Privacy Policy

Last updated: February 10, 2026

1. Introduction

Swift Submission ("we", "us", "our") operates the Silverarrow platform. This Privacy Policy describes how we collect, use, store, and protect your personal data when you use our Service. We are committed to protecting your privacy and handling your data in compliance with the Swiss Federal Act on Data Protection (FADP) and applicable data protection laws.

2. Data We Collect

We collect the following categories of data:

  • Account data: name, email address, organization, and role when you create an account
  • Submission data: broker emails, insurance documents, policy information, and claims history uploaded or received through the Service
  • Usage data: log data, access times, features used, and interactions with the platform
  • Device data: browser type, operating system, and IP address

3. How We Use Your Data

We use your data to:

  • Provide, maintain, and improve the Service
  • Process underwriting submissions using AI-powered document analysis
  • Authenticate users and manage account access
  • Generate underwriting rationales and risk analyses
  • Maintain audit trails for compliance purposes
  • Communicate service updates and important notices

4. Swiss Data Residency

All data is stored and processed in Switzerland. Our infrastructure uses Supabase (Zurich region) for database and file storage, and Upstash (EU region) for job queues. No submission data leaves Swiss jurisdiction. This ensures compliance with Swiss data protection requirements and provides strong legal protections for your data.

5. AI Processing

We use artificial intelligence models to classify documents, extract structured data, and generate underwriting analyses. Submission documents are processed through AI providers for these purposes. We do not use your submission data to train AI models. All AI-generated outputs are clearly marked and linked to their source evidence.

6. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase: authentication, database, and file storage (Zurich, Switzerland)
  • AI providers: document analysis and data extraction
  • Microsoft Graph API: email integration for submission processing (when configured by your organization)

We carefully select third-party providers that meet our security and privacy requirements. We do not sell or share your data with third parties for marketing purposes.

7. Data Security

We implement enterprise-grade security measures to protect your data:

  • Encryption at rest for all stored documents and data
  • Row-level security (RLS) for multi-tenant data isolation
  • JWT-based authentication with role-based access control
  • Time-limited signed URLs for document access
  • Comprehensive audit logging of all data access and modifications

8. Cookies

We use essential cookies required for authentication and session management. We do not use third-party tracking cookies or advertising cookies. Essential cookies are necessary for the Service to function and cannot be disabled.

9. Data Retention

We retain your account data for as long as your account is active. Submission data and case records are retained in accordance with your organization's data retention policies and applicable regulatory requirements. Upon account termination, we provide a reasonable period for data export before permanent deletion.

10. Your Rights

Under applicable data protection laws, you have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your personal data
  • Object to or restrict processing of your data
  • Request portability of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, please contact us at the address below.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the updated policy on this page and updating the "Last updated" date. We encourage you to review this policy periodically.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data protection rights, please reach out via our contact page.