uAUTHBack to Sign In

Privacy Policy

Last updated: March 11, 2026

1. Introduction

uAUTH Inc., a Delaware corporation ("Company," "we," "us," or "our"), is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, disclose, store, and safeguard information when you access or use our AI-powered insurance verification platform, website, APIs, and associated services (collectively, the "Service").

By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree with the practices described herein, you must not access or use the Service. This Privacy Policy is incorporated into and forms part of our Terms of Service.

2. Information We Collect

2.1 Account & Registration Information

When you create an account, we collect your full name, email address, business/company name, phone number, billing address, and payment information (processed through our PCI-DSS compliant payment processor). This information is necessary to provide the Service, process transactions, and verify your identity.

2.2 Insurance Verification Data

When a policyholder ("Homeowner") completes the consent-based verification process, we retrieve insurance policy data directly from their insurance carrier. This may include: policy number (partially masked), coverage type (RCV, ACV, RPS), deductible amounts, coverage limits, policy status (active/inactive/cancelled), effective and expiration dates, named perils and exclusions, endorsements, and carrier information. This data is collected only with the explicit, informed consent of the Homeowner.

2.3 Homeowner Information

When a contractor initiates a verification request, we collect the Homeowner's name, email address, and/or phone number solely for the purpose of sending the secure verification link. We do not collect, access, store, or have access to the Homeowner's insurance carrier login credentials at any time.

2.4 Usage & Technical Data

We automatically collect information about how you interact with the Service, including: IP address, browser type and version, operating system, device identifiers, referring URLs, pages visited, features used, verification request timestamps, session duration, and clickstream data. This information is collected through server logs, cookies, and similar tracking technologies.

2.5 Communication Data

When you contact our support team, submit feedback, or communicate with us through any channel, we collect the content of those communications along with associated metadata (timestamps, email addresses, etc.).

3. Legal Bases for Processing

We process your personal information based on the following legal grounds:

  • Contractual Necessity: Processing necessary to perform our contract with you (providing the Service, processing payments, delivering verification results)
  • Consent: Where you have given explicit consent, such as Homeowner consent for insurance verification
  • Legitimate Interests: Processing necessary for our legitimate business interests, including improving the Service, preventing fraud, and ensuring security, provided these interests are not overridden by your rights
  • Legal Obligation: Processing necessary to comply with applicable laws, regulations, legal processes, or governmental requests

4. How We Use Your Information

  • To provide, operate, maintain, and improve the insurance verification Service
  • To process verification requests and deliver results to your dashboard
  • To process payments, send invoices, and manage billing
  • To create, maintain, and secure your account
  • To communicate with you about your account, service updates, and support requests
  • To send transactional notifications (verification results, payment confirmations, account alerts)
  • To detect, investigate, prevent, and respond to fraud, unauthorized access, security incidents, and other harmful activities
  • To comply with legal obligations, enforce our Terms of Service, and respond to lawful requests from public authorities
  • To analyze usage patterns, diagnose technical issues, and improve user experience
  • To develop new features, products, and services

5. Homeowner Data, Consent & Protection

uAUTH operates on a strict consent-based verification model. We take the privacy of Homeowner insurance data extremely seriously. The following safeguards are in place:

  • Insurance policy data is retrieved only after the Homeowner explicitly authorizes the verification by directly authenticating with their insurance carrier through our secure process
  • We never collect, access, store, transmit, or have visibility into the Homeowner's insurance carrier login credentials (username, password, security questions, or multi-factor authentication codes)
  • Homeowner insurance data is used solely for the purpose of delivering verification results to the requesting contractor and is never sold, rented, shared for marketing purposes, or used for any purpose beyond the specific verification request
  • Homeowners may contact us at any time at support@uauth.tech to inquire about their data or request its deletion
  • All Homeowner data is encrypted both in transit (TLS 1.2+) and at rest (AES-256)

We are committed to handling insurance data in compliance with applicable regulations, including the Gramm-Leach-Bliley Act (GLBA) provisions governing the protection of nonpublic personal financial information, and applicable state insurance privacy regulations.

6. Data Sharing & Disclosure

We do not sell, rent, or trade your personal information or Homeowner data to third parties. We may share information only in the following limited circumstances:

  • Service Providers & Processors: With trusted third-party vendors who assist us in operating the Service (e.g., cloud hosting providers, payment processors, email delivery services, analytics providers). These providers are contractually bound by data processing agreements that require them to protect your data, limit their use to the services they provide to us, and comply with applicable data protection laws
  • Legal Compliance: When required by law, subpoena, court order, legal process, or governmental request, or when we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others, investigate fraud, or respond to a government request
  • Business Transfers: In connection with a merger, acquisition, reorganization, bankruptcy, asset sale, or similar corporate transaction. In such event, your information may be transferred as a business asset. We will provide notice before your personal information is transferred and becomes subject to a different privacy policy
  • Protection of Rights: To enforce our Terms of Service, protect the security and integrity of the Service, and protect the rights, property, or safety of uAUTH, our users, or the public as required or permitted by law
  • With Your Consent: In any other circumstances where you have provided explicit prior consent

7. Data Security

We implement and maintain comprehensive administrative, technical, and physical security measures designed to protect your personal information from unauthorized access, use, alteration, disclosure, or destruction. These measures include but are not limited to:

  • Encryption of data in transit using TLS 1.2 or higher and at rest using AES-256 encryption
  • Secure authentication protocols, including support for multi-factor authentication
  • Role-based access controls limiting data access to authorized personnel on a need-to-know basis
  • Regular security assessments, vulnerability scans, and penetration testing
  • Continuous monitoring and logging of system access and security events
  • Employee security training and confidentiality agreements
  • Secure, SOC 2 compliant cloud infrastructure

Despite these measures, no method of electronic transmission or storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee its absolute security. In the event of a data breach, we will comply with all applicable notification laws and regulations.

8. Data Breach Notification

In the event of a security breach that results in the unauthorized access, acquisition, or disclosure of personal information, we will promptly investigate the incident and, where required by applicable law, notify affected individuals and relevant regulatory authorities within the timeframes specified by applicable data breach notification laws (including but not limited to individual state breach notification statutes). Notifications will include a description of the breach, the types of information involved, steps we are taking to address and mitigate the breach, and recommendations for affected individuals.

9. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, including to satisfy legal, accounting, or reporting requirements. Specific retention periods include:

  • Account Information: Retained for the duration of your active account and for up to thirty (30) days following account deletion to facilitate any pending transactions or disputes
  • Verification Results: Retained on your dashboard for your reference for the duration of your active account. Upon account deletion, verification data is permanently deleted within thirty (30) days
  • Payment Records: Retained for seven (7) years as required by applicable tax and financial reporting regulations
  • Usage & Technical Data: Retained in anonymized or aggregated form for analytics purposes. Identifiable usage data is retained for up to twenty-four (24) months
  • Communication Records: Retained for up to three (3) years for support quality and legal purposes

You may request deletion of your account and associated personal data at any time by contacting support@uauth.tech. Certain information may be retained as required by law, for legitimate business purposes (such as fraud prevention), or to enforce our agreements.

10. Your Privacy Rights

Depending on your jurisdiction, you may have the following rights with respect to your personal information:

  • Right to Know/Access: Request disclosure of the categories and specific pieces of personal information we have collected about you, the sources of collection, the purposes of collection, and the categories of third parties with whom we share your information
  • Right to Correction: Request correction of inaccurate or incomplete personal information
  • Right to Deletion: Request deletion of your personal information, subject to certain legal exceptions (e.g., data required for legal compliance, fraud prevention, or completing transactions)
  • Right to Portability: Request your personal data in a structured, commonly used, machine-readable format
  • Right to Opt-Out of Sale/Sharing: We do not sell or share your personal information for cross-context behavioral advertising. Therefore, there is no need to opt out
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights

To exercise any of these rights, please submit a verifiable request to support@uauth.tech. We will verify your identity before processing your request and respond within the timeframe required by applicable law (generally 45 days, with a possible 45-day extension for complex requests). You may also designate an authorized agent to make a request on your behalf.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have specific rights under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA). In addition to the rights listed above:

  • You have the right to know what personal information we collect, use, disclose, and sell (we do not sell personal information)
  • You have the right to limit the use and disclosure of sensitive personal information
  • You have the right to request deletion of your personal information
  • You have the right to non-discrimination for exercising your CCPA/CPRA rights

Categories of personal information collected in the preceding 12 months: Identifiers (name, email, phone), commercial information (transaction records, verification history), internet/electronic activity (usage data, device information), professional information (company name, business role), and financial information (payment data, processed by our payment provider).

We do not sell personal information. We do not use or disclose sensitive personal information for purposes other than those permitted under the CCPA/CPRA.

12. Cookies & Tracking Technologies

We use cookies and similar tracking technologies (pixels, web beacons, local storage) to operate and improve the Service. The types of cookies we use include:

  • Strictly Necessary Cookies: Essential for the Service to function (authentication, session management, security). These cannot be disabled
  • Functional Cookies: Remember your preferences and settings to enhance your experience
  • Analytics Cookies: Help us understand how users interact with the Service so we can improve it (e.g., Google Analytics)

You can manage cookie preferences through your browser settings. Please note that disabling certain cookies may impair the functionality of the Service. We honor Do Not Track (DNT) signals where technically feasible, though there is currently no industry-wide standard for DNT.

13. Third-Party Services & Links

The Service may contain links to or integrations with third-party websites, services, or applications (e.g., insurance carrier portals, payment processors, analytics tools). These third parties have their own privacy policies and data practices. We are not responsible for the privacy practices, content, or security of any third-party services. We strongly encourage you to review the privacy policies of any third-party service before providing personal information or authorizing access.

14. International Users

The Service is operated from and hosted in the United States. If you access the Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States, where data protection laws may differ from those in your jurisdiction. By using the Service, you consent to the transfer, storage, and processing of your information in the United States in accordance with this Privacy Policy.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of material changes by posting the updated policy on this page, updating the "Last updated" date, and, for material changes, sending an email notification to the address associated with your account at least thirty (30) days prior to the changes taking effect. Your continued use of the Service after the effective date of the revised Privacy Policy constitutes your acceptance of the changes. We encourage you to review this Privacy Policy periodically.

16. Contact Us

If you have any questions, concerns, complaints, or requests regarding this Privacy Policy or our data practices, please contact us at:

uAUTH Inc.

Email: support@uauth.tech

We will endeavor to respond to all legitimate inquiries within a reasonable timeframe. If you are unsatisfied with our response, you may have the right to lodge a complaint with your local data protection authority.