Privacy Policy
How we protect and handle your data
Effective Date: April 26, 2026 · Prior Version: April 21, 2026
By using the Service, you acknowledge that you have read and understood this Privacy Policy. If you do not agree, please discontinue use of the Service.
1. Information We Collect
1.1 Personal Information
Information you provide directly or that is provided by your employer or insurance agency:
- Identity Information: Name, email address, phone number, job title
- Business Information: Company name, agency details, professional role
- Account Information: Login credentials, account preferences, communication history
1.2 Sensitive Personal Information
Certain Service features process sensitive personal information, including:
- Insurance Data: Policy details, claims information, coverage records, underwriting data, financial data relevant to insurance transactions
- Government Identifiers: Social Security numbers (SSN), dates of birth (collected through document uploads or direct input during insurance workflows)
- Health Information: Health-related information relevant to insurance applications (collected through document uploads or direct input during insurance workflows)
We process sensitive personal information solely for the purposes of providing the Service described in this Policy and do not use it for purposes beyond what is reasonably necessary and proportionate.
1.3 Non-Personal and Technical Information
Information collected automatically when you use the Service:
- Usage Data: Pages visited, features used, actions taken, timestamps
- Device Information: Browser type, operating system, screen resolution, IP address
- Aggregated Analytics: De-identified, aggregated data about Service usage patterns
1.4 AI-Processed Information
The Service uses artificial intelligence to process information you provide. This includes:
- Document Processing: AI analyzes uploaded documents to generate completed PDF forms and insurance documents, validate data accuracy, extract structured data from unstructured inputs, and populate insurance applications
- Task Execution: AI agents handle email communication, document generation, and workflow automation on behalf of insurance brokerage users
- Browser Automation: AI-driven browser automation interacts with carrier portals and agency management systems (AMS) to retrieve and submit data on behalf of customers using Customer-provided credentials
2. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Categories of Data Used |
|---|---|
| Provide and operate the Service | All categories |
| Facilitate insurance brokerage transactions | Personal, Sensitive, AI-Processed |
| Process and generate insurance documents via AI | Personal, Sensitive, AI-Processed |
| Validate and structure data for insurance workflows | Personal, Sensitive, AI-Processed |
| Personalize your experience | Personal, Technical |
| Communicate updates, support, and service notices | Personal |
| Respond to your requests and inquiries | Personal |
| Ensure legal and regulatory compliance | All categories |
| Detect and prevent fraud or security incidents | All categories |
| Improve and develop the Service | Technical, Usage Data (aggregated) |
We do not use your personal information to train artificial intelligence or machine learning models. We do not sell your personal information.
3. Artificial Intelligence Disclosures
3.1 How We Use AI
Circle uses AI to power task execution, document analysis, email handling, browser automation, audio transcription, PDF form filling, and workflow orchestration. AI features process Customer Data including document contents, user instructions, email content, and contextual information necessary to complete processing tasks. This data may include personal and sensitive personal information such as policyholder names, policy numbers, coverage details, and financial data.
3.2 Zero Data Retention
All AI model inference is routed through infrastructure that enforces zero data retention (ZDR). Your data is not stored, reviewed, or used for model training by any AI provider. Inputs and outputs are not retained after processing is complete. This is enforced through our enterprise agreements and, where applicable, through explicit cache-prevention flags and post-processing data deletion calls.
3.3 AI Infrastructure Providers
All AI inference, document parsing, and document processing are performed by U.S.-based providers under zero-data-retention terms. A complete list of providers and the data they process is available in our Data Processing Agreement (see Section 4.1).
3.4 No AI Model Training
None of Circle's AI or document processing providers use any Customer Data processed through Circle to train, fine-tune, or improve their models. This is contractually enforced through our enterprise agreements with each provider.
3.5 Insurance-Specific Data Handling
Circle processes regulated insurance information on behalf of insurance brokerages (“Customer”). The following clarifications apply:
- No insurance advice or coverage decisions. Circle is a technology platform that automates workflows for insurance brokerages. Circle does not provide insurance advice, make coverage recommendations, or render underwriting or claims decisions.
- Third-party system access. Circle accesses Customer's third-party systems — including agency management systems (AMS) and carrier portals — using credentials provided by and belonging to the Customer. Circle acts as a processor on the Customer's behalf when interacting with these systems.
- Email and productivity integrations. With Customer authorization, Circle connects to the Customer's email (Microsoft 365/Outlook, Google Workspace/Gmail) and file storage (OneDrive, SharePoint, Google Drive) using OAuth credentials provided by the Customer. Circle reads, processes, and sends email on the Customer's behalf as part of automated workflows. These integrations are customer-controlled and can be disconnected at any time.
- Customer responsibility. The Customer is responsible for ensuring it has the authority to grant Circle access to its third-party systems and that the use of Circle complies with the Customer's own regulatory obligations.
4. Sharing of Information
We share your information only in the following circumstances:
4.1 Service Providers (Subprocessors)
We use third-party service providers (“subprocessors”) to help deliver the Service. These providers process data solely on our behalf and under our instructions, in accordance with contractual obligations to protect your data. All subprocessors are located in the United States. A complete list of subprocessors is available in our Data Processing Agreement, which is provided to customers as part of their service agreement.
4.2 Insurance Partners
We share information with insurers, underwriters, managing general agents (MGAs), and other insurance-related entities as necessary to facilitate the insurance transactions you initiate through the Service. This sharing is limited to the information required for the specific transaction.
4.3 Legal and Regulatory Compliance
We may disclose your information when required by law, regulation, legal process, or governmental request, including to:
- Comply with applicable laws or regulations
- Respond to lawful requests from public authorities, including law enforcement
- Protect our rights, privacy, safety, or property, or that of our users or the public
- Enforce our terms of service
4.4 Business Transfers
In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you via email or prominent notice on the Service before your information becomes subject to a different privacy policy.
4.5 With Your Consent
We may share your information with third parties when you have given us explicit consent to do so.
4.6 Payments
Payment processing is handled by Stripe, Inc. When you subscribe to Circle, your payment information is collected and processed directly by Stripe in accordance with Stripe's Privacy Policy. Circle does not store your full payment card details.
4.7 Advertising, Tracking, and Third-Party Embeds
Circle uses Google Ads and Google Tag Manager for advertising conversion tracking to measure the effectiveness of our advertising campaigns. These tools collect anonymized usage data and page visits. Our demo booking page embeds Cal.com, a third-party scheduling service that collects booking information (name, email) directly under its own privacy policy. We also use error monitoring and application performance tools, which may receive technical error context and usage data.
We do not sell your personal information. We do not share your personal information for cross-context behavioral advertising. We have not sold or shared personal information in the preceding twelve months.
5. Data Categories Table
The following table summarizes the categories of personal information we collect, the purposes for collection, and the categories of third parties with whom each is shared:
| Category of Personal Information | Examples | Business Purpose | Third Parties |
|---|---|---|---|
| Identifiers | Name, email, phone, IP address | Provide Service, communicate, comply with law | Subprocessors, Insurance Partners |
| Business Information | Company name, job title, agency details | Provide Service, facilitate transactions | Subprocessors, Insurance Partners |
| Insurance and Financial Data | Policy details, claims, coverage, premiums | Facilitate insurance transactions, document processing | AI Infrastructure Providers, Insurance Partners |
| Government Identifiers | SSN, date of birth | Facilitate insurance applications | AI Infrastructure Providers |
| Health Information | Health data relevant to insurance | Facilitate insurance applications | AI Infrastructure Providers |
| Technical / Usage Data | Browser type, OS, pages visited, features used | Improve Service, analytics, security | Infrastructure Subprocessors |
| AI-Processed Data | Extracted document data, generated forms, validation results, browser automation outputs | Core Service delivery | AI Infrastructure Providers |
6. Data Security
We implement technical and organizational measures designed to protect your personal information, including:
- Encryption: Data encrypted at rest and in transit (TLS 1.2+, AES-256)
- Access Controls: Role-based access controls, multi-factor authentication for internal systems
- Security Assessments: Regular vulnerability assessments and penetration testing
- SOC 2 Type 2: Circle completed SOC 2 Type 2 certification in April 2026. A copy of the audit report is available upon request.
- Incident Response: Documented incident response procedures with defined notification timelines
- Breach Notification: In the event of a data breach, Circle will notify affected individuals and applicable regulators within 72 hours of confirming the breach, or as otherwise required by applicable law.
No method of transmission over the Internet or electronic storage is completely secure. While we strive to use commercially reasonable means to protect your personal information, we cannot guarantee absolute security.
7. Data Residency
All Customer Data is processed and stored on United States-based infrastructure. Our subprocessors host data exclusively in US data centers. We do not transfer Customer Data outside of the United States. A complete list of subprocessors is available in our Data Processing Agreement.
8. Data Retention
We retain your information according to the following schedule:
| Data Type | Retention Period | Basis |
|---|---|---|
| Active account data | Duration of the customer relationship plus 60 days after account closure | Service delivery |
| Trial account data | 30 days after trial expiration or termination | Per Trial Terms |
| Billing and financial records | 7 years | Tax and accounting obligations |
| Data subject to a legal hold | Until the hold is released | Legal obligation |
After the applicable retention period, data is securely deleted or irreversibly de-identified. You may request earlier deletion of your data at any time, subject to our legal and regulatory obligations (see Section 9).
9. Your Rights and Choices
Depending on your jurisdiction, you may have the following rights regarding your personal information:
- Access: Request a copy of the personal information we hold about you
- Correction: Request that we correct inaccurate personal information
- Deletion: Request that we delete your personal information, subject to legal retention obligations
- Restriction: Object to or restrict certain processing of your personal information
- Portability: Request your data in a structured, commonly used, machine-readable format
- Opt-Out of Marketing: Unsubscribe from marketing communications at any time
- Opt-Out of Browser Automation: Decline or disable AI-driven browser automation features at any time; core AI task execution is a core Service function and cannot be disabled
To exercise any of these rights, contact us at privacy@usecircle.com or visit usecircle.com/contact. We will respond within 30 days (or within the timeframe required by applicable law). We will not discriminate against you for exercising any of these rights.
10. Children's Privacy
The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected personal information from a child under 18, we will delete it promptly. If you believe a child has provided us with personal information, please contact us at privacy@usecircle.com.
11. California Privacy Rights (CCPA/CPRA)
This section applies to California residents and supplements the rest of this Privacy Policy with disclosures required under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (collectively, “CCPA”).
11.1 Categories of Personal Information Collected
In the preceding twelve months, we have collected the following categories of personal information (as defined by the CCPA):
| CCPA Category | Collected | Source | Business Purpose |
|---|---|---|---|
| A. Identifiers (name, email, phone, IP address) | Yes | Directly from you, automatically | Provide Service, communicate |
| B. Personal information per Cal. Civ. Code 1798.80(e) (name, SSN, address, phone, financial info) | Yes | Directly from you, document uploads | Insurance transactions |
| C. Protected classification characteristics (age, DOB) | Yes | Directly from you, document uploads | Insurance applications |
| D. Commercial information (transaction records, purchasing history) | Yes | Service usage | Billing, Service delivery |
| F. Internet or electronic network activity (browsing, usage) | Yes | Automatically | Analytics, security |
| I. Professional or employment-related information | Yes | Directly from you | Service delivery |
| L. Sensitive personal information (SSN, health data, financial account info) | Yes | Directly from you, document uploads | Insurance transactions |
11.2 Sale and Sharing of Personal Information
We do not sell your personal information. We have not sold personal information in the preceding twelve months.
We do not share your personal information for cross-context behavioral advertising. As used in the CCPA, “sharing” means disclosing personal information to a third party for cross-context behavioral advertising purposes, whether or not for monetary consideration. We do not engage in this practice.
11.3 Your California Privacy Rights
As a California resident, you have the following rights under the CCPA:
Right to Know. You have the right to request that we disclose:
- The categories of personal information we collected about you
- The categories of sources from which we collected your personal information
- The business or commercial purpose for collecting your personal information
- The categories of third parties with whom we share your personal information
- The specific pieces of personal information we collected about you
Right to Delete. You have the right to request deletion of personal information we collected from you, subject to certain legal exceptions (e.g., data required for regulatory compliance, completing a transaction, or detecting security incidents).
Right to Correct. You have the right to request that we correct inaccurate personal information we maintain about you.
Right to Limit Use of Sensitive Personal Information. You have the right to limit our use of sensitive personal information to purposes necessary to perform the Service. Circle already limits its use of sensitive personal information to Service delivery and compliance purposes.
Right to Opt-Out of Sale or Sharing. Although we do not sell or share your personal information, you may submit an opt-out request at any time. We honor Global Privacy Control (GPC) signals as valid opt-out-of-sale/sharing requests.
Right to Non-Discrimination. We will not discriminate against you for exercising any of your CCPA rights. We will not deny you the Service, charge different prices, provide a different quality of service, or retaliate in any way.
11.4 How to Exercise Your California Rights
You may submit a verifiable consumer request by:
- Email: privacy@usecircle.com
- Web: usecircle.com/contact
- Toll-Free (if applicable): Contact us at the email above to request phone-based assistance
You may make a verifiable consumer request up to twice per 12-month period. The request must provide sufficient information to allow us to verify your identity (or your authority to act on behalf of a California resident) and describe your request with enough detail for us to understand, evaluate, and respond.
For requests to know categories of personal information, we verify your identity to a reasonable degree by matching at least two data points you provide against information we maintain. For requests to know specific pieces of personal information or to delete personal information, we verify your identity to a reasonably high degree by matching at least three data points and may require a signed declaration under penalty of perjury that you are the consumer whose personal information is the subject of the request.
We will acknowledge your request within 10 business days and respond substantively within 45 calendar days of receiving your verifiable request. If we need additional time (up to 45 additional days), we will notify you of the extension and the reason for it.
11.5 Authorized Agents
You may designate an authorized agent to submit requests on your behalf. To do so, you must:
- Provide the authorized agent with signed, written permission to act on your behalf, or
- Provide a power of attorney pursuant to California Probate Code sections 4000-4465
We may require the authorized agent to verify their identity and may contact you directly to confirm that you authorized the agent to act on your behalf. Authorized agent requests should be submitted to privacy@usecircle.com with supporting documentation.
11.6 Financial Incentives
We do not offer financial incentives or price or service differences in exchange for the retention or sale of personal information.
11.7 Do Not Sell or Share My Personal Information
Although Circle does not sell or share personal information for cross-context behavioral advertising, we provide this notice in compliance with the CCPA. To submit an opt-out request or for any questions about our data practices, contact privacy@usecircle.com.
We recognize and honor the Global Privacy Control (GPC) browser signal as a valid opt-out request under the CCPA.
11.8 Shine the Light (Cal. Civ. Code 1798.83)
California residents may request information about our disclosure of personal information to third parties for their direct marketing purposes. Circle does not disclose personal information to third parties for their own direct marketing purposes.
12. Changes to This Privacy Policy
We may update this Privacy Policy from time to time. When we make material changes, we will:
- Post the revised Privacy Policy on our website at usecircle.com/privacy
- Update the “Effective Date” at the top of this page
- Notify you by email or prominent notice within the Service for material changes
We encourage you to review this Privacy Policy periodically. Your continued use of the Service after any changes indicates your acceptance of the updated Privacy Policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy or our data practices:
Circle Technologies, Inc.
650 California St., Fl 7
San Francisco, CA 94108
- Privacy inquiries: privacy@usecircle.com
- General inquiries: support@usecircle.com
- Web: usecircle.com/contact
For CCPA-specific requests, please email privacy@usecircle.com with the subject line “California Privacy Request.”
This Privacy Policy was last updated on April 26, 2026.
Prior version effective April 21, 2026.
Questions? Contact privacy@usecircle.com