Your data, plainly.

CarrierRecon is a data-analysis service for independent Canadian P&C brokerages. To do that, we collect and process information about your brokerage and the carrier commission statements you upload. This page explains what we collect, why, and what control you have over it. We wrote it to be readable — if anything is unclear, email hello@carrierrecon.ca.

We comply with the Personal Information Protection and Electronic Documents Act (PIPEDA) — Canada's federal privacy law — and applicable provincial privacy laws including Quebec's Law 25 where it applies.

1. Who we are

CarrierRecon is operated by CircuitVista Inc. ("CircuitVista", "we", "us", "our"), based in Ontario, Canada. We are not a licensed insurance brokerage, agent, or carrier. We do not quote, bind, or service insurance policies. We provide a data-analysis service to licensed brokerages.

For privacy-related questions, the person designated as accountable for personal information under PIPEDA is reachable at hello@carrierrecon.ca. A postal mailing address is available on written request to that email.

2. What we collect

2.1 Account information

When you sign up, we collect:

• Your work email address (used for sign-in and service emails)
• Your brokerage's name, BMS (broker management system), province, and subscription tier
• Optional preferences you choose in settings: notification preferences, default currency, carrier-specific broker codes

2.2 Your book of business

When you upload a book of business CSV, we collect the policy data it contains. This typically includes:

• Policy numbers
• Annual premium amounts
• Expected commission rates
• Line of business, effective dates, expiry dates
• Optionally, any other columns you include in the CSV (e.g. insured name, address) — we do not require these but will store them if present

Most policies in a book of business include the insured's identifying information. To the extent that information is personal information of your insureds, you are the data controller under PIPEDA and we are your service provider. Your own privacy obligations to your insureds remain your responsibility — we process this data only on your instructions and only to provide the CarrierRecon service.

2.3 Carrier commission statements

When you upload a carrier commission statement (PDF), we process the contents to extract structured policy and commission data. The statement may contain policy numbers, insured names, dollar amounts, and carrier-specific identifiers. We store the original PDF in encrypted Canadian storage and the extracted data in our database.

2.4 Free audit submissions

If you submit the form at /audit for a free commission audit, we collect your name, work email, brokerage name, province, and the carriers you want audited. If you upload files through the magic-link upload page, we collect those files. We use these to run the audit you requested and to follow up with you about it.

2.5 Operational metadata

For security, debugging, and abuse prevention we collect:

• A SHA-256 hash of your IP address (never the raw IP) and your browser user-agent string when you submit a form or sign in
• Timestamps of significant actions (sign-in, upload, reconciliation run)
• Error events and limited request context routed to Sentry (see Section 4 for details). PII is aggressively scrubbed before events reach Sentry.
• Server access logs at Vercel (request paths, response codes, latency) — retained for ~30 days

We do not use tracking pixels, third-party analytics, advertising cookies, or cross-site identifiers.

3. How we use your information

We use the information we collect to:

• Provide the CarrierRecon service: parse statements, reconcile against your book, surface discrepancies, generate recovery letters
• Communicate with you about your account, audits in progress, and service-relevant updates
• Improve our carrier statement parsers and reconciliation logic. We use aggregated, de-identified patterns from your data for this — we do not share your specific data with other customers or with our parser-training pipeline in identifiable form.
• Provide customer support when you reach out
• Detect and prevent abuse, fraud, and security incidents (rate limiting, anomaly detection)
• Comply with our legal obligations

We do not sell your information. We do not share it with third parties for their marketing purposes. We do not use it to train large language models that we own. We do not give carriers access to your book or your recovery history.

4. Who we share it with

To run CarrierRecon we rely on a small number of trusted sub-processors. Each has a role limited to one or two functions. We list them honestly here, including the jurisdiction where they process your data.

Three of these sub-processors (Anthropic, Resend, Vercel) involve cross-border transfer of personal information from Canada to the United States. By using CarrierRecon, you consent to these transfers. We've chosen Canadian-hosted Supabase as the primary data store specifically to keep your most sensitive data (book of business, customer accounts) in Canada under PIPEDA-aligned jurisdiction.

We update this list whenever sub-processors change. Subscribe to hello@carrierrecon.ca with the subject line "Privacy updates" if you want advance notice of changes.

5. Where your data is stored

Primary storage is in Supabase's Canada-Central-1 region (Montréal, Quebec). This includes:

• Your account information and authentication records (Supabase Auth)
• Your book of business and reconciliation results (Postgres database)
• Uploaded carrier commission statements and audit-request files (Supabase Storage, encrypted at rest)

Data leaves Canada only when:

• A PDF is sent to Anthropic for parsing (US). Anthropic retains the request for up to 30 days for abuse-monitoring purposes and then deletes it; they do not use the contents to train models.
• A transactional email is sent via Resend (US) — only the message body, recipient address, and metadata leave Canada
• An error or performance event is sent to Sentry (EU) — PII scrubbed before send
• Request logs flow through Vercel's edge network (US)

6. Your rights

Under PIPEDA and applicable provincial laws, you have the right to:

• Access the personal information we hold about you. You can self-serve this from your dashboard at /dashboard/settings — the "Data & privacy" section provides a downloadable export of your account data.
• Correct information that's inaccurate or incomplete. Most of your account data is editable in settings; for anything you can't edit there, email us.
• Withdraw consent and delete your account. The dashboard settings page has a one-click permanent deletion option. Deletion is irreversible — once we receive the request, we delete your data within 30 days from our active systems and within 90 days from backup archives.
• Object to specific uses of your data. Email us with the specific concern and we'll respond within 30 days.
• Lodge a complaint with the Office of the Privacy Commissioner of Canada (priv.gc.ca) or with your province's privacy regulator. If you believe we've mishandled your data, you can complain to us first — we'll respond within 30 days — but you have the right to escalate.

We do not charge for exercising these rights. We respond to access and correction requests within 30 days. If we need more time we'll tell you why.

7. Data retention

• Active accounts: we retain your data for as long as your account is active. There is no automatic expiry.
• After account deletion: we delete personal data from active systems within 30 days and from backup archives within 90 days. Anonymized aggregate metrics (e.g. "average discrepancy-per-statement") may be retained indefinitely as they no longer identify you.
• Free-audit submissions where no account is created: uploaded files are deleted within 90 days of the audit being delivered, unless you explicitly ask us to retain them for follow-up conversation.
• Operational metadata (logs, error events): retained for 30 days (Vercel access logs), 30 days (Sentry errors on the free tier), 90 days (rate-limit forensics) — then automatically purged.
• Email delivery records at Resend: 30-day retention per their default policy

8. Security

We protect your data with reasonable safeguards proportionate to its sensitivity:

• Encryption in transit: all connections use HTTPS with modern TLS. All sub-processor API calls use TLS.
• Encryption at rest: Supabase encrypts database contents and storage objects at rest using AES-256.
• Access controls: our database uses row-level security (RLS) so a customer can only ever see their own brokerage's data. Admin access to all customer data is restricted by an allowlist, not by default. The service-role key (which bypasses RLS) is used only server-side and never exposed to browsers.
• Authentication: passwordless magic-link sign-in via Supabase Auth. Auth cookies are HTTP-only and SameSite-protected.
• Rate limiting on public endpoints (audit form, upload, magic-link send) to deter abuse.
• Error monitoring with aggressive PII scrubbing before events are sent to Sentry.

No system is perfectly secure. If we discover a breach affecting your personal information, we will notify you and (where required by law) the Office of the Privacy Commissioner of Canada in accordance with applicable breach-notification rules — typically without unreasonable delay.

9. Cookies

We use cookies sparingly. Specifically:

• Authentication cookies issued by Supabase to keep you signed in. These are essential — without them sign-in doesn't work. They expire when you sign out or after a period of inactivity.
• A PKCE code-verifier cookie set during magic-link sign-in. Used once during the auth callback then discarded.

We do not use third-party analytics cookies, advertising cookies, or cross-site tracking identifiers. We do not run a cookie consent banner because we have no tracking cookies to ask consent for. Browser-issued cookies for our authentication are considered essential under PIPEDA and Quebec Law 25 and don't require separate opt-in.

10. Children

CarrierRecon is a commercial service intended for licensed insurance brokerages and their authorized personnel. It is not intended for individuals under 18 years of age. We do not knowingly collect information from anyone under 18. If you become aware that a minor has provided us with personal information, contact us and we will delete it.

11. Changes to this policy

We may update this policy as the service evolves. When we make material changes (e.g. adding a new sub-processor, changing what data we collect), we'll update the "Last updated" date at the top of this page and, for material changes, notify customers by email at least 30 days before the change takes effect. Continued use of CarrierRecon after the effective date constitutes acceptance of the updated policy.

12. Contact

For any privacy-related question or request, email hello@carrierrecon.ca. We respond to access, correction, and deletion requests within 30 days. If you require a postal mailing address (e.g. for formal service of legal notice), request one in writing to that email and we'll provide it.

If you're unsatisfied with our response, you may complain to the Office of the Privacy Commissioner of Canada at priv.gc.ca, or your provincial privacy regulator if applicable.