Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Privacy Policy

            Attachments (1)

            pdf

            PrivacyNotice_260108_EN(89465).pdf
            188 KB

            Latest Update: January 8, 2026


            This Privacy Policy describes how Symbility Solutions, Inc. and its subsidiaries worldwide (“Symbility Solutions”) process personal data as part of its products and services. It also includes information about how you can exercise your rights regarding your personal data.

            If you have any questions regarding this notice, you can reach out to us at privacy@symbility.net, or by mail at 30 Adelaide Street E, Suite 500, Toronto, ON, M5C 3G6, Canada. If you are in the European Union or the United Kingdom, you can reach out to our local representatives:

            EUROPEAN UNION (“EU”)

            UNITED KINGDOM (“UK”)

            Symbility Solutions GmbH

            Eastleighstrasse 50-52, 70806 Kornwestheim, Germany

            Symbility Solutions Limited

            Heaton House, Cams Hall Estate, Fareham, Hampshire, PO16 8AA, United Kingdom

            1.     WHAT IS THE SCOPE OF THIS PRIVACY POLICY? 

            This privacy notice applies to all our products and services, including access and use of our web application, desktop and mobile applications, such as Workspace (our “Services”). In the EU/UK, as part of our Services, we process personal data as a processor, based on the instructions of our clients, which include insurance carriers and assessors. Please refer to their respective privacy notice for more information on how they process your personal data. 

            It also applies to the provision of technical support, which may include processing for which we are data controllers, such as for call recordings. This privacy notice does not apply to the processing of personal data by third-party sites, services or applications, including, third-party integrators which our clients may use in relation to our Services.

            2.     HOW DO WE PROCESS PERSONAL DATA AS PART OF THE SERVICES?

            We collect personal data about users directly through our Services, including data generated from their interactions with our applications. We also collect personal data about policyholders through our users to allow insurance carriers and their agents to process property claims. We do not obtain personal data about policyholders from unrelated third parties; however, we may enrich claim information with contextual or aggregated data, such as weather information from the day of loss. Our customers may also choose to connect our Services with third-party systems—for example, tools that generate floorplans or external claims platforms—which may involve sharing additional claim information with us as part of their configuration.

            Below is an overview of the key purposes for which we collect and process personal data, and the associated categories of information.

            • To create and manage user accounts, including to authenticate users and allow them to access our applications, we process business contact information and technical data, such as account information, organizational details, credentials, and technical data such as device and login information.
            • To manage claims and assignments across a centralized platform. The information processed for this purpose includes information provided by users about policyholders and their properties, such as claim identifiers, loss details, location, room types, property diagrams, photos, videos, receipts and other materials required to document and advance a claim. Users may add drawings, measurements, markups, notes, and other site documentation directly within our applications.
            • To enable live collaboration, including messaging, real-time interactions and video calling. Information shared during these interactions, including audio, video, attachments, comments, and collaboration metadata, is processed to support these features and to maintain a consistent workflow for users.
            • To complete estimates, including through AI-assisted features. Users enter information such as loss type, room types, materials, and measurements. When enabled, our Services use limited contextual data—such as ZIP or postal code—to autofill portions of an estimate or suggest commonly used line items. These tools are designed to support assessors, not replace manual review.
            • To provide business intelligence and quality assurance functionalities to our clients on claim management. These features include dashboards and reports on claim volumes, cycle times, estimate outcomes and workloads, as well as QA tools that allow our clients to sample claim files, review and score estimates, record audit comments, and track follow-up actions. For this purpose, we use information already contained in the claim (such as claim identifiers, property and loss details, estimate data and workflow timestamps, along with user identifiers, performance indicators, and QA results configured by our clients. Where possible, these insights are generated in an aggregated or pseudonymized form in accordance our customer agreements.
            • Policyholder portals and document sharing. To allow policyholders to view the progress of their claim and exchange information with their carrier using customer-branded portals, we process the information that is displayed or shared through the portal. This may include claim identifiers, status and timeline information, scheduled visits or repairs, and documents that users upload (for example, photos, receipts, invoices or correspondence), as well as portal metadata such as file names, upload timestamps, user identifiers, and optional comments entered with an upload.
            • Notifications and service communications. We use third-party communication providers to send emails, SMS and in-app notifications related to the Services—for example, to confirm account creation, notify users of assignments or status changes, send reminders, or deliver security-related alerts. For this purpose, we process identifiers such as names, email addresses, phone numbers, user or account IDs, notification content, and basic routing and delivery metadata generated by those providers.

            3.     HOW DO WE PROCESS PERSONAL DATA TO ADMINISTER OUR SERVICES?

            To manage our Services, including to provide technical support, we also process the personal data for the following purposes, and lawful bases where applicable. We collect this information directly from users or from information previously provided by users, or generate them based on the information provided by users. When we collect personal data based on your consent, you can withdraw this consent at any moment.

            • Preference, configuration and consent management. 

            To allow users and customers to manage their preferences, we store account-level settings (such as language, time zone, notification and communication preferences, and display options), certain feature configurations, and where applicable, records of consents or choices (including timestamps, method and scope) associated with a user or account. Technical data such as IP addresses and device or browser information may also be processed to support these functions and maintain security.

            We process personal data for this purpose based on our legitimate interests to manage consent and pursuant to our obligaitons to comply with applicabl elaws.

             

            • Technical support and customer service

            When you or our customers contact us for help, we process the information needed to understand and resolve the request. This typically includes the requester’s name and contact details, organization, role, claim numbers or other reference identifiers, a description of the issue, and any screenshots, logs, files or other materials voluntarily shared with our support team.

            We maintain records of tickets, their status and resolution history. If a support chatbot or web chat is enabled in your region, it may collect conversation content and related metadata (such as timestamps, session IDs, IP address, browser and device information and referral URLs) to route and escalate requests and to maintain conversation history across channels. We may use AI-based tools to assist with support—for example, to categorize tickets, generate draft responses or transcripts and link related interactions—while human agents remain responsible for final decisions.

            We process this personal data based on your explicit consent to resolve the requests, and based on our legitimate interests to improve technical support services.

            • Call recording and quality assurance for support. 

            Where permitted by law and announced in advance, calls to our support lines may be recorded for quality assurance, training and to improve our services. In that case we process call audio (which may contain the caller’s voice and any information they choose to share), telephony metadata (such as caller ID where available, dialed number, date and time, duration and routing details), and contextual information such as ticket numbers or case references, the nature of the issue and follow-up actions taken. In North America, call recordings are stored securely in the United States for a limited period and access is restricted to authorized personnel who require it for their duties.

            We record calls based on your explicit consent. If you do not want to be recorded, please use other technical support communication channels.

            • Analytics and product improvement. 

            We may use the technical and usage data described above—often in aggregated or pseudonymized form—to generate statistics and insights about how our Services are used and to support capacity planning, feature development and user-experience improvements. Examples include analyzing how often certain features are used, understanding general patterns in claim workflows, or tracking error rates over time. When we perform these activities as an independent data controller, we do so based on our legitimate interests in improving and securing the Services and in operating our business, while taking steps to minimize the impact on individuals’ privacy.

            We process personal data for this purpose based on our legitimate interests to monitor and improve our services. 

            • Service performance, security and reliability. 

            To maintain and improve the performance and security of our Services, we automatically collect certain electronic data when users access or interact with the applications. This generally includes IP address and coarse-grained location information derived from it, device and browser type, operating system, language and regional settings, usage timestamps, error and crash reports, and application, network and security logs. We use this information to monitor service availability and performance, troubleshoot issues, detect and investigate security incidents or misuse, enforce our terms and policies and maintain audit trails where required by our customers or by law.

            We process personal data for this purpose based on our legitimate interests to secure our services, including, to protect personal data.

            • Subscription management and payment processing. 

            For users who subscribe to the Services using a personal credit card or other direct payment method, we process the information necessary to manage their subscription and payments. This may include billing contact details, billing address, plan and entitlement information, transaction identifiers, invoice details, payment status and timestamps, and, where applicable, tokenized payment details handled through secure third-party payment processors. We do not store full-card numbers or security codes on our own systems; these are processed by our payment providers in accordance with applicable payment-card industry standards.

            4.     HOW DO WE USE ARTIFICIAL INTELLIGENCE?

            If these functions are available in your region, our Services use artificial intelligence (“AI”) to support insurance professionals in documenting losses, generating estimates, and improving the efficiency of claim handling. These features may include generating itemized lists of materials and actions as part of an estimate, intelligently suggesting relevant items based on claim context (such as location, peril type and room type), automatically generating captions for photos, or summarizing user-provided information to prefill elements of the claim file.

            Our AI capabilities are designed to assist users—not replace them. All outputs generated by AI are subject to review, verification and modification by the user before they are added to a claim or relied upon for decision-making.

            Our use of AI in our Services is aligned with the following principles :

            • AI supports human decision-making. Our AI features provide suggestions or draft outputs, but users remain fully responsible for reviewing and approving all estimate line items, captions, or summaries generated by AI.
            • Limited and contextual input data. When AI features are enabled, they use only the minimum data required to support the function, such as room types, loss types, location, user inputs and property data already contained in the claim.
            • Pseudonymized or minimized data sent to the LLM. When a large language model (“LLM”) is used, we limit inputs to pseudonymized or deidentified data wherever possible, and do not send policyholder names, contact details, or identifiable content unless required for a specific feature.
            • No training of our AI models using your personal data. We do not use personal data from our customers or policyholders to train AI models.
            • No automated decision-making. Our Services do not make automated decisions that produce legal or significant effects. All AI outputs require human review.
            • Guardrails and governance. We implemented governance committees to oversee model use, risk controls, and compliance with responsible-use standards.

            Depending on region and configuration, AI features may include:

            • Estimate prefill: Drafting portions of an estimate based on room types, loss type, and region-specific pricing.
            • Photo caption generation: Generating captions on images automatically based on metadata (timestamps, device information and location data), photos and notes.
            • Estimate generation: Facilitating the generation of estimate by prioritizing suggested items to include, and estimating prices based on inputs such as location and loss type.
            • Quality assurance for support interactions, including for auditing interactions and automating processes such as ticket classification and request input.

            5.     HOW DO WE USE COOKIES AND TRACKING TECHNOLOGIES?

            In our Services, cookies are used solely to support specific and essential functionalities, such as session management, security, and application performance. We do not use marketing or targeting cookies in these environments, nor we disclose personal data via cookies to third parties that are not acting as our service providers.

            The following cookies are used as part of the Services:

            TYPE OF COOKIE

            DESCRIPTION

            Essential Cookies

            Essential cookies enable core features of our Services and are required for them to function properly. These include authentication and login management, session persistence, security functions such as fraud prevention and bot detection, network load balancing, and protection against cyber-attacks (for example, cookies set by our application-firewall and bot-management tools). We use essential cookies to provide you with the Services contracted.

            Functional Cookies

            Functional cookies allow certain features to operate correctly and remember your configuration choices within the Services. They may store preferences such as language or display settings, help us associate certain actions (for example, support requests or consent selections) with the appropriate user, and preserve workflow continuity across sessions. 

            These cookies are used to improve your experience and ensure consistency within your account. They are used based on our contract to provide you with the Services.

            Analytical Cookies

            Analytical cookies help us understand how the Services perform so we can improve reliability, speed, and functionality. These cookies collect technical information—such as device and browser type, error reports, and usage patterns—in a pseudonymized or aggregated manner.

            Some analytical features are optional and require your consent before activation.

            For example, in our mobile applications, users may opt in to share coarse geolocation information (city/state only) to help us diagnose performance issues and optimize application behaviour in different regions. This information is used solely in aggregated reporting and is not linked to unique device identifiers or used for advertising.

            Lawful basis: Explicit consent (for optional analytical features).

             

             

            6.     HOW CAN YOU MANAGE YOUR COOKIE PREFERENCES?

            You can manage your cookie preferences through your browser by uninstalling or blocking certain cookies. Click on your browser below to obtain instructions. You can withdraw your consent for the use of cookies at any time by managing your preferences. Please note that certain features may require cookies to function as intended.

            You can also manage your cookie and tracking preferences directly within our mobile applications. For example, you may opt out of optional analytics, disable geolocation sharing, or limit in-app data collection through the application’s settings menu, where available.

            Your device may also offer additional controls:

            • iOS: You can manage app permissions—including location, camera, microphone, and background activity—through Settings> Privacy & Security. You may also restrict tracking through App Tracking Transparency (ATT).
            • Android: You can manage app permissions through Settings> Apps> Permissions, including location, camera, and storage, or limit background data via your device’s network settings.

            These controls operate in addition to any preferences you select within the app.

            Some tracking mechanisms used for operational analytics—such as crash reporting, performance monitoring, or enterprise-level configuration set by our customers—are managed at the organizational level and cannot be changed individually by end users. These mechanisms do not include advertising or third-party marketing tools. For more information on enterprise-controlled settings, please refer to the privacy notice of the carrier or organization using our Services.

            7.     WITH WHOM DO WE SHARE YOUR PERSONAL DATA? 

            We may share personal data with third parties that support the operation, maintenance, and security of our Services. These third parties act as our service providers and may process personal data only according to our instructions and for the purposes described in this policy. They are contractually required to protect personal data and are not permitted to use it for their own purposes.

            These service providers include, for example:

            • Cloud hosting and infrastructure providers that store and operate our Services securely.
            • Customer-support and ticketing tools that help us manage and resolve support requests.
            • Communication providers that deliver SMS, email, and in-app notifications.
            • AI technology providers, including large language models (“LLMs”), used to generate optional features such as captions, summaries, or suggested line items.
            • Payment processors that manage subscription payments.
            • Security and authentication providers that help protect your account and maintain service integrity

            We also share personal data with third parties in the following limited circumstances:

            • Mapping services. If enabled by the customer, property locations may be displayed through third-party mapping tools such as Google Maps. Only the property address is shared for this purpose, and the processing of that information is subject to the mapping provider’s own privacy notice.
            • Integrated support across affiliated products. At a customer’s request, we may share information with our affiliates within the Cotality and CoreLogic group to provide integrated support across related products and services—for example, coordinated technical support with NextGear Solutions, Inc.
            • Deidentified or aggregated data. We may share deidentified or aggregated data with our affiliates to improve product functionality, support analytics, or enable research, in accordance with our agreements and applicable law.
            • Customer-enabled integrations. When a customer chooses to connect the Services with third-party applications (such as claims platforms, restoration systems, or contents and measurement tools), personal data required for that integration will be shared with those third parties. These third parties act as independent controllers and process data subject to their own privacy notices.

            In addition, we may disclose personal data when necessary in the following situations:

            • Business transactions. As part of a merger, acquisition, financing, or sale of all or part of our business, subject to appropriate confidentiality protections.
            • Legal compliance. To comply with lawful requests from courts, regulators, or public authorities, including requests related to national security or law enforcement.
            • Safety and vital interests. To protect individuals, prevent imminent harm, or safeguard life, property, or public safety when we believe such disclosure is necessary.

            We do not sell personal data, use it for advertising purposes, or allow third parties to use personal data for their own marketing in connection with our Services.

            8.     HOW DO WE PROTECT PERSONAL DATA?

            To maintain the security, integrity, and availability of your personal data, we adhere to industry-recognized standards and implement a comprehensive set of technical and organizational measures. Our information security and privacy programs are grounded in certifications such as ISO 27701, ISO 27001:2022, ISO 27002:2022, ISO 27017, ISO 27034:2011, and ISO 22301, which guide how we design, operate, and continually improve our controls.

            In alignment with these standards, we maintain a layered security approach that includes:

            • Strong access controls, including role-based access, multi-factor authentication, and strict authorization practices.
            • Encryption of personal data in transit and at rest.
            • Secure development and testing practices, including code reviews, dependency management, and validation of AI-enabled features.
            • Regular internal and external penetration testing, as well as periodic vulnerability assessments to identify and remediate risks in the environment.
            • Continuous monitoring and threat detection, including logging, anomaly detection, and automated alerts to identify suspicious or unauthorized activity.
            • Incident response and business-continuity processes, regularly tested to ensure operational resilience.
            • Employee training, including mandatory security, privacy, and AI-responsible-use training for all personnel with access to personal data.

            We also conduct privacy impact assessments (PIAs and DPIAs) for features or workflows that may introduce new privacy or AI-related risks, including those that involve large language models or automated processing. These assessments help ensure that controls, minimization principles, and governance expectations—such as AI transparency and explainability—are met before new functionality is released.

            When we use AI capabilities, including large language models, we ensure that only the minimum necessary data is provided to support the feature. Our service providers process this data under strict contractual and technical safeguards, including enterprise-grade isolation, controlled retention practices, and compliance with cloud security and privacy frameworks. Your personal data is not used to train any AI models.

            When we share personal data with service providers or affiliates to support the delivery of our Services, we require them to maintain security and privacy practices that meet or exceed our internal standards. These providers undergo vendor due diligence, and where appropriate, are subject to contractual commitments such as confidentiality obligations, data protection agreements, and international transfer safeguards.

            All data hosting providers engaged by Symbility maintain industry-recognized certifications and undergo regular audits to support the secure handling of personal data. Access to personal data is restricted to authorized personnel who require it to perform their duties, and all access is logged and monitored.

            9.     WHERE DO WE STORE YOUR PERSONAL DATA?

            The primary location in which personal data is hosted is determined by our contract with each customer. In general, Symbility stores and processes personal data in the region where our customer is located. For instance, if the insurance carrier is located in the EU, the primary and secondary data centres for hosting data will be in the EU. Symbility is head quartered in Canada, and level 3 support is provided from Canada.

            In some cases, personal data may be transferred to and processed outside of this region, such as in the United States, for limited operational needs that support the Services. These include:

            • Log monitoring and security operations, which may be centralized in the United States to support threat detection and incident response.
            • Business analytics, where permitted by our customer agreements and performed in aggregated or pseudonymized form.
            • Technical support, including interactions with the chatbot or support agents.
            • Call recordings, which are stored in the United States for users located in Canada and the United States.

            When these transfers occur, service providers only receive the minimum personal data necessary to perform their functions and are contractually prohibited from using it for any other purpose. When data is transferred outside your jurisdiction, we implement appropriate safeguards in accordance with applicable laws. These may include:

            • Standard Contractual Clauses (SCCs),
            • UK International Data Transfer Addendums (IDTAs), or
            • Other legally recognized transfer mechanisms

            combined with vendor due diligence and contractual protections.

            10.  HOW LONG DO WE RETAIN YOUR PERSONAL DATA?

            We retain personal data only for as long as necessary to fulfill the purposes for which it was collected, to comply with our legal obligations, and to meet our contractual commitments with our customers. Retention periods may vary depending on the type of data and the configuration chosen by the customer.

            User Accounts

            We retain user account information—including login credentials and profile details—for as long as the user has an active account. Customers may request deletion of user accounts at any time. When a customer’s service agreement ends or expires, we delete or return personal data in accordance with our agreement and applicable law.

            Claims and Application Data

            Personal data contained in claim files is retained according to the instructions and retention schedules of the customer who controls the claim. Once a customer instructs us to delete or return this data, we do so in accordance with the contract.

            Support Interactions and Logs

            We retain personal data processed as part of technical support activities for limited periods:

            • Support tickets: retained for 12 months.
            • Call recordings: retained for up to 90 days (or 30 days for certain call-center systems, depending on region).
            • Chatbot and live chat logs: retained only for the period required to support the ticket and maintain service continuity.

            System Logs and Security Records

            Security logs, audit logs, and performance logs are retained for the minimum period necessary to ensure the security, integrity, and proper functioning of the Services. These logs may be retained longer where legally required or necessary to investigate incidents.

            Backups

            Data stored in system backups is retained only for disaster-recovery purposes in accordance with our backup retention schedule and is deleted automatically at the end of the backup lifecycle.

            When Deletion Occurs

            When data is no longer required for operational, contractual, or legal purposes, it is securely deleted or deidentified in accordance with industry standards and our internal policies.

            11.  WHAT ARE YOUR RIGHTS REGARDING YOUR PERSONAL DATA?

            Data protection laws provide individuals with different rights over their personal data depending on where they are in the world, and the circumstances applicable to the request. These rights include for instance: 

            • The right to be informed about how we collect, use, disclose, and retain your personal data.
            • The right of access to the personal data we hold about you.
            • The right to rectification of inaccurate or incomplete personal data.
            • The right to request erasure of your personal data (also known as the “right to be forgotten”).
            • The right to restrict or object to certain types of processing, including processing based on our legitimate interests.
            • The right to data portability, allowing you to obtain your personal data in a structured, commonly used, and machine-readable format.
            • The right to withdraw consent where we rely on consent as the lawful basis for processing.
            • The right to contest automated decision-making, where applicable. Symbility does not engage in automated decision-making that produces legal or similarly significant effects.

            European Union and United Kingdom (GDPR / UK GDPR)

            Individuals in the EU or UK have all the rights listed above. You may also request information about international transfers and the specific safeguards applied.

            Canada (PIPEDA and provincial legislation)

            Individuals in Canada have the right to access and correct their personal information, challenge accuracy, withdraw consent (subject to legal or contractual limits), and request information about our data-handling practices, including transfers outside Canada.

            United States (including California—CPRA/CCPA)

            Residents of certain U.S. states, including California, may have additional rights, such as the right to:

            • Know the categories of personal data we collect and disclose.
            • Access specific pieces of personal data.
            • Request deletion of personal data.
            • Correct inaccurate personal data.
            • Opt out of certain types of data sharing (“sharing” under CPRA refers to cross-context behavioral advertising, which Symbility does not perform).

            We do not “sell” personal data as defined under state privacy laws.

            If you submit a request, we may need to verify your identity before responding, which may require additional information. If we cannot comply with your request, we will provide the reason as permitted under applicable law. We respond to all rights requests within the timeframes required by law for your jurisdiction.

            Please note that if you request deletion of your data, or withdraw your consent where consent is the legal basis for processing, certain features or Services may become unavailable or may function in a limited manner.

            If you have concerns about how we process personal data, you may contact us directly through the channels listed in this notice. We treat all complaints seriously and will take appropriate steps to address them. If you remain unsatisfied, you may also contact your local privacy regulator or data protection authority for further guidance on filing a complaint.

            12.  CAN WE MODIFY THIS PRIVACY NOTICE?

            Yes. We may update this notice from time to time to reflect changes in our Services, our data-processing practices, or applicable legal requirements. When we make material changes, we will notify users in accordance with applicable laws, for example, through an in-product notice, email notification, or by posting an updated version on our website.

            The “Latest Update” date at the top of this page indicates when it was last revised. We encourage you to review this policy periodically to stay informed about how we protect and process personal data.

            .


            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0