Insora — Privacy Policy

Last updated: May 27, 2026

This policy explains what personal information Insora collects when you use the Insora mobile app or the website at insorains.com, how we use it, who we share it with, and the rights you have over it. Insora is a professional network for the insurance industry operated by New Reign Capital, LLC ("Insora", "we", "us"). If you have questions, email privacy@insorains.com.

1. Information we collect

We collect the following categories of information:

  • Account information — first name, last name, email address, password (stored only as an Argon2id hash), and (if you choose) profile photo, headline, company, location, bio, handle, and links you add to your profile.
  • Content you create — posts, comments, reactions, messages (including paid direct messages), follows, RSVPs, uploaded images and video, opportunity submissions, event listings, and Circle posts. This content is stored on our servers and shown to the audience you choose.
  • Identifiers from third-party sign-in — if you sign in with Apple or LinkedIn, we receive your name and a stable identifier from that provider plus (in LinkedIn's case) your work email. We never receive your social-provider password.
  • Payment metadata — Stripe customer ID, subscription / payment intent IDs, charge status, last four digits of the card, ZIP, country. Full card numbers and bank credentials are stored only by Stripe under PCI-DSS; we never see or store them. Connected account information (for users who set up payouts) is held by Stripe Connect.
  • Device + usage signals — IP address, browser / device user agent, push notification token, last-active timestamp, page views, click events on posts and sponsorships, and crash / performance diagnostics. We use these to keep the service running, prevent abuse, and rank the feed.
  • Approximate location — derived from your IP address (city / region level). We do not request or store precise device GPS location.
  • Photo library + camera access — only when you attach a photo or video to a post, message, profile, or event. Files you upload are stored and served by Insora; we do not send them to third parties for analysis.

2. How we use your information

We use the information above to:

  • Authenticate you and keep your session secure.
  • Display posts, messages, and events to the audience each item is targeted at.
  • Process payments (wallet top-ups, paid messages, event tickets, opportunity sponsorships, Circle subscriptions) and pay out earnings to creators.
  • Deliver push, email, and in-app notifications you've opted into. You can change your preferences any time at /account.
  • Detect and prevent abuse, fraud, spam, and Terms of Service violations.
  • Improve features, fix bugs, and measure aggregate usage.

We do not sell personal information, do not run third-party advertising trackers, and do not use your content to train external AI models. AI-assisted features inside Insora (e.g. profile-summary suggestions, opportunity drafting, photo enhancement) operate on your data on our servers and through API calls to Anthropic and Replicate under zero-retention agreements.

3. Who we share it with

Other Insora members see:

  • Your public profile (name, photo, headline, company, bio).
  • Posts and comments you publish.
  • Events, Circles, and opportunities you host or join.
  • The contents of messages you send (only to recipients of those messages).

We share data with the following service providers:

  • Stripe, Inc. — payments, subscriptions, payouts, and fraud screening. Subject to Stripe's privacy policy.
  • Apple Inc. — Sign in with Apple identity verification, push notifications (APNs), App Store delivery.
  • LinkedIn Corporation — Sign in with LinkedIn (OIDC) only; we do not write back to LinkedIn.
  • Postmark (Wildbit, LLC) — transactional email delivery (verification, invites, notifications).
  • Render — application hosting and database hosting in US-East. SOC 2 Type II.
  • Anthropic, PBC — Claude API for AI-assisted drafting + summarization. Zero-retention configuration.
  • Replicate — server-side photo enhancement (background removal, upscaling). Uploaded images are processed and returned, not stored long-term by Replicate.

Each provider is under contract to use the data only to perform services for Insora. We disclose data to law enforcement only when legally compelled (subpoena, warrant) and we notify the affected user where the law permits.

4. Retention

Account data is retained for as long as your account is active. When you delete your account (from /account or by emailing privacy@insorains.com), we erase or anonymize your personal information within 30 days, except where we are required to retain financial records by tax law (typically up to seven years, payment metadata only — no profile or content data). Backups are purged within 90 days of the deletion request.

5. Your rights

Under GDPR (EEA / UK residents), CCPA / CPRA (California residents), and similar US state laws, you have the right to:

  • Access the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your account and personal data.
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent at any time without affecting prior use.

To exercise any of these rights, email privacy@insorains.com. We respond within 30 days. We do not discriminate against users who exercise these rights.

6. Cookies and similar technologies

On the website we use a first-party session cookie and localStorage to keep you signed in. The Insora iOS app uses the platform-equivalent WKWebView storage, with the same scope. We do not use third-party advertising cookies, cross-site trackers, or fingerprinting.

7. Security

Passwords are hashed with Argon2id. Data in transit is encrypted with TLS 1.2 or higher. Database backups are encrypted at rest. Production access is restricted to two named engineers with hardware-key 2FA. We log access to sensitive routes and review them for anomalies. If we discover a breach affecting your personal information, we will notify you within 72 hours.

8. International transfers

Insora is operated from the United States and the servers we rely on are located in the US (Render, AWS US-East). If you access the service from outside the US, your personal information will be transferred to and stored in the US under the Standard Contractual Clauses or equivalent safeguards.

9. Children's privacy

Insora is intended for insurance professionals and is not directed at children under 18. We do not knowingly collect personal information from anyone under 18. If we learn that a child has registered, we will delete the account and all associated information.

10. Changes to this policy

Material changes are announced in-app and by email at least 14 days before they take effect. We post the date of the most recent revision at the top of this page.

11. Contact

New Reign Capital, LLC
Privacy team: privacy@insorains.com
Support: support@insorains.com

← Back