remove it.
11. Updates to This Policy
The Company may update this Privacy Policy periodically to reflect changes in our practices, technological developments, or legal requirements. Updates become effective upon publication on our website. Users are encouraged to review this Policy regularly to stay informed of how their information is processed.
12. Contact Information
If you have questions or concerns regarding this Privacy Policy, or if you wish to exercise your legal rights regarding personal information, please contact the Company through the official channels listed on our website.