Privacy & Data Protection
Comprehensive privacy framework ensuring data subject rights under CCPA, GDPR readiness, and state privacy laws. This document details our data handling practices, consumer rights implementation, and privacy-by-design principles.
Privacy Policy Statement
Daily Event Insurance is committed to protecting the privacy and security of personal information entrusted to us by customers, partners, and website visitors. We collect only the data necessary to provide our services, retain it only as long as required, and ensure individuals can exercise their privacy rights. Our privacy program is designed to comply with the California Consumer Privacy Act (CCPA/CPRA), and we maintain GDPR-ready practices for potential European operations.
Data Categories Collected
Categories of personal information collected, purposes, and retention periods.
| Category | Examples | Purpose | Retention | Legal Basis |
|---|---|---|---|---|
| Identifiers | Name, email, phone number, mailing address | Account creation, policy issuance, communications | 7 years after policy expiration | Contract performance, legal obligation |
| Commercial Information | Insurance purchases, policy details, premium payments | Policy administration, claims processing | 7 years after policy expiration | Contract performance, legal obligation |
| Financial Information | Payment card details (tokenized via Stripe), billing history | Payment processing, fraud prevention | 7 years for tax/audit purposes | Contract performance, legitimate interest |
| Internet Activity | IP address, browser type, pages visited, device info | Security, analytics, service improvement | 90 days for session data, 2 years for aggregated | Legitimate interest, consent |
| Geolocation Data | Event location, business address, IP-derived location | Coverage determination, rate calculation | 7 years with policy data | Contract performance |
| Professional Information | Business name, EIN, certifications, insurance history | Partner verification, underwriting | 7 years after relationship ends | Contract performance, legal obligation |
California Consumer Privacy Rights (CCPA/CPRA)
Rights available to California residents under the California Consumer Privacy Act and California Privacy Rights Act.
Right to Know
Request disclosure of personal information collected, used, and shared
Submit request via privacy portal or email; response within 45 days
Right to Delete
Request deletion of personal information (with legal exceptions)
Verified request processed within 45 days; exceptions documented
Right to Opt-Out
Opt out of sale of personal information
"Do Not Sell My Info" link in footer; honored immediately
Right to Non-Discrimination
Equal service regardless of privacy choices
No denial of service, different pricing, or quality reduction
Right to Correct
Request correction of inaccurate personal information
Corrections processed within 45 days after verification
Right to Limit Use
Limit use and disclosure of sensitive personal information
Sensitive data use restricted to essential purposes only
How to Exercise Your Privacy Rights
Written Request
Mail your request to our compliance team
Daily Event Insurance
Privacy Department
[Address on file]
GDPR Framework (EU Readiness)
While we currently operate in the United States, we maintain GDPR-ready practices to support potential future European operations and to serve as best-practice guidelines.
Right of Access
Obtain confirmation of processing and access to personal data
Right to Rectification
Have inaccurate personal data corrected
Right to Erasure
Have personal data deleted under certain circumstances
Right to Restriction
Restrict processing in certain situations
Right to Portability
Receive personal data in machine-readable format
Right to Object
Object to processing based on legitimate interests
Third-Party Data Sharing
Categories of third parties with whom personal information may be shared and safeguards in place.
We Do Not Sell Personal Information
Daily Event Insurance does not sell personal information to third parties for monetary or other valuable consideration. Data sharing is limited to service delivery and legal requirements.
| Recipient | Data Shared | Purpose | Safeguards |
|---|---|---|---|
| Insurance Carriers | Policy details, claims information, risk data | Underwriting, claims adjudication | Business Associate Agreements, encryption |
| Payment Processors (Stripe) | Payment card information (tokenized) | Payment processing | PCI DSS Level 1 certified, tokenization |
| Cloud Infrastructure (AWS/Vercel) | All system data (encrypted) | Service hosting and delivery | SOC 2 certified, encryption at rest/transit |
| Analytics Providers | Anonymized usage data, IP addresses | Service improvement, fraud detection | Data minimization, no PII shared |
| Regulatory Authorities | As legally required | Regulatory compliance, legal proceedings | Minimum necessary disclosure |
Privacy Procedures
Data Subject Request Handling
Data Deletion Procedure
Data Breach Response
Privacy by Design Principles
Proactive not Reactive
Privacy measures implemented before processing begins, not after incidents
Privacy as Default
Maximum privacy protection without user action; opt-in not opt-out
Privacy Embedded
Privacy built into system architecture and business practices
Full Functionality
Privacy without sacrificing features or user experience
End-to-End Security
Data protected throughout entire lifecycle from collection to deletion
Visibility & Transparency
Practices open to scrutiny and independently verifiable
User-Centric
User interests paramount with strong defaults and easy controls
Data Minimization
Collect only what's necessary, retain only as long as required
Data Protection Impact Assessments
We conduct Data Protection Impact Assessments (DPIAs) when introducing new processing activities that may present high risk to individuals' rights and freedoms. DPIAs are required for: