Legal

Privacy Policy

Effective date: July 5, 2026 Last updated: July 5, 2026 Version 1.0
This Privacy Policy describes how Seawaysur, Inc. handles personal data in connection with the client resource management platform. Fields shown like this mark details to complete for your organization — legal entity name, contact addresses, subprocessor list, and retention schedules — and this document should be reviewed by qualified legal counsel before it is relied upon.

1. Introduction & Scope

This Privacy Policy applies to personal data processed by Seawaysur, Inc. ("Seawaysur," "we," "us") in connection with our website and the client resource management platform (together, the "Services"). It describes the categories of personal data we collect, how we use and share it, and the choices and rights available to individuals.

The Services are designed for use by business customers — insurers, underwriters, law firms, and comparable regulated organizations ("Customers") — and their Authorized Users. Where Customers submit personal data about their own clients, policyholders, or matters ("Client Data") to the Services, Seawaysur processes that data on the Customer's behalf as described in Section 3 and in the applicable Data Processing Addendum, and this Policy should be read together with the Customer's own privacy notice governing that relationship.

2. Information We Collect

2.1 Account & Contact Information

When you or your organization register for the Services, we collect information such as name, business email address, job title, employer, and phone number, along with authentication credentials and, where applicable, single sign-on identifiers provided by your organization's identity provider.

2.2 Client Data

Customers and their Authorized Users may submit Client Data to the Services, which can include policy, claims, matter, and case information, and personal data relating to a Customer's own clients or policyholders. Seawaysur processes Client Data solely on documented instructions from the Customer, as described in Section 3.

2.3 Usage & Device Data

We automatically collect technical information when the Services are used, including IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, and timestamps of activity, collected through server logs and similar technologies.

2.4 Cookies & Similar Technologies

We use strictly necessary cookies and similar technologies to operate the Services, including maintaining sessions, remembering theme and language preferences, and supporting authentication. See Section 6 for further detail.

2.5 Communications

When you contact us for support or other inquiries, we collect the content of your communications and any information you choose to provide.

3. Our Role: Controller & Processor

Seawaysur acts in two distinct capacities:

  • As a data controller (or "business" under U.S. state privacy laws) with respect to account and contact information of Customer personnel, website visitor data, and information collected to manage the commercial relationship with Customers — this data is governed by this Privacy Policy.
  • As a data processor (or "service provider"/"processor" under applicable law) with respect to Client Data submitted by Customers to the Services — this data is processed strictly on the Customer's documented instructions, under the terms of the Data Processing Addendum entered into with the Customer, and the Customer, not Seawaysur, determines the purposes and means of that processing.

If you are an individual whose personal data has been submitted to the Services by a Customer (for example, as a policyholder or client of one of our business customers), and you have questions about that data, please contact that Customer directly; Seawaysur will support the Customer in responding to your request in accordance with our contractual obligations.

4. How We Use Information

  • To provide, maintain, secure, and support the Services, including authentication and account administration;
  • To process transactions and manage billing in connection with a Customer's subscription;
  • To communicate with Customers and Authorized Users about the Services, including updates, security notices, and support responses;
  • To monitor, analyze, and improve the performance, reliability, and functionality of the Services;
  • To detect, investigate, and prevent fraud, abuse, and security incidents;
  • To comply with applicable legal, regulatory, and contractual obligations; and
  • For any other purpose disclosed to you at the time the information is collected, with your consent where required.

6. Cookies & Tracking Technologies

The Services use strictly necessary cookies and equivalent browser storage to maintain your authenticated session, remember your theme (light or dark) and language preference, and protect against cross-site request forgery. These are essential to the operation of the Services and are not used for cross-site advertising or behavioral profiling. Where we use any non-essential analytics or functional cookies, we will present a cookie notice offering a choice consistent with applicable law, and you may also control cookies through your browser settings.

7. Sharing & Disclosure of Information

We do not sell personal data. We disclose personal data only as follows:

  • Subprocessors and service providers who perform functions on our behalf, such as cloud infrastructure hosting, email delivery, customer support tooling, and payment processing, under written agreements that require appropriate confidentiality and security protections. A current list of Subprocessors is available upon written request.
  • Identity providers selected by your organization to enable single sign-on authentication.
  • Professional advisors, including auditors, lawyers, and insurers, where necessary for their services to us.
  • Legal and regulatory authorities, where required to comply with applicable law, a valid legal process, or to protect the rights, safety, or property of Seawaysur, our Customers, or others.
  • Successors, in connection with a merger, acquisition, financing, or sale of assets, subject to appropriate confidentiality protections.

8. International Data Transfers

We may transfer personal data to countries other than the country in which it was originally collected, including to [the United States], where our infrastructure and personnel are located. Where such transfers involve personal data originating in the European Economic Area, the United Kingdom, or Switzerland, we rely on appropriate safeguards, such as the European Commission's Standard Contractual Clauses and, where applicable, the UK International Data Transfer Addendum, together with supplementary technical and organizational measures as needed.

9. Data Retention

We retain account and contact information for as long as necessary to provide the Services and for a reasonable period thereafter to comply with legal, tax, accounting, and audit obligations, resolve disputes, and enforce our agreements, typically not exceeding [seven (7) years] after account closure unless a longer period is required by law. Client Data is retained in accordance with the Customer's instructions and the applicable Order Form, and is deleted or returned upon termination of the Customer's subscription as described in our Terms of Service, subject to limited retention where required by law or for legitimate backup and security purposes.

10. Data Security

We maintain administrative, technical, and physical safeguards designed to protect personal data against unauthorized access, disclosure, alteration, or destruction, including encryption of data in transit (TLS 1.3) and at rest (AES-256), role-based access controls, network segmentation, logging and monitoring, and periodic independent security assessments. No method of transmission or storage is completely secure, and we cannot guarantee absolute security, but we work to maintain safeguards appropriate to the sensitivity of the data involved.

11. Your Privacy Rights

Depending on your location, you may have the right to: (a) access the personal data we hold about you; (b) request correction of inaccurate data; (c) request deletion of your personal data; (d) request a portable copy of your data; (e) object to or request restriction of certain processing; and (f) withdraw consent where processing is based on consent, without affecting the lawfulness of processing before withdrawal. To exercise these rights, contact us using the details in Section 17; we will respond within the timeframe required by applicable law. We may need to verify your identity before fulfilling a request.

12. California Privacy Rights

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (together, "CCPA"), gives you the right to: know what personal information we collect, use, and disclose; request deletion or correction of your personal information; and not be discriminated against for exercising these rights. We do not sell or share personal information for cross-context behavioral advertising as those terms are defined under the CCPA. Categories of personal information we collect generally correspond to those described in Section 2. To submit a verifiable consumer request, contact us using the details in Section 17. You may designate an authorized agent to make a request on your behalf, subject to verification.

13. EEA & UK Rights

If you are located in the European Economic Area, the United Kingdom, or Switzerland, you have the rights described in Section 11 under the GDPR or UK GDPR, and you have the right to lodge a complaint with your local data protection supervisory authority. Our contact for data protection matters, and, where required, our EU and UK representatives, are listed in Section 17.

14. Children's Privacy

The Services are intended for business use by professional organizations and are not directed at, nor knowingly used to collect personal data from, individuals under the age of 16. If we learn that we have inadvertently collected personal data from a child under this age, we will take reasonable steps to delete it.

16. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law. If we make material changes, we will provide reasonable advance notice, such as by email to account administrators or a prominent notice within the Services, before the changes take effect. The "Last updated" date at the top of this page indicates when this Policy was last revised.


17. Contact Us

Questions, requests, or complaints regarding this Privacy Policy or our data practices may be directed to:

Seawaysur, Inc.
Attn: Privacy Office
Email: [email protected]

EU/UK representative: [email protected]