Privacy Policy

Introduction

Allutional, Inc. ("Allutional," "we," "us," or "our") is committed to protecting your privacy and ensuring the security of your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website at allutional.com (the "Website") and use our services related to employee benefits, business security solutions, and health and wellness programs.

This Privacy Policy applies to all information collected through our Website, mobile applications, and any related services, sales, marketing, or events (collectively, the "Services"). By accessing or using our Services, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy.

Information We Collect

Personal Information You Provide

We collect personal information that you voluntarily provide to us when you register for our services, express interest in obtaining information about us or our products and services, participate in activities on the Website, or otherwise contact us.

Information Automatically Collected

Device and Usage Information

When you visit our Website, we automatically collect certain information about your device and usage patterns. This includes your IP address, browser type and version, operating system, device identifiers, screen resolution, and referring website addresses. We also track how you navigate through our Website, which pages you visit, how long you spend on each page, and what actions you take.

Location Information

We may collect general location information based on your IP address to provide location-relevant content and services. We do not collect precise geolocation data unless you specifically grant permission for location-based services.

Cookies and Tracking Technologies

Our Website uses cookies, web beacons, and similar tracking technologies to enhance your browsing experience and collect usage analytics. Cookies are small data files stored on your device that help us remember your preferences, maintain your login session, and provide personalized content.

How We Use Your Information

Service Delivery and Account Management

We use your personal information primarily to provide, maintain, and improve our benefits enrollment and management services. This includes creating and managing your account, processing benefit enrollments, facilitating communication between you and benefit providers, and providing customer support. Your contact information enables us to send important updates about your benefits, policy changes, and service notifications.

We utilize your employment and business information to determine eligibility for various benefit programs, customize benefit offerings to your organization's needs, and ensure compliance with applicable regulations and benefit plan requirements. This information also helps us provide accurate quotes, process enrollments efficiently, and maintain proper records for audit and compliance purposes.

Communication and Customer Service

Your information enables us to communicate with you effectively about our services, respond to your inquiries, and provide technical support. We use your contact details to send service-related notifications, benefit updates, renewal reminders, and important policy changes. We may also use this information to conduct customer satisfaction surveys and gather feedback to improve our services.

We maintain communication records to ensure continuity of service, track issue resolution, and improve our customer support processes. This historical information helps our support team provide more efficient assistance and ensures that your concerns are addressed promptly and accurately.

Marketing and Business Development

With your consent, we may use your information to send marketing communications about new services, benefit options, industry insights, and promotional offers that may be of interest to you. We analyze your usage patterns and preferences to personalize these communications and ensure they are relevant to your business needs.

We may use aggregated and anonymized information for market research, business development, and to better understand industry trends and customer needs. This helps us develop new services and improve existing offerings to better serve our customers.

Legal Compliance and Security

We use your information to comply with applicable laws, regulations, and industry standards related to benefits administration, data protection, and financial services. This includes maintaining records as required by law, responding to legal requests, and ensuring compliance with benefit plan requirements and insurance regulations.

Your information is also used for security purposes, including fraud prevention, identity verification, and protecting against unauthorized access to our systems and services. We monitor usage patterns to detect suspicious activity and maintain the integrity of our platform.

Information Sharing and Disclosure

Service Providers and Business Partners

We work with trusted third-party service providers who assist us in delivering our services and operating our business. These partners include benefit administrators, insurance carriers, payment processors, technology vendors, and professional service providers. We share your information with these partners only to the extent necessary for them to perform their services, and we require them to maintain appropriate security measures and use your information only for the specified purposes.

Benefit Providers and Administrators

When you enroll in specific benefit programs, we share relevant information with the benefit providers and administrators to facilitate enrollment, claims processing, and ongoing benefit management. This may include insurance companies, healthcare providers, financial service providers, and other benefit vendors.

Technology and Infrastructure Partners

We work with cloud hosting providers, data analytics companies, and other technology vendors to maintain our platform and provide our services. These partners may have access to your information as necessary to provide their services, but they are contractually obligated to protect your information and use it only for specified purposes.

Professional Service Providers

We may share information with legal counsel, accountants, auditors, and other professional service providers who assist us in operating our business and ensuring compliance with applicable laws and regulations.

Legal Requirements and Protection

We may disclose your information when required by law, regulation, or legal process, including responding to court orders, subpoenas, or government requests. We may also disclose information when we believe it is necessary to protect our rights, property, or safety, or the rights, property, or safety of our users or others.

In the event of a merger, acquisition, or sale of all or a portion of our business, your information may be transferred to the acquiring entity as part of the transaction. We will provide notice of such transfers and any changes to this Privacy Policy that may result.

Consent-Based Sharing

We may share your information with third parties when you have provided explicit consent for such sharing. This may include sharing information with your designated representatives, family members, or other parties you have authorized to receive information about your benefits or account.

Data Security and Protection

Technical Safeguards

We implement comprehensive technical security measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. Our security infrastructure includes encryption of data in transit and at rest, secure network protocols, firewalls, intrusion detection systems, and regular security monitoring.

All sensitive information, including payment data and health information, is encrypted using industry-standard encryption protocols. We use secure socket layer (SSL) technology to protect data transmission between your device and our servers, and we employ advanced encryption methods to protect stored data.

Administrative and Physical Safeguards

We maintain strict administrative controls over access to personal information, including role-based access controls, regular access reviews, and comprehensive employee training on data protection and privacy requirements. Only authorized personnel who need access to perform their job functions are granted access to personal information.

Our data centers and facilities are protected by physical security measures including access controls, surveillance systems, and environmental protections. We work with reputable hosting providers who maintain appropriate physical security standards and compliance certifications.

Incident Response and Monitoring

We maintain comprehensive incident response procedures to detect, respond to, and recover from security incidents. Our security team continuously monitors our systems for potential threats and vulnerabilities, and we conduct regular security assessments and penetration testing to identify and address potential weaknesses.

In the event of a data breach or security incident that may affect your personal information, we will notify you and relevant authorities as required by applicable law and will take appropriate steps to mitigate the impact and prevent future incidents.

Your Privacy Rights and Choices

Access and Correction Rights

You have the right to access the personal information we hold about you and to request corrections if the information is inaccurate or incomplete. You can review and update much of your personal information through your account dashboard, or you can contact us directly to request access to your information or to make corrections.

We will respond to access requests within a reasonable timeframe and will provide the information in a commonly used electronic format when possible. If we cannot fulfill your request, we will explain the reasons and inform you of any alternative options available.

Data Portability and Deletion

You have the right to request that we provide your personal information in a portable format that can be transferred to another service provider. We will provide this information in a structured, commonly used, and machine-readable format when technically feasible.

You also have the right to request deletion of your personal information, subject to certain limitations. We may need to retain certain information for legal compliance, legitimate business purposes, or to fulfill ongoing contractual obligations. When you request deletion, we will delete or anonymize your information unless retention is required or permitted by law.

Marketing Communications and Consent

You can opt out of marketing communications at any time by using the unsubscribe link in our emails, updating your communication preferences in your account settings, or contacting us directly. Even if you opt out of marketing communications, we may still send you service-related notifications that are necessary for your account or benefits administration.

For certain types of data processing, we rely on your consent, and you have the right to withdraw that consent at any time. Withdrawing consent will not affect the lawfulness of processing based on consent before its withdrawal, but it may affect our ability to provide certain services.

California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA). These rights include the right to know what personal information we collect, use, and share; the right to delete personal information; the right to correct inaccurate information; and the right to opt out of the sale or sharing of personal information.

We do not sell personal information in the traditional sense, but we may share information with third parties for advertising or analytics purposes that could be considered a "sale" under California law. You can opt out of such sharing by contacting us or using the "Do Not Sell My Personal Information" link on our website.

European Privacy Rights

If you are located in the European Economic Area, United Kingdom, or Switzerland, you have additional rights under the General Data Protection Regulation (GDPR) and similar laws. These rights include the right to object to processing, the right to restrict processing, and the right to lodge a complaint with a supervisory authority.

We process your personal information based on various legal bases, including your consent, the necessity to perform a contract with you, compliance with legal obligations, and our legitimate interests in providing and improving our services. You have the right to object to processing based on legitimate interests and to request restriction of processing in certain circumstances.

Cookies and Tracking Technologies

Types of Cookies We Use

Our Website uses several types of cookies and similar tracking technologies to enhance your browsing experience and provide our services effectively. Essential cookies are necessary for the basic functionality of our Website, including maintaining your login session, remembering your preferences, and ensuring security. These cookies cannot be disabled without affecting the functionality of our services.

Performance and analytics cookies help us understand how visitors interact with our Website by collecting anonymous information about page visits, traffic sources, and user behavior. We use this information to improve our Website's performance and user experience. These cookies do not identify you personally but provide valuable insights into how our Website is used.

Functionality cookies remember your preferences and settings to provide a more personalized experience. These may include language preferences, display settings, and other customization options that enhance your use of our services.

Third-Party Cookies and Analytics

We use third-party analytics services, including Google Analytics, to collect and analyze information about Website usage. These services may use cookies and other tracking technologies to collect information about your visits to our Website and other websites. The information collected is used to compile reports and help us improve our Website and services.

We may also use third-party advertising and marketing platforms that place cookies on your device to provide targeted advertising and measure the effectiveness of our marketing campaigns. These platforms may collect information about your browsing behavior across different websites to provide more relevant advertisements.

Managing Cookie Preferences

You can control and manage cookies through your browser settings. Most browsers allow you to refuse cookies, delete existing cookies, and set preferences for certain websites. However, disabling certain cookies may affect the functionality of our Website and your ability to use some of our services.

We provide a cookie consent banner that allows you to manage your cookie preferences when you first visit our Website. You can update these preferences at any time through the cookie settings link in our Website footer or by contacting us directly.

Data Retention and Storage

Retention Periods

We retain your personal information only for as long as necessary to fulfill the purposes for which it was collected, comply with legal obligations, resolve disputes, and enforce our agreements. The specific retention period depends on the type of information and the purpose for which it was collected.

Account information and basic contact details are typically retained for the duration of your relationship with us and for a reasonable period thereafter to address any questions or issues that may arise. Employment and benefits information may be retained for longer periods as required by applicable laws and regulations governing benefits administration and employment records.

Financial and payment information is retained only as long as necessary to process transactions and comply with financial record-keeping requirements. Health information is subject to specific retention requirements under healthcare privacy laws and is retained only as long as necessary for the specific health-related services provided.

Communication records and customer service interactions are typically retained for a period sufficient to ensure continuity of service and resolve any ongoing issues. Marketing and analytics data may be retained in aggregated and anonymized form for longer periods to support business analysis and service improvement.

Data Minimization and Purpose Limitation

We adhere to data minimization principles, collecting and retaining only the information that is necessary for the specific purposes identified in this Privacy Policy. We regularly review our data collection and retention practices to ensure they remain appropriate and necessary for our business operations.

When information is no longer needed for its original purpose, we will delete or anonymize it unless retention is required by law or for legitimate business purposes. We implement automated data retention policies where possible to ensure consistent application of our retention schedules.

Secure Disposal

When personal information reaches the end of its retention period, we securely dispose of it using methods appropriate to the sensitivity of the information and the storage medium. Electronic data is securely deleted using industry-standard data destruction methods, and physical records are destroyed through secure shredding or incineration services.

International Data Transfers

Cross-Border Data Processing

Our business operations may require the transfer of your personal information to countries other than your country of residence. This may occur when we use service providers located in different countries or when we need to access information from different locations to provide our services effectively.

When we transfer personal information internationally, we implement appropriate safeguards to ensure that your information receives adequate protection regardless of where it is processed. These safeguards may include contractual protections, adequacy decisions by relevant authorities, or other approved transfer mechanisms.

Adequacy and Safeguards

For transfers from the European Economic Area to countries that do not have an adequacy decision from the European Commission, we rely on appropriate safeguards such as Standard Contractual Clauses approved by the European Commission. These contractual protections ensure that your personal information receives protection that is essentially equivalent to the protection provided under European law.

We regularly review our international transfer practices and update our safeguards as necessary to ensure continued compliance with applicable privacy laws and regulations. We work with our service providers and partners to ensure they understand and comply with their obligations regarding international data transfers.

Children's Privacy

Our services are not intended for children under the age of 13, and we do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will take steps to delete that information promptly.

For certain benefits programs that may include dependent coverage, we may collect limited information about dependents, including minor children. This information is collected only as necessary for benefits administration and is subject to the same privacy protections as other personal information.

If you are a parent or guardian and believe that your child has provided personal information to us, please contact us immediately so that we can take appropriate action to protect your child's privacy.

Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable laws. When we make material changes to this Privacy Policy, we will notify you by posting the updated policy on our Website and updating the "Last Updated" date at the top of this policy.

For significant changes that materially affect your rights or how we use your personal information, we may provide additional notice through email or other communication methods. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Your continued use of our services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. If you do not agree with any changes, you should discontinue use of our services and contact us regarding your account and information.

Contact Information

If you have questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us using the information below:

We are committed to addressing your privacy concerns promptly and will respond to your inquiries within a reasonable timeframe. If you are not satisfied with our response, you may have the right to lodge a complaint with the appropriate supervisory authority in your jurisdiction.