Last updated: 05/06/2026
Our data protection commitment
InsurDigi, operated by SIGMA GROUP COMPANY LIMITED (CÔNG TY TNHH SIGMA GROUP), business registration number 0318736225, address 160/46/1 Phan Huy Ich, An Hoi Tay Ward, Ho Chi Minh City, Vietnam, is committed to protecting user and customer personal data in line with Decree 13/2023/ND-CP, the 2015 Law on Cyber Information Security, and the 2022 Insurance Business Law.
Data processing roles
- For InsurDigi account data, InsurDigi acts as the data controller.
- For end-customer data entered by an agency, InsurDigi acts as a data processor on behalf of the agency; the agency remains responsible for having the proper legal basis or consent.
Data we collect
- Identity and account data: name, email, phone number, organization.
- Sensitive personal data when uploaded: ID card details, vehicle registration, insurance certificates, and related documents.
- Policy and financial data: insurance policies, fees, commissions, and payment transactions.
- Technical data: logs, IP address, device data, and cookies for operation and security.
Purpose and legal basis
- Providing policy, customer, renewal, and commission management services.
- Using AI/OCR to extract document data for pre-filled records, with user review before saving.
- Processing payments, reconciliation, system security, and fraud prevention.
- Legal basis includes service contract performance, data subject consent, and legal obligations.
AI/OCR processing
Uploaded documents may be processed by AI/OCR to extract information. We do not use customer personal data to train general-purpose shared AI models. Users must review AI results before saving them as official records.
Multi-tenant data separation
Each organization has separate data by organizationId and role-based access. Data from different agencies is not mixed, and members only see information relevant to their work.
Security, retention, and deletion
We use HTTPS/TLS, role-based access, audit logs, backups, and internal access controls. Data is retained for the service period and any legally required period; when no longer needed, it is deleted or anonymized.
Data subject rights
Under Decree 13/2023/ND-CP, data subjects may request notice, consent withdrawal, access, correction, deletion, restriction, objection, and complaint handling. Contact privacy@insurdigi.com to exercise these rights.