S
Sapiura
Agencies
Talk to us
Agencies Talk to us

Legal

SAPIURA SYSTEMS LLC

PRIVACY POLICY

How Sapiura Handles Personal Information

Effective / Last Updated: 7.13.26

This Privacy Policy (this “Policy”) explains how Sapiura Systems LLC, a Wyoming limited liability company (“Sapiura,” “we,” “us,” or “our”), collects, uses, discloses, and protects personal information in connection with our website at sapiura.com and related online services (the “Site”) and our business of designing, building, hosting, deploying, and maintaining AI-enabled automations and workflows for U.S. businesses (our “Services”). Sapiura provides the Services on a business-to-business basis to U.S.-based clients, with a focus on small independent insurance agencies and other small businesses.

Please read Section 1 first. Sapiura acts in two distinct roles. This Policy primarily describes personal information for which we are responsible as a business/controller (for example, information collected through our Site and in operating our company). Personal information that we process and host on behalf of a client within a Growth System is handled under our written agreement with that client (including any Data Processing Addendum) and the client’s own privacy notices, as described in Sections 1 and 9.

TABLE OF CONTENTS

1. OUR TWO ROLES: BUSINESS VS. SERVICE PROVIDER

2. PERSONAL INFORMATION WE COLLECT AS A BUSINESS

3. SOURCES OF PERSONAL INFORMATION

4. HOW WE USE PERSONAL INFORMATION

5. HOW WE DISCLOSE PERSONAL INFORMATION

6. SERVICE PROVIDERS AND SUBPROCESSORS

7. AI PROVIDERS AND AUTOMATED PROCESSING

8. COOKIES, reCAPTCHA, AND SIMILAR TECHNOLOGIES

9. PERSONAL INFORMATION WE PROCESS AND HOST FOR CLIENTS

10. DATA SECURITY

11. SECURITY INCIDENTS AND BREACH NOTIFICATION

12. DATA RETENTION

13. YOUR PRIVACY RIGHTS (TO THE EXTENT APPLICABLE)

14. SENSITIVE INFORMATION

15. GRAMM-LEACH-BLILEY ACT AND REGULATED CLIENTS

16. MARKETING COMMUNICATIONS AND YOUR CHOICES

17. CHILDREN’S PRIVACY

18. THIRD-PARTY LINKS AND SERVICES

19. U.S.-BASED, BUSINESS-TO-BUSINESS SERVICE

20. GOVERNING LAW AND DISPUTES

21. CHANGES TO THIS POLICY

22. CONTACT US

1. OUR TWO ROLES: BUSINESS VS. SERVICE PROVIDER

1.1 When We Are the Business/Controller. When we collect personal information directly — such as through our Site, marketing, sales, onboarding, billing, and support — we determine how that information is used and act as the “business” or “controller.” Sections 2 through 8 and 10 through 22 describe those practices.

1.2 When We Are a Service Provider/Processor. When we build, host, and operate a Growth System for a client, we access, process, and host personal information that originates in the client’s own tools and systems. For that information, the client is the controller and determines the purposes and means of processing; we act only as a service provider or processor on the client’s documented instructions and solely to provide the Services. That processing is governed by our written agreement with the client (including any Data Processing Addendum) and the client’s own privacy policies, not by this Policy. Section 9 describes how we handle that information.

1.3 Directing Requests. If you are a customer, applicant, insured, or other individual whose personal information is held within a client’s systems and processed through a Growth System, please direct any privacy request to that client (the controller). We will assist our clients in responding to such requests as required by our agreements and applicable law.

2. PERSONAL INFORMATION WE COLLECT AS A BUSINESS

As a business/controller, we may collect the following categories of personal information over the preceding twelve (12) months:

Category

Examples

Identifiers

Name, business name, email address, telephone number (optional), mailing address, and online identifiers such as IP address.

Professional / commercial

Company, role, industry, services of interest, and communications with us.

Billing information

Billing contact details and payment status. Full payment card and bank account details are collected and processed by our payment processor (Stripe) and are not stored by Sapiura.

Internet / device activity

IP address, browser and device type, and interactions with the Site, including data generated by security tools such as Google reCAPTCHA.

Inferences

Limited inferences drawn to understand interest in our Services.

Other information you provide

Information you choose to submit through forms, email, scheduling, or support.

We do not intentionally collect sensitive personal information through our Site for our own purposes, and we ask that you not submit sensitive information or the confidential information of third parties through general Site forms. Telephone number is optional; see Section 16.

3. SOURCES OF PERSONAL INFORMATION

We collect personal information: (a) directly from you when you contact us, complete a form, schedule a call, or become a client; (b) automatically when you interact with the Site, including through cookies and security tools as described in Section 8; and (c) from third parties such as our service providers and publicly available sources.

4. HOW WE USE PERSONAL INFORMATION

As a business/controller, we use personal information to:

• provide, operate, maintain, secure, and improve our Site and Services;

• respond to inquiries and provide onboarding, training, and support, and manage our client relationships;

• process payments and administer billing and subscriptions;

• send administrative, transactional, and, where permitted, marketing communications (see Section 16);

• prevent fraud, abuse, and unauthorized access, and maintain the security and integrity of our systems; and

• comply with legal obligations and establish, exercise, or defend legal claims.

5. HOW WE DISCLOSE PERSONAL INFORMATION

5.1 Service Providers and Subprocessors. We disclose personal information to the service providers and subprocessors listed in Section 6, which are permitted to use it only to provide services to us and are bound by confidentiality and data-protection obligations.

5.2 Legal and Protection. We may disclose personal information to comply with applicable law or legal process, to respond to lawful requests from public authorities, to enforce our agreements, or to protect the rights, property, or safety of Sapiura, our clients, or others.

5.3 Business Transfers. We may disclose personal information in connection with a merger, acquisition, financing, reorganization, or sale of assets, subject to customary confidentiality protections.

5.4 No Sale or Sharing for Behavioral Advertising. We do not sell personal information for money, and we do not “sell” or “share” personal information for cross-context behavioral or targeted advertising as those terms are defined under applicable state privacy laws. We do not use third-party advertising or retargeting pixels on the Site.

5.5 No Liability for Third-Party Conduct. Each service provider and subprocessor is governed by its own terms and privacy practices. Sapiura is not responsible for the independent acts or omissions of any third party.

6. SERVICE PROVIDERS AND SUBPROCESSORS

We engage the following categories of service providers and subprocessors. This list may change; see Section 6.2.

Provider

Purpose

Location

Amazon Web Services (AWS)

Cloud hosting and infrastructure on which the Site and the Services (including our self-hosted automation platform) run.

United States (US-East)

Stripe

Payment processing and subscription billing.

United States

OpenAI

AI processing via commercial/enterprise API.

United States

Anthropic

AI processing via commercial/enterprise API.

United States

Google

AI processing (Gemini) via commercial API, and Google reCAPTCHA for bot and spam prevention on Site forms.

United States

Resend

Email delivery and marketing

United States

6.1 Data Processing Addendum. For personal information we process on behalf of a client (Section 9), our subprocessors are engaged under a written data processing addendum (“DPA”) available to clients on request, which flows down data-protection obligations.

6.2 Changes to Subprocessors. We may add or replace service providers and subprocessors. For personal information processed on behalf of a client, we will notify the client of material changes as provided in the applicable DPA and, where required, allow a reasonable opportunity to object.

7. AI PROVIDERS AND AUTOMATED PROCESSING

7.1 No Training on Your Data. We do not use personal information to train our own AI models. We use the commercial or enterprise API offerings of our AI subprocessors (OpenAI, Anthropic, and Google), which, under their applicable terms, do not use data submitted through those API offerings to train their foundation models. We do not use consumer AI applications to process personal information.

7.2 No Significant Automated Decisions About Site Users. We do not use personal information collected through our Site to make decisions that produce legal or similarly significant effects about you without human involvement.

8. COOKIES, reCAPTCHA, AND SIMILAR TECHNOLOGIES

8.1 What We Use. We use only essential and functional cookies and similar technologies necessary to operate and secure the Site. We use Google reCAPTCHA on our forms to prevent spam and abuse; reCAPTCHA collects hardware and software information and interaction data and is subject to Google’s privacy policy and terms. We do not use advertising, analytics-for-advertising, or retargeting pixels.

8.2 Your Choices. You can control cookies through your browser settings. Some Site features may not function without certain cookies.

8.3 Opt-Out Preference Signals. To the extent required by applicable law, we will treat a recognized opt-out preference signal, such as the Global Privacy Control (GPC), as a valid request to opt out of any “sale” or “sharing” for the browser from which it is sent.

9. PERSONAL INFORMATION WE PROCESS AND HOST FOR CLIENTS

9.1 How the Services Handle Data. When we operate a Growth System, personal information originating in the client’s tools is accessed by, transits, and is processed within Sapiura’s cloud infrastructure (hosted on Amazon Web Services in the United States), including our self-hosted automation platform, in order to produce the results the client requests. We act solely as the client’s service provider/processor, on the client’s instructions, and we do not use that information for our own purposes and do not sell it.

9.2 Operational Logs. In the course of running, monitoring, and troubleshooting the Services, limited execution logs and operational records that may contain personal information are generated and retained within our infrastructure for a limited period, after which they are deleted or rotated. Log retention and any data-minimization or redaction measures are as set out in the applicable client agreement or DPA.

9.3 Client Responsibility. The client remains the controller of, and responsible for, this personal information, including providing any legally required privacy notices to its own customers and obtaining any necessary consents. This Policy does not describe or govern the client’s own privacy practices.

10. DATA SECURITY

10.1 Safeguards. We maintain administrative, technical, and organizational safeguards designed to protect personal information appropriate to its sensitivity, including encryption of personal information in transit and at rest, access controls and least-privilege access, authentication requirements, network security within our cloud environment, logging and monitoring, and diligence over our subprocessors.

10.2 Service-Provider Obligations. Where we process personal information on behalf of a client that is subject to the Gramm-Leach-Bliley Act or applicable state insurance data-security laws, we maintain safeguards consistent with our obligations as a service provider under those frameworks and our agreement with the client.

10.3 No Guarantee. No method of transmission or storage is completely secure. While we work to protect personal information, we cannot guarantee absolute security.

11. SECURITY INCIDENTS AND BREACH NOTIFICATION

We maintain an incident-response process. In the event of a confirmed security breach affecting personal information within our control, we will take reasonable steps to investigate and mitigate the incident and will notify affected clients (as controllers) without undue delay so that they can meet their own legal and regulatory obligations, consistent with applicable state breach-notification laws and, for clients subject to them, applicable insurance data-security laws. We will provide reasonable cooperation to affected clients in responding to an incident.

12. DATA RETENTION

We retain personal information for which we are the business/controller for as long as reasonably necessary for the purposes described in this Policy, to maintain our client relationships, and to comply with legal, tax, accounting, and recordkeeping obligations, after which we delete or de-identify it. Personal information we process on behalf of a client, including operational logs, is retained and deleted in accordance with the applicable client agreement or DPA, and upon termination is handled as provided in that agreement, including the offboarding terms of the client’s subscription agreement.

13. YOUR PRIVACY RIGHTS (TO THE EXTENT APPLICABLE)

13.1 Available Rights. Depending on your state of residence and to the extent applicable state privacy laws apply to Sapiura and to the personal information at issue, you may have some or all of the following rights with respect to personal information for which Sapiura is the business/controller:

• to confirm whether we process your personal information and to access it;

• to request correction of inaccurate personal information;

• to request deletion of personal information;

• to obtain a portable copy of certain personal information;

• to opt out of any “sale” or “sharing” of personal information and of targeted advertising;

• to opt out of certain profiling in furtherance of significant decisions; and

• to limit the use of sensitive personal information, where applicable.

13.2 How to Exercise. You may submit a request by emailing info@sapiura.com with the subject line “Privacy Request,” or by writing to the address in Section 22. We will take reasonable steps to verify your identity before responding and will respond within the time required by applicable law (generally within forty-five (45) days, with an extension where permitted). There is no fee for a first request within a given period.

13.3 Non-Discrimination. We will not discriminate against you for exercising your privacy rights.

13.4 Appeals. If we decline to act on your request and applicable law provides an appeal right, you may appeal by replying to our response or contacting us at info@sapiura.com. We will respond to your appeal as required by law.

13.5 Authorized Agents. You may use an authorized agent to submit a request where permitted by law, subject to verification of the agent’s authority and, where required, your identity.

13.6 California “Shine the Light.” California residents may request information about our disclosure of personal information to third parties for their direct-marketing purposes. We do not share personal information with third parties for their own direct marketing.

13.7 Applicability and Exemptions. Many state privacy laws apply only to businesses meeting certain thresholds and contain exemptions, including for information subject to the Gramm-Leach-Bliley Act and for certain insurance-related activities and data. Certain of these laws, or specific rights, may not currently apply to Sapiura or to particular information. We honor these rights to the extent applicable law requires.

14. SENSITIVE INFORMATION

We do not intentionally collect sensitive personal information through our Site for our own purposes. Where we process sensitive or nonpublic personal information on behalf of a client, we do so only as a service provider under our agreement with that client and applicable law, and we commit not to re-identify any information that has been de-identified.

15. GRAMM-LEACH-BLILEY ACT AND REGULATED CLIENTS

Certain of our clients are “financial institutions,” including insurance agencies, that are subject to the Gramm-Leach-Bliley Act (GLBA) and applicable state insurance data-security and privacy laws. To the extent we process nonpublic personal information on behalf of such a client, we act as a service provider consistent with the client’s obligations under those frameworks and our agreement with the client, and such information is generally exempt from state consumer privacy laws. Each such client remains responsible for its own compliance obligations, including providing any required privacy notices to its customers. For clients that are not regulated financial institutions, we act as a general service provider/processor as described in this Policy.

16. MARKETING COMMUNICATIONS AND YOUR CHOICES

16.1 Email. With your consent where required, we may send you business and marketing emails consistent with the CAN-SPAM Act. Each marketing email identifies Sapiura, includes our postal address, and offers a means to unsubscribe, which we honor promptly. Transactional and service messages may continue.

16.2 Telephone. Providing a telephone number is optional. We use it to contact you about your inquiry or the Services. We do not make marketing telephone calls or send marketing text messages using an autodialer or prerecorded or automated messages without your prior express written consent, consistent with the Telephone Consumer Protection Act (TCPA) and applicable law. You may withdraw consent at any time.

17. CHILDREN’S PRIVACY

The Site and Services are directed to businesses and are not intended for children. We do not knowingly collect personal information from children under 18 through our Site. If you believe a child has provided us personal information, please contact us and we will take appropriate steps to delete it.

18. THIRD-PARTY LINKS AND SERVICES

The Site may link to third-party websites and services that we do not control. This Policy does not apply to those third parties, and we encourage you to review their privacy policies.

19. U.S.-BASED, BUSINESS-TO-BUSINESS SERVICE

Sapiura is based in the United States, processes personal information in the United States, and offers the Site and Services to U.S.-based businesses on a business-to-business basis. The Site and Services are not directed to individuals in the European Union, the United Kingdom, or other jurisdictions outside the United States. If you access the Site from outside the United States, you understand your information will be processed in the United States.

20. GOVERNING LAW AND DISPUTES

This Policy is governed by the laws of the State of Wyoming and applicable U.S. federal law, without regard to conflict-of-laws principles. Any dispute relating to this Policy is subject to the dispute-resolution, binding-arbitration, class-action-waiver, and jury-trial-waiver provisions of our Terms of Service and, for clients, the Master Subscription Agreement, which are incorporated by reference.

21. CHANGES TO THIS POLICY

We may update this Policy from time to time by posting the revised version and updating the “Effective / Last Updated” date above. Material changes will be effective when posted or as otherwise required by law. Your continued use of the Site after changes take effect constitutes acceptance of the revised Policy.

22. CONTACT US

If you have questions about this Policy or our privacy practices, or wish to exercise your rights, contact us at:

Sapiura Systems LLC

7345 W SAND LAKE RD STE 210 OFFICE 3330
Orlando, FL 32819

info@sapiura.com · sapiura.com

Agencies Talk to us
SAPIURA
© 2026 Sapiura Systems. All rights reserved You run it. We build it. Privacy Policy Terms