Privacy Policy

Effective Date: June 15, 2026

PRIA Technologies, LLC ("PRIA," "we," "our," or "us") respects your privacy. This Privacy Policy explains how we collect, use, disclose, and protect information when you access or use PolicyRisk.com and any related websites, applications, tools, or services operated by PRIA Technologies (collectively, the "Services"), including the PRIA Score and related monitoring, alerts, and support experiences.

This Privacy Policy applies solely to PRIA Technologies and the Services described above. Certain optional services may be offered through separate legal entities and are governed by separate agreements and privacy notices presented at the time of enrollment.

1. Information We Collect

Information You Provide

We collect information you voluntarily provide when using the Services, including your name, email address, account credentials, financial information submitted for analysis (such as income, assets, debts, tax filing status, retirement account details, and other household financial inputs), health-related answers you choose to provide during onboarding (such as your health-coverage type and whether you have an ongoing health condition), the topics you search within the Learn experience, documents you upload, and information you provide when contacting us.

We use your health-related answers solely to estimate your exposure to policy changes, and never for advertising or marketing.

If you choose to connect financial accounts or similar data sources, we may receive account, balance, holdings, and transaction information needed to generate your PRIA Score, support ongoing monitoring, and improve the accuracy of the Services.

If you use location-based features, we collect the home or mailing address you provide or confirm — and, if you choose, a one-time precise (GPS) location reading you initiate that we convert into that address — to show federal civic data (such as EPA, FEMA, Census, and Congressional information) for where you live. Providing location is optional; you can enter or edit your address manually instead.

Information Collected Automatically

When you use the Services, we automatically collect certain information, which may include IP address, approximate location, browser type and version, device identifiers, pages viewed, features used, interaction and session data, and referring URLs.

2. How We Use Your Information

We use the information we collect to:

  • Operate, maintain, and improve the Services
  • Deliver the PRIA Score, ongoing monitoring, score updates, alerts, educational content, and related financial insights
  • Personalize your experience within the Services
  • Manage your account and support your use of the Services
  • Respond to inquiries and provide customer support
  • Send service-related communications and administrative messages
  • Send promotional communications, product updates, and policy news, from which you may opt out at any time
  • Analyze usage trends and improve functionality and performance
  • Protect the security and integrity of the Services and prevent fraud
  • Comply with applicable legal and regulatory obligations

3. Cookies and Tracking Technologies

We use cookies and similar technologies to operate and understand use of the Services. These technologies may include:

  • Essential technologies required for site functionality, authentication, and security
  • Analytics technologies used to understand how users remember, navigate, and interact with the Services
  • Session monitoring tools used to identify errors, diagnose issues, and improve usability
  • Advertising and measurement technologies used to measure effectiveness and deliver relevant advertising

You may manage cookies through your browser settings or other available controls, subject to applicable law.

4. How We Protect Your Information

We implement reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption, access controls, and secure infrastructure. Despite these efforts, no system can be guaranteed to be completely secure.

5. Third-Party Service Providers

We use third-party service providers to support the operation of the Services, including providers of hosting, analytics, communications, payment processing, customer support, financial account connectivity (Plaid), background processing, scheduling, AI-powered analysis, and AI-assistant tool-call analytics (Armature). These providers are permitted to process personal information only as necessary to perform services on our behalf and are contractually required to protect such information.

AI Analysis and Personalization

To deliver core features of the Services — including the PRIA Score, article analysis, alerts, and personalized educational content — we send relevant inputs to third-party AI providers. The information shared is limited to what is needed to perform the requested analysis and may include:

  • Profile inputs you provide during onboarding (e.g., income range, household details, retirement and tax situation)
  • Article links and article text you submit for analysis or that you open within the Services
  • Score outputs, action history, and other content you generate within the Services where personalization is needed

We do not send your name, email address, Apple ID, account credentials, or connected financial-account credentials to AI providers. Our AI providers are contractually prohibited from using your information to train their general models and are required to delete prompt and response data on a short retention schedule consistent with their enterprise data-processing terms.

AI processing is integral to the Services. By using the Services, you consent to this processing. You can request deletion of your account and associated AI prompt history at any time by contacting legal@policyrisk.com.

AI Assistant Connections (Model Context Protocol)

You can connect PRIA to an external AI assistant (such as ChatGPT) through the Model Context Protocol (MCP), which lets the assistant call PRIA tools on your behalf after you sign in and authorize access. When you use this connection:

  • Tool inputs you provide to the assistant (for example, policy text you ask PRIA to assess) are sent to PRIA to fulfill the request, and the results are returned to the assistant you connected. Inputs you provide to a third-party assistant are also subject to that assistant's own privacy policy.
  • Tool-call analytics — which PRIA tool was invoked, timing, and whether the call succeeded — are recorded and shared with Armature (app.armature.tech), our analytics processor, solely to monitor reliability and improve the MCP service. This analytics data is not required for any tool to function.

We do not send your account credentials to the connected assistant or to Armature. Tool-call analytics are retained only as long as needed for service monitoring and improvement, consistent with Section 9 (Data Retention). You can revoke a connected assistant's access at any time by revoking the associated connection or API key from your account, and you may request deletion of associated data by contacting legal@policyrisk.com.

6. Information Sharing and Disclosure

We do not sell personal information.

We may disclose information in the following circumstances:

  • With Service Providers: To vendors and contractors that perform services on our behalf
  • For Legal and Compliance Purposes: To comply with law, regulation, legal process, or governmental request
  • For Business Transfers: In connection with a merger, acquisition, financing, or sale of assets
  • With Your Consent: When you direct or authorize us to share information

PRIA Technologies does not share user information with affiliated entities unless and until you explicitly opt into a separate service governed by a separate agreement and privacy notice.

7. Your Rights and Choices

Depending on your jurisdiction, you may have rights regarding your personal information, including:

  • Requesting access to or a copy of your information
  • Requesting correction of inaccurate information
  • Requesting deletion of your information, subject to legal obligations
  • Opting out of marketing communications

You may opt out of promotional communications at any time by using the unsubscribe link included in each email or by contacting legal@policyrisk.com.

Requests may be submitted to legal@policyrisk.com, and we will respond in accordance with applicable law.

8. California Privacy Rights

California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA), including the right to know, delete, and opt out of certain data sharing practices. We do not sell personal information. Certain data disclosures for advertising or analytics purposes may constitute "sharing" under California law. Requests may be submitted to legal@policyrisk.com.

9. Data Retention

We retain personal information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this policy, and comply with applicable legal obligations. Retention periods may vary depending on the nature of the information and the context in which it was collected. Support and compliance-related records may be retained for longer periods where reasonably necessary for legal, dispute-resolution, or security purposes.

Deleting your account

You can delete your account at any time from within the app. When you do, we immediately sign you out, lock the account, disconnect any linked financial accounts (revoking our access with our data provider), and revoke any sign-in tokens we hold for your account. Your account then enters a 30-day recovery period during which you can restore it by signing back in. If you do nothing, the deletion becomes permanent after 30 days.

When deletion becomes permanent, we delete or irreversibly anonymize the personal information associated with your account — including your name, email, profile, connected financial-account data, and the identifiers that link records to you. After this point we cannot recover your account or tie the remaining data back to you.

We may retain (a) data that has been irreversibly anonymized or aggregated, which is no longer personal information and may be used to improve our Services, and (b) a limited set of records we are required or permitted to keep for legal, tax, security, or fraud-prevention purposes. These are kept only as long as necessary for those purposes.

10. Children's Privacy

The Services are not intended for individuals under 18 years of age. We do not knowingly collect personal information from children. If we become aware that personal information from a child has been collected, we will take steps to delete it.

11. Geographic Scope

The Services are intended for residents of the United States. We do not knowingly target or collect personal information from individuals outside the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be reflected by an updated effective date and, where required, notice through the Services or by email.

13. Contact Us

If you have questions about this Privacy Policy or wish to exercise your rights, contact us at:

PRIA Technologies, LLC

Email: legal@policyrisk.com