Privacy Policy

This Privacy Policy describes how Amato & Associates LLC, a licensed insurance agency operating the MyReve software platform, ("Company," "we," "us," or "our") collects, uses, stores, shares, and protects information when you use the MyReve platform ("Platform"), including our website, application, and related services. This policy applies to agency administrators, producers (agents), and applicants — collectively, our authenticated users.

For information about data practices related to the client-facing quote presentation pages, please see our separate Quote Page Privacy Notice, which is displayed within the quote presentations that agencies share with their clients.

By creating an account or using the Platform, you consent to the practices described in this Privacy Policy.

1. Information We Collect

1.1. Information You Provide Directly

Agency application information. When you apply to use the Platform, we collect: agency name, primary contact name, contact email address, contact phone number (optional), street address, city, state, and ZIP code. You may also provide a referral code.

Account and profile information. When your account is created, we collect and store: email address, first name, last name, phone number (optional), profile photo URL (optional), display title (optional), scheduling/booking link (optional), and password (stored only in hashed form).

Billing information. We collect your agency name and contact information for billing purposes. Payment card details are collected and stored exclusively by our third-party payment processor and are never transmitted to or stored on our servers.

Onboarding and configuration. During setup, you may provide: module selections, branding preferences (logo, colors), quote system settings, custom pipeline statuses, and contact disposition labels.

1.2. Information Generated Through Your Use

Client and prospect data. The Platform stores business and contact information you enter or import, including business names, addresses, phone numbers, emails, websites, industry categories, and decision-maker contact details. This is data you control; see Section 5 for how we handle it.

Activity and engagement data. We record actions taken within the Platform, including: contact logs with notes and dispositions, quote creation and sharing events, and search queries.

Quote package data. When you build a quote, we store: client name, state, insurance product selections, coverage details, premiums, endorsements, discounts, vehicle information, life insurance details, and bundle pricing configurations.

1.3. Information Collected Automatically

Authentication and security data. We record login timestamps, failed login attempts, account lockout events, and password reset activity.

Audit and access logs. We maintain audit logs that record actions performed on the Platform, including the acting user, action type, timestamp, and IP address. Audit logs are retained for ninety (90) days and then permanently deleted.

API usage data. We log API endpoint access for operational monitoring. These logs are retained for ninety (90) days and then permanently deleted.

Notification preferences. We store your preferences for receiving quote-related notifications (e.g., when a client first opens a quote, on every re-view, and on contact requests).

2. How We Use Your Information

We use the information described above to:

• Provide, operate, and maintain the Platform and its features.
• Process your subscription, billing, and payments.
• Authenticate your identity and secure your account.
• Send you operational and transactional emails, including account setup invitations, password reset links, and quote activity notifications.
• Enforce our Terms of Service, including usage limits and acceptable use.
• Monitor Platform performance, diagnose technical issues, and improve our services.
• Comply with legal obligations and respond to lawful requests.
• Administer the referral program and promotional offers.

We do not sell your personal information. We do not use your information for automated decision-making or profiling. We do not send marketing emails; all communications are transactional and operational in nature.

3. How We Share Your Information

We share your information only in the following circumstances:

3.1. Service Providers (Sub-Processors)

We use third-party service providers to help operate the Platform. These providers process data on our behalf and are contractually obligated to use it only for the purposes we specify. Categories of service providers include:

• Cloud infrastructure and database hosting providers — for application hosting, data storage, and compute.
• Content delivery and frontend hosting providers — for serving the Platform's web application and collecting anonymized performance metrics (web vitals).
• Payment processing providers — for handling subscription billing, invoicing, and payment method storage.
• Transactional email providers — for delivering account-related and quote-notification emails.

We do not publish a list of specific sub-processor names. If you require sub-processor identification for your compliance purposes, you may request it by contacting hello@myreve.app.

3.2. Within Your Agency

Agency Administrators can view all user accounts, client data, quote data, and activity within their agency. Producers can view records assigned to them and quotes they create.

3.3. Legal Requirements

We may disclose your information if required by law, regulation, legal process, or governmental request, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, the safety of others, or to detect and prevent fraud.

3.4. Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, your information may be transferred as part of that transaction. We will notify you of any such transfer and any changes to this Privacy Policy.

4. Data Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

• Passwords are hashed using an industry-standard adaptive hashing algorithm before storage.
• Password reset tokens are cryptographically hashed and expire within seventy-two (72) hours.
• Accounts are temporarily locked after five (5) consecutive failed login attempts.
• All data in transit is encrypted via HTTPS/TLS.
• API access is rate-limited to prevent abuse.
• Security headers are applied to all responses.
• Payment webhook signatures are cryptographically verified.
• Timing-safe comparisons are used for sensitive token validations.

No method of transmission or storage is perfectly secure. While we strive to protect your information, we cannot guarantee absolute security.

We do not currently hold SOC 2, ISO 27001, or equivalent third-party security certifications.

5. Third-Party Data You Process Through the Platform

A significant portion of the data on the Platform relates to third parties — prospective insurance customers, business owners, and their employees — who have no direct account with us.

Your role: You are the data controller for this third-party data. You determine what data to collect, import, and store, and you are responsible for having a lawful basis to do so.

Our role: We are the data processor. We store and process this data solely on your behalf and according to your instructions as effectuated through your use of the Platform. We do not independently access, sell, or use this third-party data for our own purposes.

Your obligations: You are responsible for complying with all applicable privacy laws with respect to the third-party data you process through the Platform, including responding to access, correction, or deletion requests from the individuals whose data you store.

If we receive a request from a third party regarding data that you control, we will direct them to contact you.

6. Data Retention

Account and agency data. Your account information, agency profile, and associated records are retained for as long as your account exists, and indefinitely after cancellation or termination unless you request deletion.

Quote and contact data. Quote packages, contact logs, notes, and status histories are retained indefinitely unless you request deletion.

Audit logs and API usage logs. Retained for ninety (90) days and then permanently deleted.

Search session data. Retained for approximately thirty (30) days and then permanently deleted.

Soft-deleted records. Deactivated user accounts and archived records are retained in a deactivated state. They are not purged automatically.

To request deletion of your data, see Section 7.

7. Your Rights and Choices

7.1. Access and Correction

You can access and update your profile information, agency settings, and notification preferences at any time through the Platform.

7.2. Data Deletion

You may request deletion of your agency's data by submitting a written request to hello@myreve.app. We will process your request within thirty (30) calendar days. Deletion is permanent and cannot be reversed.

We may retain certain information as required by law, to resolve disputes, enforce our agreements, or where deletion is technically infeasible for aggregated or anonymized data.

7.3. Data Export

There is no self-service data export feature at this time. If you need a copy of your data, you may request one by contacting hello@myreve.app. We will make commercially reasonable efforts to accommodate such requests within thirty (30) calendar days.

7.4. Email Communications

All emails we send are transactional or operational (account setup, password resets, quote notifications). These communications are integral to the Platform's functionality and are not marketing emails. You can manage quote notification preferences within your account settings.

8. Data Residency

All Platform data is stored and processed in the United States. The Platform is intended for use exclusively within the United States. We do not offer data residency options in other jurisdictions.

9. Children's Privacy

The Platform is not directed to and is not intended for use by individuals under the age of eighteen (18). We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will delete it promptly.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you through the Platform or by email and update the "Last Updated" date. Your continued use of the Platform after any changes constitutes acceptance of the updated policy. If a new version requires re-acceptance, you will be prompted accordingly.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise any of your rights, please contact us:

Amato & Associates LLC 8149 161st Avenue NE, Redmond, WA 98052

Privacy inquiries: hello@myreve.app General support: hello@myreve.app

This Privacy Policy applies to authenticated users of the MyReve platform. Information about how data is handled on client-facing quote presentation pages is displayed within those pages themselves, in the Quote Page Privacy Notice accessible from the footer of each quote.