Effective May 7, 2026
Privacy Policy
This policy describes how ReRao handles personal data and customer information in connection with the ReRao platform and public website. Enterprise agreements may include additional data-processing terms.
Data we process
ReRao processes account information, organization information, product usage metadata, support communications, and customer-provided reinsurance workflow content such as submissions, documents, extracted fields, quote information, and audit evidence.
How we use data
We use data to provide and secure the platform, authenticate users, operate workflows, generate audit trails, improve reliability, respond to support requests, and meet legal, security, and contractual obligations.
AI processing
AI features are governed by tenant policy, data classification, audit logging, and provider allowlists. Confidential or restricted broker document content defaults to denied cloud AI egress unless the tenant explicitly allows it.
Security controls
ReRao uses role-based access, organization scoping, secure session cookies, encrypted secrets, security logging, upload validation, malware scanning hooks, and release security gates. SOC 2 readiness work is in progress; no SOC 2 certification claim is made until an independent CPA report is issued.
Vendors and subprocessors
ReRao uses infrastructure, identity, storage, billing, observability, and AI vendors only where needed to operate the service. Vendor review evidence is maintained as part of ReRao's security and SOC 2 readiness program.
Retention and deletion
Customer data is retained according to contract terms, tenant configuration, legal obligations, and security/audit needs. Deletion or export requests should be routed through the same authenticated support and account-management process used for enterprise customers.
Questions, access requests, or deletion requests should be submitted through the contact page so they route through ReRao's account and support intake.