Back to Home

Privacy Policy

Last Updated: March 31, 2026

1. Introduction

Mitigation Audit LLC ("we," "us," or "our") is committed to protecting the confidential business data you entrust to us and to complying with applicable privacy laws, including the Connecticut Data Privacy Act (CTDPA). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered pre-review Service for mitigation invoices (the "Service").

Important Notice: The Service is exclusively for business use by insurance carriers, independent adjusters, and third-party administrators (TPAs). It is not intended for individual consumers, policyholders, restoration contractors, or public adjusters.

2. Information We Collect

We collect only the minimum data necessary to perform the audit:

  • Uploaded Content: Mitigation invoices, estimates, psychrometric drying logs, photos, and related documents provided by you.
  • Account Information: Name, business email, company name, and billing details.
  • Usage Data: IP address, browser type, timestamps, and interaction logs.

3. Cookies and Tracking

We use cookies strictly for essential operation and limited analytics:

  • Essential Cookies: Required for secure login and payment processing (via Stripe).
  • Analytics: We use Google Analytics with IP anonymization to monitor site performance. We do not use advertising features or tracking pixels for retargeting.
  • No Third-Party Ads: We do not allow third-party advertising networks to collect data on our site.

4. How We Use Your Information

We use your data solely to provide, maintain, and improve the Service. In particular, we use your information to:

  • Analyze uploaded files via our AI-powered logic engine to generate Audit Reports.
  • Process payments through Stripe and deliver receipts.
  • Maintain the security and integrity of the Service.

5. Strict AI Data Usage Policy (No Training)

We utilize enterprise-grade API settings to ensure confidentiality. Your uploaded content and data are NOT used to train, improve, or fine-tune public Artificial Intelligence models. Your data remains isolated to your specific audit session, ensuring confidentiality.

6. Automated Decision-Making

Our Service provides automated insights and recommendations based on industry standards (e.g., ANSI/IICRC S500/S520 guidelines). These recommendations are non-binding and intended as advisory tools only. They do not constitute formal expert opinions or coverage determinations.

  • Human in the Loop: The Service functions as an analytical tool, not a final decision-maker. No decisions regarding coverage or payment are made solely by automated means.
  • Final Authority: All final claim decisions remain with you (the adjuster/carrier).

7. Data Retention

  • Uploaded Files: Uploaded documents are deleted from our active processing servers within 30 days after the report is generated.
  • Encrypted Backup Copies: For disaster recovery and system integrity purposes, encrypted backup copies of database snapshots may be retained for up to 30 days, after which they are automatically and permanently deleted via automated lifecycle rules. Backup data is never used for ordinary business operations, reporting, or analytics, and is accessible only to authorized technical staff.
  • Reports: Generated PDF audit reports remain stored in your account to allow you to review your history. You may delete individual reports at any time through the Service, or request deletion of all stored reports.
  • Account Deletion: Upon request, we will delete all your personal data within 30 days, except for records required by law for tax or accounting purposes.

8. Data Sharing

We do not sell, rent, or trade your data. We share data only with trusted third parties as necessary to provide the Service:

Third-Party Subprocessors and Service Providers: We use the following subprocessors and vendors, all of which are bound by strict data protection agreements:

  • Amazon Web Services (AWS): Hosting infrastructure, secure cloud storage, and automated encrypted backups.
  • Google (Gemini AI): AI model processing for audit report generation and document analysis.
  • Pinecone: Vector database used for retrieval of IICRC standards during audit processing.
  • Stripe: Payment processing services.
  • Other Trusted Partners: Such as analytics or email providers, as needed to operate the Service.
  • Legal Compliance: If required by a subpoena, court order, or regulatory mandate.

We never share data with policyholders, contractors, or public adjusters.

9. Payment Security

All payments are processed by Stripe. We do not store or have access to your full credit card number. Payment data is encrypted and handled in compliance with Payment Card Industry Data Security Standard (PCI-DSS) standards.

10. Business Continuity and Disaster Recovery

We maintain comprehensive business continuity and disaster recovery plans to ensure the reliability and availability of our Service. Our infrastructure uses AWS cloud storage with automated encrypted backups stored in a dedicated S3 bucket. In the event of a service disruption, we have documented procedures to restore operations quickly with minimal downtime. We regularly test our backup and recovery processes. All data is encrypted at rest (AES-256) and in transit to protect against unauthorized access, and we continuously monitor our systems via real-time error tracking to promptly detect and respond to any incidents.

11. Your Responsibility for PII

You acknowledge that you are the data controller for the documents you upload. You are responsible for redacting Sensitive Personally Identifiable Information (e.g., Social Security numbers, dates of birth) before upload. You agree to indemnify Mitigation Audit LLC against claims arising from the upload of unredacted sensitive data. As an additional safeguard, our system applies automated PII detection and redaction before any document content is processed by our AI pipeline.

12. Your Rights (CTDPA & General)

Under applicable state laws (including the Connecticut Data Privacy Act), you may have the right to:

  • Access, correct, or delete your personal information.
  • Opt-out of certain data processing.
  • Appeal a decision regarding a rights request.

To exercise these rights, email info@mitigationaudit.com. We will respond to all verified requests in accordance with the CTDPA and other applicable laws, typically within 30 days.

13. International Transfers

Your data is processed in the United States. If you access the Service from outside the US, you acknowledge that your data will be transferred to US-based servers subject to US privacy laws. We will protect your data in accordance with this Privacy Policy and applicable U.S. laws.

14. Children's Privacy

The Service is a B2B tool and is not directed to individuals under 18. We do not knowingly collect information from children. If we become aware that a child under 18 has provided us with personal data, we will promptly delete such data.

15. Governing Law

This Privacy Policy is governed by the laws of the State of Connecticut, without regard to conflict of law principles.

Contact Us

For privacy questions, please contact:

Mitigation Audit LLC
Email: info@mitigationaudit.com
Glastonbury, Connecticut, USA