Privacy Policy

Effective Date: April 2, 2026 · Last Updated: April 2, 2026

1. Who We Are

Crystal Ball is a medical underwriting query platform operated by [Company Legal Name] ("we," "us," or "our"). This policy explains what personal data we collect, why we collect it, how long we keep it, and the rights available to you.

Questions? Contact us at privacy@crystalball.example

2. What We Collect and Why

Account Information

Data	Purpose	Legal Basis
Email address	Account creation, authentication, password reset	Contract performance
Full name (optional)	Profile display	Contract performance
Hashed password	Authentication	Contract performance
Role, specialty, carrier preferences	Personalized query experience	Contract performance
Account creation timestamp, last login	Security, audit trail	Legitimate interest

Usage and Query Data

Data	Purpose	Legal Basis
Query text (your questions to the system)	Answering queries, improving accuracy	Contract performance
Query logs (timing, token counts, cache status)	Performance monitoring, billing, abuse prevention	Legitimate interest
Query subscriptions	Proactive alerts on carrier changes	Contract performance
Saved queries and feedback ratings	Service improvement, personalization	Contract / Legitimate interest

Client Profile Data

Insurance agents may enter client health data (age, state, medical conditions, medications) into client profiles to run underwriting scenario analyses. This data:

Is stored encrypted at rest and in transit
Is never shared with carriers or third parties
Is accessible only to the agent who created it and authorized team members
May contain sensitive health information — agents are responsible for obtaining appropriate authorizations from their clients

IP Address and Technical Data

Data	Purpose	Legal Basis
IP address	Security monitoring, rate limiting, fraud prevention	Legitimate interest (security)
Geographic location (city, region, country) derived from IP	Abuse detection, geographic usage analytics	Legitimate interest
User agent (browser/OS identifier)	Security anomaly detection	Legitimate interest
Login attempt records	Account protection, lockout enforcement	Legitimate interest
Audit log (actions taken in the platform)	Security audit trail, incident investigation	Legitimate interest / Legal obligation

IP Tracking Notice: We automatically collect and geo-enrich IP addresses for all visitors as a security measure. On login, your IP address is linked to your account to detect unauthorized access. See Section 8 for our Legitimate Interest Assessment for this processing.

Shared Answers

When you use the share feature, the query question and answer are stored with a unique expiring link. Shared answers do not include your name or email by default.

3. Data Retention

Category	Retention Period
Account data	Duration of account + 30 days after deletion request
Query logs	12 months rolling
Login attempt records	90 days
Audit log	24 months
IP visit records	12 months
Client profiles	Until deleted by the agent or account deletion
Shared answers	Per-link expiry (set at creation, typically 7–30 days)

4. Data Sharing

We do not sell your personal data. We share data only in these limited circumstances:

Service providers: Infrastructure (hosting, database) and email delivery vendors under data processing agreements
Legal requirements: When required by law, court order, or to protect rights and safety
Business transfer: In connection with a merger, acquisition, or asset sale (with advance notice)

We do not share query data or client profile health data with insurance carriers.

5. Security

All data transmitted over TLS/HTTPS
Passwords hashed using bcrypt
Tokens are revocable and rotated on use
Rate limiting and IP-based lockout for brute-force protection
API keys hashed server-side; only prefixes displayed after creation
Role-based access controls (user, editor, admin)

6. Your Rights

EU / EEA Users (GDPR)

Under GDPR, you have the right to:

Access — request a copy of your personal data (Art. 15)
Rectification — correct inaccurate data (Art. 16)
Erasure ("right to be forgotten") — request deletion of your data (Art. 17)
Restriction — limit how we process your data (Art. 18)
Portability — receive your data in a machine-readable format (Art. 20)
Object — object to processing based on legitimate interest (Art. 21)

Email privacy@crystalball.example with subject "Data Rights Request." We respond within 30 days. You may also lodge a complaint with your national supervisory authority.

California Users (CCPA / CPRA)

You have the right to know what we collect, to delete your personal information, to correct inaccurate data, and to non-discrimination for exercising these rights. We do not sell personal information.

To submit a request: email privacy@crystalball.example or use the account deletion option in your profile settings. We respond within 45 days.

7. Cookies and Tracking

Crystal Ball does not use third-party tracking cookies, advertising trackers, or analytics services (e.g., Google Analytics). Authentication uses short-lived JWT tokens, not persistent cookies.

8. Legitimate Interest Assessment — IP Tracking

Processing: Collection and geo-enrichment of IP addresses; association with user accounts on login.

Purpose: Security — detecting brute-force attacks, unauthorized access, geographic anomalies, and abuse patterns on a platform handling sensitive medical underwriting data.

Necessity: IP addresses are the primary available signal for network-level security controls. Geo-enrichment (city/country level) assists in detecting impossible travel and geographic anomalies.

Balance: Users of a professional platform handling sensitive health and financial data have a reasonable expectation that security monitoring is in place. Data is not used for marketing. The security benefit (protecting user accounts and client health data) outweighs the limited privacy impact.

Safeguards: IP records retained maximum 12 months; access restricted to admins; not sold or shared with third parties.

9. Changes to This Policy

We will update this policy when our data practices change. Significant changes will be communicated via email or in-app notice at least 30 days before taking effect.

10. Contact

Data Controller: [Company Legal Name]
Privacy Contact: privacy@crystalball.example
Address: [Company Address]