Effective Date: January 30, 2026

Privacy Policy

This Privacy Policy describes how Welthra ("Company," "we," "us," or "our") collects, uses, discloses, and safeguards your information when you access or use our platform, website, and related services.

1. Scope and Applicability

This Privacy Policy applies to all users of the Welthra platform, including licensed insurance agents, agency managers, and any individual who accesses our website at welthra.ai, our application at app.welthra.com, or any related services, tools, or APIs (collectively, the "Services"). By accessing or using the Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, you must discontinue use of the Services immediately.

2. Information We Collect

2.1 Information You Provide Directly

• Account Registration Data — Full legal name, email address, phone number, agency name, insurance license number, and state(s) of licensure.
• Payment Information — Credit card number, billing address, and associated payment credentials processed through our PCI DSS-compliant third-party payment processor. Welthra does not store full credit card numbers on its servers.
• Lead and Contact Data — Names, phone numbers, email addresses, and other contact details of insurance prospects and clients that you upload, import, or create within the platform.
• Communication Content — SMS messages, email content, voicemail transcripts, call recordings (where permitted by applicable law), and AI-generated script content created through or stored on the platform.
• Pipeline and Activity Data — Lead stages, appointment records, policy application statuses, agent notes, disposition codes, and follow-up schedules.
• Support Communications — Messages, files, and information you provide when contacting our support team.

2.2 Information Collected Automatically

• Device and Browser Data — IP address, device type, operating system, browser type and version, screen resolution, and unique device identifiers.
• Usage Analytics — Pages viewed, features accessed, click patterns, session duration, navigation paths, and frequency of use.
• Performance Data — Error logs, crash reports, response times, and diagnostic information used to maintain and improve the Services.
• Cookies and Tracking Technologies — We use cookies, web beacons, pixels, and similar technologies to authenticate sessions, remember preferences, analyze usage patterns, and deliver relevant content. See Section 9 for details.

2.3 Information from Third Parties

• CRM Integrations — Data imported from third-party CRM systems, lead vendors, or marketing platforms that you connect to Welthra.
• Telephony Providers — Call metadata, delivery receipts, and carrier information from our telephony and SMS infrastructure partners.
• Analytics Partners — Aggregated and de-identified usage data from analytics services.

3. How We Use Your Information

We use the information we collect for the following purposes:

• Service Delivery — To operate, maintain, and provide the core functionality of the Welthra platform, including lead management, automated follow-up sequences, AI copilot features, pipeline tracking, and agent scorecards.
• AI and Automation — To power AI-generated scripts, objection handling suggestions, follow-up recommendations, and lead scoring algorithms. Your data may be processed by machine learning models to improve the quality and relevance of AI outputs.
• Personalization — To customize your experience, including dashboard layouts, notification preferences, and feature recommendations based on your usage patterns.
• Communication — To send transactional emails (account confirmations, billing receipts, security alerts), service announcements, product updates, and optional marketing communications.
• Analytics and Improvement — To analyze usage trends, measure feature performance, conduct A/B testing, identify bugs, and improve the overall quality and reliability of the Services.
• Billing and Payments — To process subscription payments, manage invoices, handle refund requests, and prevent payment fraud.
• Security and Fraud Prevention — To detect, investigate, and prevent unauthorized access, abuse, fraud, and other illegal activities.
• Legal Compliance — To comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following limited circumstances:

• Service Providers — We share data with trusted third-party vendors who perform services on our behalf, including cloud hosting (AWS/GCP), payment processing (Stripe), email delivery, SMS/voice services (Twilio), and analytics. These providers are contractually bound to use your data only for the purposes we specify and to maintain appropriate security measures.
• AI Processing Partners — Certain data may be processed by third-party AI/ML providers to deliver AI copilot features. Data shared with these partners is subject to strict data processing agreements and is not used to train their general-purpose models.
• Legal Requirements — We may disclose your information if required by law, subpoena, court order, or governmental regulation, or if we believe disclosure is necessary to protect our rights, your safety, or the safety of others.
• Business Transfers — In the event of a merger, acquisition, reorganization, bankruptcy, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control.
• With Your Consent — We may share information for purposes not described in this Privacy Policy with your explicit consent.

5. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• Encryption — All data in transit is encrypted using TLS 1.2 or higher. Sensitive data at rest is encrypted using AES-256 encryption.
• Access Controls — Role-based access controls, multi-factor authentication for internal systems, and principle of least privilege for employee access.
• Infrastructure Security — Hosting on SOC 2-compliant cloud infrastructure with network segmentation, intrusion detection, and automated threat monitoring.
• Regular Audits — Periodic security assessments, vulnerability scanning, and penetration testing conducted by internal and third-party security teams.
• Incident Response — A documented incident response plan with defined escalation procedures and notification timelines in the event of a data breach.

While we take reasonable measures to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. Upon account termination or deletion request, we will delete or anonymize your personal data within thirty (30) days, except where retention is required by law (e.g., tax records, regulatory compliance) or necessary for legitimate business purposes (e.g., fraud prevention, dispute resolution). Lead and contact data you uploaded to the platform will be permanently deleted upon account closure unless you export it prior to termination.

7. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

• Access — Request a copy of the personal data we hold about you.
• Correction — Request correction of inaccurate or incomplete personal data.
• Deletion — Request deletion of your personal data, subject to legal retention obligations.
• Portability — Request your data in a structured, machine-readable format for transfer to another service.
• Opt-Out of Marketing — Unsubscribe from marketing communications at any time via the link in our emails or through your account settings.
• Restrict Processing — Request that we limit how we process your data in certain circumstances.
• Withdraw Consent — Where processing is based on consent, you may withdraw consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@welthra.ai. We will respond within thirty (30) days.

8. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA), including the right to know what personal information we collect, the right to delete, the right to opt out of the sale or sharing of personal information, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information as defined under the CCPA/CPRA.

9. Cookies and Tracking Technologies

We use the following types of cookies and tracking technologies:

• Strictly Necessary — Required for authentication, security, and core platform functionality. Cannot be disabled.
• Analytics — Help us understand how users interact with the Services, measure feature adoption, and identify areas for improvement.
• Functional — Remember your preferences, settings, and customizations across sessions.

You may manage cookie preferences through your browser settings. Disabling certain cookies may affect platform functionality.

10. Third-Party Links and Integrations

The Services may contain links to third-party websites, services, or integrations. We are not responsible for the privacy practices or content of those third parties. We encourage you to review the privacy policies of any third-party services you connect to or access through Welthra.

11. Children's Privacy

The Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have inadvertently collected data from a minor, we will take steps to delete it promptly.

12. International Data Transfers

Welthra is based in the United States. If you access the Services from outside the United States, your information may be transferred to, stored, and processed in the United States or other jurisdictions where our service providers operate. By using the Services, you consent to the transfer of your data to these jurisdictions, which may have different data protection laws than your country of residence.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the "Effective Date" at the top of this page and, where appropriate, providing additional notice via email or in-app notification. Your continued use of the Services after such changes constitutes acceptance of the updated Privacy Policy.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Welthra
Email: hello@welthra.ai