x
Thank you! Your submission has been received!
Oops! Something went wrong while submitting the form.
Calefy Inc. (“Calefy”, “we”, “us”, or “our”) is an Alberta-based software company that provides technology solutions for the insurance industry.
We respect your privacy and take the protection of personal information seriously. This Privacy Policy explains how we collect, use, disclose, retain, and protect personal information when you interact with Calefy, use our websites, use our software platform, submit information through insurance application or quote forms powered by Calefy, or otherwise communicate with us.
This Privacy Policy applies to personal information collected through:
This Privacy Policy does not replace the privacy policy of any broker, insurer, managing general agent, agency, affinity group, or other organization that uses Calefy’s software. Where you submit information through a broker-branded, insurer-branded, or other client-branded form powered by Calefy, that organization may have its own privacy policy that explains how it collects, uses, discloses, and retains your personal information.
We may update this Privacy Policy from time to time. When we do, we will update the Effective Date above. If changes are material, we will take reasonable steps to bring them to your attention, subject to any consent requirements under applicable privacy laws.
Calefy is based in Alberta, Canada. Depending on the context, the personal information we handle may be subject to one or more Canadian privacy laws.
These may include:
Different privacy laws may apply depending on where an individual is located, where a client organization operates, the type of personal information involved, and whether Calefy is handling information for its own purposes or on behalf of a client organization.
Where Calefy processes personal information on behalf of a broker, insurer, managing general agent, agency, affinity group, or other client organization, that client organization may also have its own legal obligations and privacy policy.
Calefy may handle personal information in different roles depending on the context.
Calefy collects and uses personal information for its own business purposes when we operate our website, manage sales and client relationships, provide support, communicate with business contacts, administer accounts, analyze service usage, monitor security, troubleshoot issues, improve our platform, and manage our business operations.
In these cases, Calefy is generally responsible for deciding why and how the personal information is collected, used, disclosed, retained, and protected.
For many insurance application, quote, intake, renewal, referral, and related workflows, Calefy acts primarily as a software and technology service provider to the broker, insurer, managing general agent, agency, affinity group, or other client organization that has configured or provided the form or workflow.
In those cases, Calefy generally processes personal information on behalf of that client organization. The client organization is generally responsible for determining why the information is collected, how it is used for insurance purposes, and whether an application is quoted, referred, underwritten, bound, renewed, declined, or otherwise processed.
If you are an insurance applicant or individual submitting information through a form powered by Calefy, the broker, insurer, managing general agent, agency, or other client organization identified in the form or related communications is usually the best first contact for questions about your insurance application or the use of your information for insurance purposes. You may also contact Calefy using the contact information at the end of this Privacy Policy.
Client-branded forms powered by Calefy may include a short privacy notice, footer link, or similar notice that identifies Calefy’s role and links to this Privacy Policy.
A form-level notice may also identify:
Form-level notices are intended to provide a short, plain-language summary. They do not replace this Privacy Policy or any applicable client privacy policy.
“Personal information” means information about an identifiable individual, or information that could reasonably be combined with other information to identify an individual. In some circumstances, business contact information, such as a person’s name, title, business address, business email address, or business telephone number, may be treated differently under applicable privacy laws when used solely to contact that person in their business capacity.
The types of personal information we collect depend on your relationship with Calefy and the services or forms you use.
When you visit our website, contact us, request information, communicate with our team, or interact with us as a client, prospective client, vendor, or business contact, we may collect information such as:
When you use Calefy’s platform, administrative tools, dashboards, or related services as a client user, staff user, broker, insurer, administrator, or other authorized user, we may collect information such as:
When you submit information through an insurance application, quote, intake, renewal, referral, or workflow form powered by Calefy, we may collect personal information that is relevant to the applicable insurance product, client workflow, or application process. This may include:
The exact information collected will depend on the form, the insurance product, the client organization, and the purpose of the application or workflow.
If you apply for a job, work with us, provide services to us, or otherwise interact with us in an employment, contractor, or similar capacity, we may collect information reasonably required to evaluate, manage, administer, or support that relationship. This may include contact information, resume or application information, employment history, qualifications, payment or tax-related information, and related communications.
Where appropriate, additional employment or contractor privacy notices, agreements, or policies may apply.
We may collect certain technical and usage information automatically when you visit our website or use our platform, including:
We use this information to operate, secure, monitor, troubleshoot, and improve our website, platform, and services.
We may collect personal information:
We collect, use, and disclose personal information with consent, where required, or as otherwise permitted or required by applicable law.
For many insurance application and quote workflows, consent is obtained through the form submission process, including submit-button consent and signature. By submitting a form powered by Calefy, you consent to the collection, use, and disclosure of your personal information for the purposes described in or reasonably necessary to complete the applicable insurance application, quote, intake, renewal, referral, communication, underwriting, rating, document generation, support, compliance, and related insurance workflow.
Some insurance workflows may involve sensitive personal information. Depending on the form and insurance context, this may include:
Where sensitive information is requested, it should only be provided where it is relevant to the applicable insurance purpose and where you consent to its collection, use, and disclosure for that purpose.
You may withdraw your consent at any time by contacting us or the applicable client organization, subject to legal, contractual, underwriting, regulatory, fraud-prevention, recordkeeping, and operational limitations. Withdrawing consent may affect the ability to provide services, process an application, maintain an account, or complete an insurance-related workflow.
We use personal information for the purposes for which it was collected and for purposes permitted by applicable law.
We may use personal information to:
Where Calefy processes personal information on behalf of a client organization, we may use the information as instructed or configured by that client organization, including to:
Calefy does not itself decide whether insurance is offered, quoted, underwritten, bound, renewed, declined, or otherwise approved. Those decisions are generally made by or on behalf of the applicable broker, insurer, managing general agent, agency, or other client organization.
We may use personal information to:
Calefy does not use identifiable applicant information for general product improvement, benchmarking, external reporting, analytics, or model training.
Calefy may use identifiable information where necessary to provide, secure, support, troubleshoot, audit, or improve the service for the applicable client, or where otherwise permitted or required by law.
Calefy may use aggregated or de-identified information for analytics, reporting, product improvement, benchmarking, business planning, platform performance, and similar purposes.
For example, Calefy may use aggregated metadata to understand how many applications were submitted in a particular region during a particular timeframe, which product lines or workflows are used most frequently, or how platform usage changes over time.
Where information has been aggregated or de-identified, Calefy does not use it to identify individuals.
Calefy may create, use, and disclose aggregated or de-identified information where the information no longer identifies an individual.
Calefy does not attempt to re-identify de-identified information, except where necessary to test or validate de-identification methods, investigate security issues, enforce legal rights, or comply with law.
Where Calefy shares de-identified information with a service provider or third party, Calefy will take reasonable steps, including contractual restrictions where appropriate, to restrict re-identification and unauthorized use.
Calefy does not make final insurance decisions.
Brokers, insurers, managing general agents, agencies, affinity groups, or other client organizations generally make decisions about quoting, underwriting, referral, binding, renewal, decline, eligibility, coverage, premiums, and related insurance outcomes.
Calefy’s platform may support client-configured form logic, validation, routing, rating calculations, eligibility checks, referrals, no-quote outcomes, premium indications, product matching, document generation, or workflow automation. These functions are configured for the applicable client workflow and may use information submitted through the form or returned by approved integrations.
Where automated processing produces a routing result, rating result, referral, no-quote outcome, or other workflow outcome, the result is part of the client-configured insurance workflow. Final insurance decisions are generally made by or on behalf of the applicable broker, insurer, managing general agent, agency, or other client organization.
If Calefy introduces automated decision-making that has a material legal or similarly significant effect on individuals, we will update this Privacy Policy or provide additional notice as required by applicable law.
We use cookies, analytics tools, logs, and similar technologies to operate, secure, analyze, and improve our website and platform.
These may include:
You can control cookies through your browser settings. If you disable essential cookies, some parts of our website or platform may not function properly.
We do not currently use advertising pixels such as Meta or LinkedIn pixels unless otherwise disclosed.
Calefy may use third-party data sources and integrations where configured for a client workflow or required to provide the platform.
These may include the following.
Where configured, rating APIs may receive application or risk information necessary to calculate premiums, rating outputs, eligibility indicators, referrals, or related workflow results.
The information shared with a rating API depends on the applicable insurance product and client workflow.
Where configured, OPTA may receive risk data required to provide the applicable service. Calefy does not provide applicant name, contact information, date of birth, financial information, criminal history, or other direct personal identifiers to OPTA as part of the current workflow.
Where configured, Google address verification may receive address information entered into a form so that addresses can be validated, standardized, or completed.
Address information may be personal information where it identifies or can reasonably be associated with an individual.
Where configured, Calefy may send application, contact, business, risk, and workflow information to client systems such as Salesforce, Monday, or other client-designated systems.
The applicable client organization determines how those systems are configured and how the information is used within its insurance operations.
Calefy uses Postmark to send transactional emails, such as application confirmations, notifications, workflow messages, support messages, account messages, and other service-related communications.
Transactional emails may include recipient email addresses, message metadata, and message content necessary to send the communication.
We do not sell personal information.
We may disclose personal information in the circumstances described below.
Where you submit information through a form or workflow powered by Calefy, we may disclose that information to the broker, insurer, managing general agent, agency, affinity group, or other client organization on whose behalf the form or workflow is operated.
That client organization may use the information for insurance application, quote, underwriting, renewal, referral, communication, compliance, and related purposes, subject to its own privacy policy, notices, contracts, and legal obligations.
Where required for the applicable workflow, application information may be shared with relevant insurance market participants, such as brokers, insurers, managing general agents, agencies, wholesalers, underwriting partners, or other organizations involved in quoting, underwriting, referral, binding, renewal, or servicing.
We may disclose or transmit personal information to systems and integrations configured by or for our clients, including:
We may use service providers to help us operate our business, website, platform, and services. These may include:
Service providers may only use personal information to provide contracted services to Calefy or our clients. They must protect personal information using safeguards appropriate to the sensitivity of the information and are not authorized to use personal information for their own unrelated purposes.
We may disclose or transfer personal information in connection with a proposed or completed business transaction, including a merger, acquisition, financing, reorganization, sale of assets, due diligence process, insolvency, bankruptcy, or other transaction involving all or part of our business.
Where personal information is disclosed for a business transaction, we will take reasonable steps to protect it through confidentiality, security, and use restrictions appropriate in the circumstances.
We may disclose personal information where we believe it is permitted or required by law, including to:
Calefy does not sell personal information.
For clarity, disclosing personal information to client organizations, insurance market participants, service providers, rating providers, address verification providers, client CRMs, or other configured integrations for the purposes described in this Privacy Policy is not a sale of personal information.
Calefy stores its core application data primarily in Canada.
However, some service providers may process, store, access, or support limited personal information, business contact information, email information, analytics information, diagnostic information, support information, or security information outside Canada, depending on the provider, service, and configuration.
Where personal information is processed, stored, or accessed outside Canada, it may be subject to the laws of that jurisdiction, including lawful access by courts, regulators, law enforcement, or government authorities.
The following table summarizes key provider categories and processing locations.
Provider or CategoryPurposeTypes of InformationProcessing or Access LocationAWSHosting, infrastructure, storage, backups, platform operationsCore application data, platform data, logs, backupsPrimarily CanadaGoogle WorkspaceBusiness communications, productivity, administrationBusiness contact information, support communications, internal business recordsCanada, United States, or other jurisdictions depending on service and configurationGoogle AnalyticsWebsite and usage analyticsUsage data, device data, browser data, IP address, cookie identifiersUnited States or other jurisdictionsGoogle Address VerificationAddress validation and standardizationAddress information entered into formsUnited States or other jurisdictionsBugsnagError monitoring and diagnosticsError reports, diagnostic data, limited user/session or technical dataUnited States or other jurisdictionsFreshsalesSales, customer relationship management, business communicationsBusiness contact information, sales communications, account informationUnited States or other jurisdictionsPostmarkTransactional email deliveryEmail address, message metadata, transactional email contentUnited States or other jurisdictionsRating APIsRating, premium indication, eligibility, referral, or workflow supportApplication and risk information required for the configured workflowCanada, United States, or other jurisdictions depending on providerOPTA / risk-data providersRisk-data support for configured insurance workflowsRisk data required for the configured workflow, without applicant name, contact information, date of birth, financial information, or criminal history from Calefy’s current workflowCanada, United States, or other jurisdictions depending on providerClient systems and CRMsClient-directed workflow, recordkeeping, sales, underwriting, or servicingApplication, contact, business, risk, and workflow information configured by the clientDepends on the client system and configuration
We use reasonable technical, organizational, and administrative safeguards designed to protect personal information against loss, theft, unauthorized access, disclosure, copying, use, modification, and destruction.
These safeguards may include, as appropriate:
No system can be guaranteed to be completely secure. We encourage users to protect their own account credentials and to notify us promptly if they believe their account or information may have been compromised.
We retain personal information only for as long as reasonably necessary for the purposes described in this Privacy Policy, as instructed by our clients, or as required or permitted by law.
Retention periods vary depending on the nature of the information and the context in which it was collected.
For example:
Personal information may remain in backups for a limited period after deletion from active systems until those backups are overwritten or deleted through normal backup cycles.
Subject to applicable legal limits, you may request access to or correction of personal information about you.
If you submitted information through an insurance application, quote, intake, renewal, or related workflow powered by Calefy, the broker, insurer, managing general agent, agency, affinity group, or other client organization identified in the form or related communications is generally the best first contact. That organization usually determines the purpose of the collection and use of your information for insurance purposes.
If you contact Calefy about personal information that we process on behalf of a client organization, we may redirect your request to that organization or work with that organization to respond, as appropriate.
We aim to respond to privacy requests within 30 days, or within any other period required or permitted by applicable law. In some cases, we may extend the response period where permitted by law.
To make a privacy request, contact:
Privacy Officer
Calefy Inc.
privacy@calefy.ca
We may need to verify your identity before responding to a request. We may decline, limit, or charge a reasonable fee for certain requests where permitted by law.
If you have a concern about how Calefy handles personal information, please contact us first so that we can review and respond to your concern.
If your concern relates to an insurance application, quote, renewal, or workflow operated on behalf of a broker, insurer, managing general agent, agency, affinity group, or other client organization, that organization may be the appropriate first point of contact.
If your concern is not resolved, you may have the right to contact the applicable privacy regulator. Depending on the circumstances, this may include the Office of the Information and Privacy Commissioner of Alberta, the Office of the Privacy Commissioner of Canada, or another applicable provincial privacy regulator.
We may send business, service, administrative, transactional, security, support, and marketing communications to clients, prospective clients, users, and business contacts where permitted by law.
Where Canada’s anti-spam legislation applies to a commercial electronic message, Calefy will take steps designed to comply with applicable requirements, including requirements relating to consent, sender identification, contact information, and unsubscribe mechanisms.
You may unsubscribe from marketing communications by using the unsubscribe mechanism provided in the message or by contacting us. We will process unsubscribe requests within the period required by law.
Even if you unsubscribe from marketing communications, we may still send transactional, service, support, security, account, or legally required communications.
Calefy’s website and platform are not directed to children.
Insurance applications or related forms may, in some circumstances, request information about minors where relevant to the applicable insurance purpose. Such information should only be submitted where required for the applicable insurance purpose and where the person submitting the information has authority to provide it.
We maintain processes to assess and respond to privacy breaches.
If a privacy breach occurs, Calefy will take steps to contain, investigate, assess, and remediate the incident as appropriate in the circumstances. We will assess whether the breach creates a real risk of significant harm or otherwise triggers notification, reporting, or recordkeeping obligations under applicable law.
We will notify affected clients, individuals, regulators, and other parties where required by applicable law.
Where Calefy processes personal information on behalf of a client organization, we may notify and coordinate with that client organization so that applicable legal and contractual obligations can be assessed and met.
Our websites, forms, communications, or platform may contain links to third-party websites, client websites, client privacy policies, insurer websites, broker websites, or external services.
We are not responsible for the privacy practices, content, or policies of third parties. We encourage you to review the privacy policies of any third-party websites or organizations that collect, use, or disclose your personal information.
Where a white-labelled or client-branded form is powered by Calefy, the applicable broker, insurer, managing general agent, agency, or other client organization may have its own privacy policy governing how it uses applicant information.
We may update this Privacy Policy from time to time to reflect changes to our practices, technology, services, legal obligations, or business operations.
When we update this Privacy Policy, we will revise the Effective Date above. Your continued use of our website, platform, or services after an updated Privacy Policy is posted means the updated Privacy Policy applies, subject to any consent requirements under applicable law.
If you have questions, concerns, requests, or complaints about this Privacy Policy or Calefy’s handling of personal information, please contact:
Privacy Officer
Calefy Inc.
privacy@calefy.ca