VIP Software
Privacy Policy

Effective Date: January 1st 2026
Version 2.0

1. Scope

This Privacy Policy covers all data that VIP Software obtains on behalf of our clients and their customers via VIP Software’s SaaS, hosted, or downloadable offerings, including data imported or integrated from third-party estimating, claims management, vendor management, or service provider systems (e.g., Symbility, XactAnalysis, and other systems clients choose to connect).

This Privacy Policy applies to all data that VIP Software processes as a data processor or service provider on behalf of its clients. It excludes third-party systems not connected or managed by VIP Software within our service offering, where VIP Software has no control over the collection, use, or disclosure of data.

A "Device" refers to any computer used to access VIP Software SaaS products, including without limitation a desktop, laptop, mobile phone, tablet, or other consumer electronic device. Unless otherwise stated, our SaaS and downloadable products are treated the same for the purposes of this document.

By executing an agreement with VIP Software or using VIP Software’s SaaS or downloadable products, clients acknowledge and consent to the collection, transfer, processing, storage, and use of data as described in this Privacy Policy and in applicable data-processing agreements.

2. Policy

2.1 Coverage

This Policy covers all data that is uploaded, submitted, posted, created, transmitted, stored, or displayed in VIP Software’s applications.

2.2 Customer Personal Information

Information that may be collected includes: name, address, email address, or phone number. Personal Information does not include any personal financial data except for policy and claims information stored in insurers’ policy and claims systems and estimating tools (e.g., Symbility and XactAnalysis). Except for this type of customer information, no other customer information is collected, stored, transmitted, or processed in VIP Software’s systems.

2.3 Changes to VIP Software’s Privacy Policy

VIP Software reviews all policies during a yearly review process and may change this Privacy Policy during the review or as needed. VIP Software will post a prominent revision date at the top of this policy. Clients and users will be informed of significant changes via email at least 30 days in advance, where required by law.

2.4 Data on File, Transmitted, or Processed

2.4.1 Account and Profile Information

Information on all users is collected and stored for each user invited to use VIP Software’s systems.
Information collected includes:

  • Contact information such as name and email address of client users; contact information of client customers including name, address, telephone number, email address, and claim property details.
  • Claim and policy information on a need-to-know basis for client customers.
  • Account information such as usernames and passwords (stored in encrypted format) used to access VIP Software’s systems and 3rd party integrations.
  • Financial and transactional data related to claims processing, including fee schedules, invoices, payment details, and performance metrics tied to service providers and vendors. Such data pertains to business transactions and does not include personal banking or credit-card information.

2.4.2 Usage Information

Web Logs
Information on interactions with VIP Software’s websites and SaaS products, including IP address, browser type, internet service provider, referring/exit pages, operating system, date/time stamps, and configuration data.

Analytics Information from Website and SaaS Products
Analytics information is collected to improve VIP Software’s products and services and may include username, attachment size, filenames, and details necessary for product operation.

Analytics Information Derived from Content
Analytics data may be derived from content to understand broader patterns and trends but does not include any customer personal information.

Use of De-identified and Aggregated Data
In addition to the purposes described above, VIP Software may compile, anonymize, and aggregate data derived from client data (including but not limited to claims volumes, billing patterns, fee schedules, invoice data, vendor/SLA performance metrics, and cost benchmarks) in a form that does not contain personally identifiable information or data attributable to any single client or customer.

These anonymized and aggregated datasets may be used by VIP Software for benchmarking, analytics, product development, machine-learning model training, market insights, and for sharing with clients or partners in summarized or comparative form.

VIP Software employs technical and organizational measures designed to ensure such data cannot be reverse-engineered or re-identified. No personal information is used in this process, and anonymized data is not subject to deletion or exclusion requests because it no longer constitutes personal data under applicable law.

Anonymized and aggregated datasets are retained for as long as necessary for benchmarking, analytical, and model-training purposes.

2.4.3 Data Collected from Other Sources

Information may be obtained from third-party services such as estimating or claims management tools. Access to such data follows the authorization procedures established by each service.

VIP Software also supports integrations with multiple third-party estimating, claims, and vendor management systems designated by the client. All integrations occur under client authorization, and data is processed solely to deliver contracted services, maintaining encryption, access controls, and audit logs to ensure confidentiality and integrity.

2.4.4 VIP Software’s Usage of Customer Data

VIP Software uses identifiable client and customer data solely for operational purposes, including:

  • Processing and completing transactions.
  • Providing customer service and resolving production issues.
  • Investigating and preventing fraudulent transactions, unauthorized access, or other illegal activities.

VIP Software does not collect or process personally identifiable financial information such as Social Security numbers or credit card data, except for policy, claim, fee schedule, and invoice data downloaded or transmitted from authorized estimating or billing systems.

The use of identifiable information collected through VIP Software applications is limited to the operational purposes described above. Separate from this operational data, VIP Software may process anonymized and aggregated data as outlined in Section 2.4.2 for benchmarking, analytics, and product development purposes.

2.4.5 Information Sharing and Disclosure

VIP Software does not share or disclose client or customer personal information or content with third parties except as described in this policy.

VIP Software may share anonymized and aggregated data (as described in Section 2.4.2) with other clients, partners, service providers, or publicly, in a statistical or summarized form that does not reveal the identity of any client, end user, or transaction.

2.4.6 Access by Client Company Administrators

Client company administrators may, from time to time, access user emails and contact information for the purpose of providing or managing user access to VIP Software’s systems.

2.4.7 Service Providers, Business Partners, and Others

VIP Software engages third-party service providers to deliver website hosting, application development, maintenance, backup, storage, virtual infrastructure, analysis, and related services.

No production information on client customers is shared with any third-party business partner or provider except when clients or users contact VIP Software support for system or data-related assistance.

VIP Software requires all third-party partners with access to confidential data to sign confidentiality and data-protection agreements before access is granted.

2.4.8 Compliance with Laws and Law Enforcement Requests; Protection of Rights

VIP Software may disclose information (including customer personal information) to a third party if:

(a) VIP Software believes that disclosure is reasonably necessary to comply with any applicable law, regulation, legal process, or governmental request;
(b) To protect the security or integrity of VIP Software’s products and services; or
(c) To protect VIP Software staff, clients, or the public from harm or illegal activities.

Any such disclosure will be discussed with the appropriate client where feasible and permitted by law prior to release.

2.4.9 Data Storage, Transfer, and Security

VIP Software’s infrastructure is hosted in U.S. data centers. Servers storing personal information are kept in a controlled environment with layered physical and logical protections.

Where data is transferred over the internet as part of a website or SaaS product, it is encrypted using industry-standard SSL/TLS (HTTPS). Data stored in VIP Software databases is encrypted using Encryption Services.

Access to production systems follows the principle of least privilege and is protected by multi-factor authentication, centralized monitoring, and audit logging through a SIEM.

All data is stored in U.S. data centers. No production data is shared outside the United States. If VIP Software transfers or stores data outside the U.S. in the future, it will comply with applicable international data-protection standards and notify clients accordingly.

VIP Software retains account information for as long as user accounts remain active. Anonymized and aggregated datasets are retained indefinitely for analytical, benchmarking, and machine-learning purposes.

2.4.10 Employee and Contractor Privacy and Confidentiality Agreements

All employees and contractors must sign Privacy and Non-Disclosure Agreements before working on any VIP Software system. They must complete annual privacy and security training, including certification testing. The Chief Information Security Officer (CISO) maintains all training and certification records.

3. Policy Compliance

3.1 Non-Compliance

Any employee found to have violated this policy may be subject to disciplinary action, up to and including termination of employment.

3.2 Compliance with Data Protection Laws

VIP Software complies with applicable U.S. federal and state data-protection laws, including the California Consumer Privacy Act (CCPA/CPRA), as well as equivalent privacy regulations in jurisdictions where it operates. Where VIP Software acts as a data processor, it executes appropriate Data Processing Agreements (DPAs) with clients to ensure compliance with data-protection requirements.

Contact Information

Questions or concerns regarding this Privacy Policy should be directed to:
VIP Software Privacy Office
Email: privacy@vipsoftware.com