Privacy Policy

Last updated: April 12, 2026

1. Introduction

ThePolicyBox ("we", "our", or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our insurance management platform at thepolicybox.com.

2. Information We Collect

We collect information you provide directly to us, including:

  • Account Information: Email address, phone number, and name when you create an account.
  • Policy Documents: Insurance policy PDFs you upload for extraction and management.
  • Policy Data: Information extracted from your policies including policy numbers, coverage details, premium amounts, and expiration dates.
  • Gmail Data: If you use Gmail import, we access your email attachments to find insurance policies. We only read email metadata and PDF attachments - we do not read email content.
  • Client Information: For agent accounts, client names, contact details, and associated policies.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve our services
  • Extract and organize insurance policy data using AI
  • Send renewal reminders and notifications
  • Process transactions and manage your account
  • Respond to your comments and questions
  • Protect against fraudulent or unauthorized activity

4. Data Storage and Security

Your data is stored securely using Firebase/Google Cloud infrastructure in data centers operated by Google. All data in transit is encrypted using industry-standard TLS, and data at rest is encrypted by Google Cloud's default encryption.

Policy PDFs and other documents are stored in secure cloud storage. File access is restricted by server-enforced authentication: every download request goes through our backend, which verifies that the requesting user owns the document before issuing a short-lived (15-minute) signed URL. Direct access to the storage bucket is denied by rule; there are no permanent public links to your files.

When you share a policy with another user via their phone number, the file itself is copied server-side into that recipient's own secure storage folder at the moment they accept the share. After that, the two copies are independent — you can delete your copy without affecting theirs, and vice versa.

5. Third-Party Services

We use the following third-party services:

  • Google Firebase: Authentication and data storage
  • Google AI (Gemini): To extract information from policy documents
  • Google Gmail API: To import policies from your email (only with your explicit permission)
  • Razorpay: For payment processing (agent subscriptions)

6. Gmail Data Usage

When you authorize Gmail access, we only search for and download PDF attachments from emails matching insurance-related keywords. We do not read, store, or process the content of your emails. Gmail access can be revoked at any time from your Google Account settings.

7. Mobile App Permissions

On Android and iOS, ThePolicyBox may ask for the following permissions. Each is optional and used only for a specific purpose:

  • Contacts (Android READ_CONTACTS): Only used when you explicitly tap the contact-picker icon while sharing a policy. We read the name and phone number of the specific contact you select — nothing else. We never read your full contact list, upload contacts, or use contacts for any other purpose.
  • Biometric / Fingerprint / Face ID: Only used to lock the app if you enable the biometric lock in Settings. Biometric data never leaves your device and is never seen by ThePolicyBox.
  • Storage / Files: Used to let you pick PDF files to upload and to save downloaded policies. We only access files you explicitly select.
  • Notifications: If granted, used to send you renewal reminders and pending share notifications.

8. Data Retention

We retain your data for as long as your account is active. You can delete your account and all associated data at any time from the Settings page. Upon account deletion, all your policies, documents, and personal information are permanently removed from our systems within 30 days. Account backups are purged on the same cycle. We do not sell, rent, or trade your personal information to any third party.

9. Your Rights (including DPDPA)

ThePolicyBox is based in India and complies with the Digital Personal Data Protection Act, 2023 (DPDPA). Under this law and our own commitments, you have the right to:

  • Access your personal data
  • Correct inaccurate data
  • Delete your account and all associated data at any time
  • Export your policy data (request by email)
  • Revoke third-party permissions (like Gmail access)
  • Withdraw consent to future processing
  • File a grievance with us; if unresolved, escalate to the Data Protection Board of India

To exercise any of these rights, contact us at support@thepolicybox.com. We will respond within a reasonable time, typically within 7 business days.

10. Children's Privacy

Our service is not intended for children under 18. We do not knowingly collect personal information from children under 18. If you believe a child has provided us with personal data, please contact us and we will delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last updated" date at the top. Continued use of ThePolicyBox after an update means you accept the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

Email: support@thepolicybox.com
WhatsApp: +91 98105 12298

← Back to Home