Finch | Claims Intelligence for Public Adjusters

Finch Privacy Policy

Last Updated: June 21, 2026

Finch Claims, Inc. ("Finch," "we," "us") provides a claims-intelligence platform that connects to designated email accounts, identifies

claims-related correspondence, and structures it into a claims dashboard. This Privacy Policy explains what information we collect, how we use it,

and the choices available to you. It supplements the Finch Terms of Service and Data Processing Addendum.

1. Who this policy covers. This policy applies to our customers (insurance organizations and their authorized users) and to the data we process on

their behalf, including data about policyholders, claimants, and counterparties contained in claims correspondence.

2. Information we collect.

• Account & contact data: names, work emails, role, organization, billing contacts.

• Customer Data: email correspondence, attachments, documents, and the claims information derived from them (the "Claim Graph").

• Google user data (when a customer connects Google Workspace / Gmail): see §4.

• Usage & device data: log data, IP, browser, and product-interaction events used to operate and secure the Service.

3. How we use information. We use information to operate and provide the Service (email ingestion, claims identification, document extraction, Claim

Graph generation, workflow automation); secure and monitor the Service; provide support; bill; and comply with law. We do not use Customer Data or

Google user data for advertising.

4. Google Workspace / Gmail data. When you connect a Google Workspace account (with your or your administrator's authorization), Finch accesses the

following Google user data:

• Gmail messages, attachments, and labels (gmail.modify): Finch accesses messages in the connected mailbox to identify claim-related correspondence,

and retains, stores, and processes only the claim-related messages and attachments — classifying and filing them against the correct claim,

applying labels to mark messages as processed, and creating draft replies for you to review and send. Messages that are not claim-related are

discarded and not retained. Finch does not send email on your behalf without your action.

• Workspace directory user list (admin.directory.user.readonly): Finch reads the list of user mailboxes in your organization's domain to determine

which mailboxes to synchronize. No other directory or profile data is retained.

• Calendar — Finch-created events (calendar.app.created): Finch creates a dedicated "Finch Claims" calendar and writes claim-related events

(deadlines, appointment/inspection reminders, SLA milestones) to it. Finch manages only the events on this app-created calendar and does not read,

edit, or delete events on your primary or other calendars.

You (or your administrator) may revoke Finch's access to any or all mailboxes at any time; Finch disconnects within one business day. You may

request deletion of your Google user data, which we delete within 30 days of the request.

5. How we share information; sub-processors. We do not sell personal information. We share information only with service providers

("sub-processors") that process data on our behalf, under contractual confidentiality and data-protection obligations:

| Sub-processor | Purpose | Location |

|---------------------------|--------------------------------------------------------------------------------|---------------|

| Amazon Web Services (AWS) | Cloud infrastructure, storage, compute | United States |

| Google LLC (Gemini API) | AI processing of email/document content for classification and data extraction | United States |

We maintain a current list at https://www.finchclaims.com/subprocessors. We may also disclose information to comply with law, enforce our

agreements, protect rights and safety, or in connection with a merger or acquisition. We do not use Google user data, or Customer Data, to train

generalized or non-personalized AI/ML models; our AI sub-processor processes content to provide Service features and does not train its models on

your data.

6. Data retention. We retain Customer Data for the subscription term plus the 30-day post-termination export period, after which it is permanently

deleted per the DPA. Non-claim-related Google messages are not retained. Aggregated, de-identified data that cannot reasonably identify any person

may be retained to improve the Service.

7. Security. We protect data with encryption in transit (TLS 1.2+) and at rest (AES-256), tenant isolation, role-based access controls, access

logging, vulnerability scanning, and employee security training. See the DPA for details.

8. Your rights & choices. Depending on your jurisdiction, you may have rights to access, correct, delete, or port personal data, and to object to or

restrict certain processing. Customers control Customer Data; we assist customers in responding to data-subject requests as described in the DPA.

9. Limited Use of Google user data. Finch's use and transfer of information received from Google APIs to any other app will adhere to the Google API

Services User Data Policy, including the Limited Use requirements.

10. International data; children. The Service is operated in the United States and intended for business use by insurance professionals. It is not

directed to children, and we do not knowingly collect data from children.

11. Changes. We may update this policy and will post the revised version with a new "Last Updated" date; material changes will be communicated as

described in the Terms.

12. Contact. Finch Claims, Inc. — privacy@finchclaims.com