IDInsurDigi
Privacy

Personal Data Protection Policy

How InsurDigi collects, processes, stores, and protects personal data in line with Vietnamese personal data protection rules.

Last updated: [day]/[month]/2026

Our data protection commitment

InsurDigi, operated by [Legal company name], business registration number [Tax ID], address [Address], is committed to protecting user and customer personal data in line with Decree 13/2023/ND-CP, the 2015 Law on Cyber Information Security, and the 2022 Insurance Business Law.

Data processing roles

  • For InsurDigi account data, InsurDigi acts as the data controller.
  • For end-customer data entered by an agency, InsurDigi acts as a data processor on behalf of the agency; the agency remains responsible for having the proper legal basis or consent.

Data we collect

  • Identity and account data: name, email, phone number, organization.
  • Sensitive personal data when uploaded: ID card details, vehicle registration, insurance certificates, and related documents.
  • Policy and financial data: insurance policies, fees, commissions, and payment transactions.
  • Technical data: logs, IP address, device data, and cookies for operation and security.

Purpose and legal basis

  • Providing policy, customer, renewal, and commission management services.
  • Using AI/OCR to extract document data for pre-filled records, with user review before saving.
  • Processing payments, reconciliation, system security, and fraud prevention.
  • Legal basis includes service contract performance, data subject consent, and legal obligations.

AI/OCR processing

Uploaded documents may be processed by AI/OCR to extract information. We do not use customer personal data to train general-purpose shared AI models. Users must review AI results before saving them as official records.

Multi-tenant data separation

Each organization has separate data by organizationId and role-based access. Data from different agencies is not mixed, and members only see information relevant to their work.

Third-party sharing

We only share data with infrastructure providers, payment gateways, and AI service providers where necessary and under confidentiality obligations. We do not sell personal data.

Security, retention, and deletion

We use HTTPS/TLS, role-based access, audit logs, backups, and internal access controls. Data is retained for the service period and any legally required period; when no longer needed, it is deleted or anonymized.

Data subject rights

Under Decree 13/2023/ND-CP, data subjects may request notice, consent withdrawal, access, correction, deletion, restriction, objection, and complaint handling. Contact privacy@insurdigi.com to exercise these rights.