Evrcad Insurance
EVRCADINSURANCE
Sign in →

Last Updated: March 22, 2026

Privacy Policy

This Privacy Policy explains how Evrcad LLC collects, uses, and protects your information when you use the EVRCAD Insurance Suite.

01Introduction

Evrcad LLC operates the EVRCAD Insurance Suite, a cloud-based agency management platform for Medicare insurance agencies. This Privacy Policy describes how we collect, use, store, and protect your information.

02Information We Collect

  • Account Information: name, email, phone, organization name, role, license info.
  • Client Data (entered by users): client names, contact info, Medicare plan details, SOA records, appointment notes. This may include HIPAA-defined PHI.
  • Location Data: precise GPS at clock-in/clock-out only (not background).
  • Usage Data: IP, browser, device, pages visited, timestamps.
  • Payment Data: processed by Stripe; we do not store full card numbers.

03How We Use Your Information

To provide and improve the Service, process payments, enable management features, verify agent location, send transactional communications, generate anonymized analytics, enforce Terms, and comply with law. We do NOT: sell personal data, use client data for advertising, share data between tenants, or train AI models on your data.

04AI Features and Your Data

AI features process client data only to provide suggestions to authorized users within the same organization. All suggestions require human review. We use the Anthropic API; Anthropic does not use API inputs for training. AI data is not retained beyond the request-response cycle unless you save a suggestion.

05Data Sharing and Third-Party Services

We share data with: Supabase (database/auth), Vercel (hosting), Stripe (payments), Resend (email), Anthropic (AI features), Twilio (SMS, planned). We also share data when required by law.

We do NOT share with ad networks or data brokers.

06Multi-Tenant Data Isolation

Data is logically isolated per organization via Row-Level Security. No cross-organization access is possible. Aggregated analytics are anonymized.

07HIPAA and PHI

We implement administrative, physical, and technical safeguards consistent with HIPAA. We maintain audit logs, limit internal PHI access, and BAAs are available upon request at legal@evrcad.com. This Privacy Policy is not a BAA.

08Data Retention

  • Account data: subscription duration + 90 days.
  • Client/SOA data: 10 years minimum (CMS requirement).
  • Audit logs: 6 years minimum (HIPAA requirement).
  • Location data: 3 years.
  • Payment data: per Stripe retention policies.
  • Usage data: 2 years identifiable, indefinite anonymized.

09Data Security

TLS/HTTPS encryption, RLS database isolation, role-based access, regular security reviews, secure authentication. No system is 100% secure.

10Your Rights

You have the right to access, correct, delete, and export your data. California residents have additional rights under CCPA/CPRA.

Contact privacy@evrcad.com to exercise your rights. We will respond within 30 days.

11Cookies

Essential cookies for auth/sessions only. No third-party ad cookies. First-party analytics only.

12Children's Privacy

Not directed to individuals under 18. We do not knowingly collect data from minors.

13Changes to This Policy

We may update this policy with notice via the Service. Continued use constitutes acceptance of the updated policy.

14Contact

Privacy: privacy@evrcad.com

Support: support@evrcad.com

Legal: legal@evrcad.com

Website: https://evrcad.com