1. Who this policy covers
Daymi, Inc. (“Daymi,” “Pollen,” “we,” “us,” or “our”) provides Pollen, a software service that helps insurance and financial-advisory firms — including those handling private placement life insurance (PPLI) — automate document-heavy client workflows. This Privacy Policy explains what personal information we collect, how we use and share it, and the rights and choices available to you.
This policy applies to our marketing website, our web application, and related services (together, the “Services”). It does not apply to the internal practices of the firms that use Pollen or to third-party websites we link to.
Our role: controller and processor
Our responsibilities depend on whose information is involved:
- When we act as a controller. For information about visitors to our website and the firm personnel who create and administer Pollen accounts, we determine how and why the information is processed, and this policy governs that processing.
- When we act as a service provider / processor. When a firm uses Pollen to upload and process information about its own clients (“Client Data”), the firm is the controller of that information. We process Client Data on the firm’s behalf, under its instructions and our agreement with it. If you are a client of a firm that uses Pollen, that firm’s privacy policy governs — please direct requests to the firm, and we will help it respond.
2. Information we collect
Information you provide to us
- Account and profile information. When firm personnel sign up or are invited, our authentication provider (Clerk) collects information such as name, email address, and credentials. Passwords are managed by Clerk; we do not store them.
- Firm and organization details. Information about the firm, its team members, roles, and workspace configuration.
- Communications. Information you provide when you contact us, request a demo, or get support — such as your name, email, and the contents of your message.
Client Data submitted to the Services
Firms upload client documents — intake forms, PDFs, scans, and similar files — and Pollen extracts the information they contain into a structured, reviewable record. Depending on the firm’s workflow, Client Data may include:
- Identifiers — names, postal and email addresses, phone numbers, and dates of birth.
- Government identifiers — Social Security numbers (SSNs) and other government-issued identifiers.
- Financial information — income, assets, net worth, and financial-suitability details drawn from financial statements and account documents.
- Insurance-application information — details required to complete carrier applications, which may include health-related information about an applicant.
- Information about related individuals — spouses, dependents, beneficiaries, officers, or other people named in a document.
- Client contact and access details — the email address and, where used, the mobile number a firm provides so a client can receive a secure link and one-time passcode.
Pollen is built to handle sensitive information. Firms are responsible for having a lawful basis and any necessary consents to submit Client Data to the Services.
Information we collect automatically
- Device and log data — IP address, browser type, device and operating-system information, pages viewed, and timestamps.
- Cookies and similar technologies — we use strictly necessary cookies for authentication and session management (for example, sign-in sessions and client-portal sessions). We do not use third-party advertising cookies.
- Usage and performance data — aggregate metrics such as page-load and web-vitals measurements used to keep the Services fast and reliable.
- Diagnostic data — error and crash reports used to keep the Services reliable. We scrub recognizable personal identifiers (such as SSN and EIN patterns) from application logs and error reports.
3. How we use information
We use personal information to:
- Provide and operate the Services — ingest, classify, parse, and extract data from documents; build and maintain the reviewable record; populate the carrier applications and forms a firm delivers; and route work through human review.
- Authenticate and secure access — verify users, issue secure client links and one-time passcodes, enforce access controls, and detect and prevent fraud, abuse, and security incidents.
- Communicate with you — send service, transactional, and administrative messages (for example, client-portal links and account notifications), and respond to inquiries and support requests.
- Maintain, improve, and develop the Services — monitor performance, debug, and improve features and accuracy. We use aggregated or de-identified data for this purpose, and we use Client Data only as needed to provide the Services and as instructed by the firm.
- Comply with legal obligations — meet recordkeeping and other legal requirements, and enforce our agreements.
What we do not do
- We do not sell personal information, and we do not share it for cross-context behavioral advertising.
- We do not use Client Data to train our own or any third party’s general-purpose AI models. Our AI sub-processors are contractually restricted from using your data to train their models.
5. AI and automated processing
Pollen uses automated tools to read documents and to extract and organize their contents: the Anthropic Claude models served on Amazon Bedrock (inside AWS, with zero data retention by default — document contents are not stored, logged, or used for training, and are never shared with Anthropic), and Google Cloud Vision for optical character recognition, used only to locate each extracted value on the page for source citations. These tools assist the firm; they do not make final decisions.
A person at the firm reviews the extracted record before it is relied upon. Each extracted field is presented for verification, and the firm remains responsible for reviewing outputs and for any filing or decision. We do not use these tools to make decisions that produce legal or similarly significant effects without human involvement.
6. How we protect information
We maintain administrative, technical, and organizational measures designed to protect personal information, including:
- Encryption in transit and at rest — data is encrypted as it moves between systems and while stored.
- Additional encryption for sensitive records — certain sensitive records, such as insurance master records and extracted values, are additionally encrypted at the application layer before they are written to the database.
- Access controls and tenant separation — each firm’s data is logically separated, with role-based access controls so users see only what they are permitted to.
- Audit logging — actions taken on records are logged to support accountability and review.
- Secure client access — clients receive private, one-time links and, where enabled, a one-time passcode by SMS, rather than shared portals or standing accounts.
- Data minimization in logs and diagnostics — recognizable identifiers are redacted from application logs and error reports.
No method of transmission or storage is completely secure, and we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and any affected firm as required by law.
7. Data retention
We retain personal information for as long as needed to provide the Services and for the purposes described in this policy, then delete or de-identify it.
- Account information is retained while an account is active and for a reasonable period afterward.
- Client Data is retained according to the firm’s instructions and our agreement with the firm. Raw source documents are retained for a limited period (by default, up to 90 days) unless the firm opts in to a longer period; the structured records extracted from them may be retained longer to support the engagement and the firm’s recordkeeping obligations.
- Diagnostic and log data is retained for a limited period for security and reliability.
We may retain information as required to comply with legal obligations, resolve disputes, and enforce our agreements. Residual copies may persist in backups for a limited time before they are overwritten.
8. International data transfers
We are based in the United States and store and process personal information there. If you access the Services from outside the United States, your information will be transferred to and processed in the United States, where data-protection laws may differ from those in your country. Where required, we rely on appropriate safeguards for such transfers.
9. Your privacy rights and choices
Depending on where you live, you may have rights to access, correct, delete, or receive a copy of your personal information, and to object to or restrict certain processing. Because the firm controls the Client Data it submits, requests about Client Data should be directed to the firm; we will help the firm respond.
- Access and correction — request a copy of, or a correction to, personal information we hold about you as a controller.
- Deletion — request deletion, subject to legal and contractual retention requirements.
- Marketing choices — opt out of marketing emails using the unsubscribe link; we will still send necessary service messages.
- Cookies — control cookies through your browser; disabling strictly necessary cookies may break sign-in and the client portal.
To exercise a right, contact us using the details below. We will verify your request and respond as required by law. We will not discriminate against you for exercising your rights.
10. U.S. state privacy rights
Residents of California and other U.S. states with comprehensive privacy laws may have additional rights, including the right to know and access, to delete, and to correct personal information; the right to opt out of the “sale” or “sharing” of personal information and of targeted advertising; and the right to limit the use of sensitive personal information.
- We do not sell personal information and do not share it for cross-context behavioral or targeted advertising.
- When we process Client Data, we act as a service provider (or processor) to the firm and use that data only to provide the Services under our contract.
- You may use an authorized agent to submit a request on your behalf, and you may appeal a decision where the law provides for it.
California “Shine the Light”: we do not disclose personal information to third parties for their own direct-marketing purposes.
11. Children’s privacy
The Services are intended for businesses and their authorized users and are not directed to children. We do not knowingly collect personal information directly from children. Client Data submitted by a firm may include information about minors (for example, dependents or beneficiaries named in a document); we process that information as Client Data, on the firm’s instructions, and not to offer services directly to children.
12. Third-party links and services
The Services and our website may link to third-party sites or rely on optional integrations we do not control. Their practices are governed by their own policies, and we are not responsible for them. We encourage you to review the privacy notices of any third party you interact with.
13. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised policy.
14. Contact us
If you have questions about this policy or our privacy practices, contact us at:
Daymi, Inc.San Francisco, California
founders@pollen.cx