Legal

Privacy Policy

Last updated: February 2026

Company Identification
What Data We Collect
Why We Collect Data
Legal Basis for Processing
Data Storage and Residency
Data Retention
Data Security
Third-Party Processors
Your Rights
Cookies
Children
Changes to This Policy
Contact Information

1. Company Identification

Regure is a product built and operated by The Algorithm. The data controller for Regure is:

United Kingdom:
Design Thinking Technologies UK
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom

India:
Design Thinking Technology India Pvt. Ltd
14DF Scheme No. 74C, Vijaynagar
Indore, MP 452010
India

United States:
The Algorithm
Highlands Ranch, Colorado
United States

2. What Data We Collect

When you use Regure, we collect the following categories of data:

Account Information: Name, email address, company name, role, phone number, and other information you provide when creating or managing your account.
Documents and Content: Documents you upload to the platform, including claims documents, policy forms, correspondence, medical records, and any other files processed through Regure.
Usage Data: Information about how you interact with the platform, including features accessed, actions taken, workflow configurations, search queries, and time spent on various functions.
Communication Data: Messages, video calls, comments, and other communications conducted within the platform.
Device and Browser Information: IP address, browser type and version, operating system, device identifiers, screen resolution, and referring URLs.
Cookies and Tracking Technologies: Data collected through cookies, web beacons, and similar technologies as described in the Cookies section below.

3. Why We Collect Data

We collect and process your data for the following purposes:

To Provide the Service: To operate the Regure platform, process and route documents, manage workflows, and deliver the features you have subscribed to.
To Process Documents: To classify documents, extract data, apply AI-powered analysis, and facilitate claims processing and workflow automation.
To Maintain Audit Trails: To create immutable audit logs that track all actions on documents and data, as required for regulatory compliance and customer operations.
To Communicate with Users: To send service notifications, respond to support requests, provide training materials, and communicate important updates about the platform.
To Improve the Platform: To analyze usage patterns, identify bugs, develop new features, and enhance the overall user experience.
To Comply with Legal Obligations: To meet regulatory requirements, respond to lawful requests from authorities, enforce our terms of service, and protect our rights and the rights of our users.

4. Legal Basis for Processing (GDPR)

For users in the European Economic Area, United Kingdom, and other jurisdictions where the General Data Protection Regulation applies, we process your personal data on the following legal bases:

Contract Performance: Processing necessary to fulfill our contractual obligations to provide the Regure platform to your organization.
Legitimate Interest: Processing necessary for our legitimate interests in operating and improving the platform, preventing fraud, and ensuring security, provided such interests are not overridden by your rights and freedoms.
Legal Obligation: Processing necessary to comply with applicable laws, regulations, court orders, or regulatory guidance.
Consent: Where required by law, we obtain your explicit consent before processing certain categories of data, such as optional analytics or marketing communications. You may withdraw consent at any time.

5. Data Storage and Residency

Regure operates on Amazon Web Services (AWS) infrastructure with deployment options in the following regions:

United States (us-east-1, us-west-2)
European Union (eu-central-1 Frankfurt, eu-west-1 Dublin)
United Kingdom (eu-west-2 London)
Middle East (me-south-1 Bahrain)

Your organization chooses the data residency region during onboarding. Once selected, your data remains in that region and is not transferred across borders without explicit configuration and appropriate safeguards.

For data transfers from the EEA, UK, or Switzerland to other jurisdictions, we rely on Standard Contractual Clauses approved by the European Commission and implement additional technical and organizational measures to ensure adequate protection.

No cross-border data transfers occur without your organization's explicit configuration and our implementation of appropriate legal mechanisms to protect your data.

6. Data Retention

We retain your data for the following periods:

Platform Data: Documents, workflows, and operational data are retained for the duration specified in your customer contract and in accordance with jurisdiction-specific requirements. Your organization can configure automated retention policies based on document type, line of business, and regulatory requirements.
Account Data: User account information is retained for the duration of your contract plus 12 months to facilitate potential service reinstatement and meet our legal obligations.
Audit Trails: Immutable audit logs are retained in accordance with regulatory requirements applicable to your jurisdiction and industry. For insurance operations, this typically ranges from 5 to 10 years.
Backup Data: Backup copies are retained for 90 days and are subject to the same security controls as production data.

Upon contract termination, you have 30 days to export your data. After the export period, we securely delete or anonymize your data in accordance with this policy and applicable law.

7. Data Security

We implement comprehensive technical and organizational measures to protect your data:

Encryption: AES-256 encryption at rest for all data stored in our databases and file systems. TLS 1.2 or higher encryption in transit for all data transmitted over networks.
Access Controls: Role-based access control (RBAC) with nine configurable permission levels. Multi-factor authentication (MFA) available for all users.
Audit Trails: Immutable, cryptographically verified audit logs using Merkle tree structures. Every action on every document is logged with user, timestamp, and action details.
Infrastructure Security: AWS infrastructure with dedicated Virtual Private Clouds (VPCs), network segmentation, intrusion detection systems, and DDoS protection.
Security Testing: Regular penetration testing by independent third-party security firms. Vulnerability scanning and automated security monitoring.
Monitoring: 24/7 security monitoring with automated alerts for suspicious activity, unauthorized access attempts, and anomalous behavior patterns.
Employee Access: Strict access controls limiting employee access to customer data. All access logged and reviewed. Background checks for employees with potential data access.

While we implement industry-standard security measures, no system is completely secure. We cannot guarantee absolute security but commit to promptly addressing any identified vulnerabilities.

8. Third-Party Processors

We engage the following categories of third-party processors to help us provide the Regure platform:

Amazon Web Services (AWS): Cloud infrastructure provider for hosting, storage, and computing resources.
Email Service Providers: For transactional emails, notifications, and customer communications.
Analytics Providers: Google Analytics for website usage analytics (see Cookies section).

We do not sell, rent, or trade your personal data to third parties for their marketing purposes. All third-party processors are bound by data processing agreements that require them to protect your data and process it only as instructed by us.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal data:

For All Users:

Right to Access: You may request a copy of the personal data we hold about you.
Right to Rectification: You may request correction of inaccurate or incomplete data.
Right to Deletion: You may request deletion of your personal data, subject to our legal obligations and legitimate interests.
Right to Data Portability: You may request your data in a structured, commonly used, machine-readable format.

For GDPR Subjects (EEA, UK, Switzerland):

Right to Restriction of Processing: You may request that we limit how we use your data in certain circumstances.
Right to Object: You may object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.
Right to Lodge a Complaint: You may file a complaint with your local data protection supervisory authority.

For CCPA Subjects (California Residents):

Right to Know: You may request disclosure of the categories and specific pieces of personal information we have collected.
Right to Delete: You may request deletion of personal information we have collected from you.
Right to Opt-Out of Sale: We do not sell personal information and have not sold personal information in the past 12 months.
Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

To exercise any of these rights, please contact us at privacy@the-algo.com. We will respond to your request within 30 days (or as otherwise required by applicable law).

10. Cookies

We use the following types of cookies:

Essential Cookies: Required for platform functionality, including session management, authentication, and security features. These cookies cannot be disabled without affecting platform operation.
Analytics Cookies: Google Analytics (tracking ID: G-KVCC8SHVDE) to understand how visitors use our website and platform. These cookies collect aggregated, non-personally identifiable information about page views, traffic sources, and user behavior.

We do not use advertising cookies or third-party tracking cookies for marketing purposes.

You can control cookie settings through your browser preferences. Disabling essential cookies may affect platform functionality. Disabling analytics cookies will not impact platform operation.

11. Children

Regure is a business-to-business platform designed for insurance professionals and is not directed at children under the age of 16. We do not knowingly collect personal information from children under 16.

If we become aware that we have collected personal data from a child under 16 without parental consent, we will take steps to delete that information as quickly as possible. If you believe we have collected information from a child under 16, please contact us at privacy@the-algo.com.

12. Changes to This Policy

We may update this privacy policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors.

When we make material changes to this policy, we will notify registered users via email at the address associated with their account at least 30 days before the changes take effect. We will also update the "Last updated" date at the top of this policy.

Your continued use of Regure after the effective date of the updated policy constitutes acceptance of the changes. If you do not agree to the updated policy, you must discontinue use of the platform.

13. Contact Information

If you have questions, concerns, or requests regarding this privacy policy or our data practices, please contact us:

Email:
Privacy inquiries: privacy@the-algo.com
General inquiries: info@the-algo.com

United Kingdom (Data Controller):
Design Thinking Technologies UK
71-75 Shelton Street, Covent Garden
London, WC2H 9JQ
United Kingdom