Privacy Policy

We collect information in three categories.

A. Information You Provide

When you contact us, request a demonstration, schedule a pilot, or communicate with Quixas, we may collect:

• Name
• Business email address
• Telephone number
• Company name
• Job title
• Communications and correspondence
• Any other information you voluntarily provide

B. Customer Data

During a pilot or commercial engagement, our enterprise customers may submit property First Notice of Loss (FNOL) information to the Service.

Depending on the customer's workflow, this may include:

• Policyholder names
• Property addresses
• Policy numbers
• Dates of loss
• Damage descriptions
• Property photographs
• ACORD forms
• Estimates and supporting documents
• Other claim-related information supplied by the customer

Quixas processes this information solely to provide the Service.

When processing Customer Data, Quixas generally acts as a Data Processor or Service Provider, while our customer remains the Data Controller responsible for determining the purpose and legal basis for processing.

C. Automatically Collected Information

When you visit our website, we may automatically collect certain technical information, including:

• IP address
• Browser type and version
• Operating system
• Device information
• Pages visited
• Referring website
• Date and time of access
• Diagnostic and security logs

This information helps us maintain, secure, and improve our website and Services.

We use information to:

• Provide and operate the Service
• Configure customer pilots
• Respond to inquiries
• Deliver demonstrations
• Improve product functionality
• Maintain platform security
• Detect abuse or unauthorized access
• Comply with legal obligations
• Communicate product updates and operational notices

We do not use Customer Data to advertise to policyholders or market third-party products.

Quixas uses automated technologies, including machine learning and large language models, to assist with document extraction and internal consistency analysis.

Customer Data submitted through the Service is not used to train artificial intelligence models.

AI-generated outputs are informational only and are intended to support qualified human reviewers.

Customers remain responsible for reviewing all outputs before making operational or claims-handling decisions.

We do not sell, rent, or trade personal information.

We may disclose information only in the following circumstances:

• To trusted service providers that help us operate the Service
• To comply with legal obligations
• To respond to lawful governmental requests
• To protect the rights, property, or security of Quixas, our customers, or others
• In connection with a merger, acquisition, financing, or sale of company assets

All third-party providers are contractually required to protect Customer Data and may process it only for authorized business purposes.

Quixas uses a limited number of trusted subprocessors to provide the Service, including providers for:

• Cloud infrastructure
• Secure data storage
• Workflow orchestration
• Artificial intelligence processing
• Email delivery
• Error monitoring and diagnostics

A current list of subprocessors is available upon reasonable request during customer security reviews.

Protecting Customer Data is one of our highest priorities.

Quixas implements commercially reasonable administrative, technical, and organizational safeguards designed to protect information from unauthorized access, disclosure, alteration, or destruction.

These safeguards include, where appropriate:

• Encryption in transit
• Encryption at rest
• Multi-Factor Authentication (MFA)
• Role-based access controls
• Tenant isolation
• Access logging
• Continuous infrastructure monitoring
• Least-privilege access practices

While no system can guarantee absolute security, we continuously evaluate and improve our security controls.

We retain information only as long as necessary to provide the Service, fulfill contractual obligations, comply with applicable law, or resolve disputes.

Business Contact Information

Business contact information is retained while we maintain an active commercial relationship or as otherwise required for legitimate business purposes.

Customer Data

Customer Data is retained only for the duration specified in the applicable customer agreement or as otherwise instructed by the customer.

Following the expiration, termination, or written deletion request under a customer agreement, Customer Data is permanently deleted across our systems within 7 business days, subject to routine backup retention schedules and applicable legal obligations.

Depending on your location, information may be processed in countries other than your own.

Where required by applicable law, Quixas implements appropriate safeguards for international transfers of personal information.

Depending on your jurisdiction, you may have rights to:

• Access your personal information
• Correct inaccurate information
• Request deletion
• Restrict processing
• Object to certain processing activities
• Receive a copy of your information, where applicable

Where Quixas acts solely as a Data Processor, requests relating to Customer Data should generally be directed to the relevant customer, although we will reasonably assist our customers in fulfilling their legal obligations.

Our website may use cookies and similar technologies to:

• Maintain website functionality
• Improve user experience
• Analyze website performance
• Protect platform security

You may configure your browser to reject cookies, although certain website functionality may be affected.

The Service is intended exclusively for business use.

It is not directed toward individuals under 18 years of age, and Quixas does not knowingly collect personal information from children.

We may update this Privacy Policy from time to time to reflect changes in our Services, infrastructure, or legal obligations.

The updated version will be posted on this page together with the revised "Last Updated" date.

Continued use of the Service after changes become effective constitutes acceptance of the revised Privacy Policy.

If you have questions regarding this Privacy Policy or wish to exercise your privacy rights, please contact us.