Privacy, AI governance, and responsible data use.

Carpe collects information when you browse our website, submit forms, or communicate with our team. This includes basic usage analytics such as pages viewed, referral sources, device and browser metadata, and approximate location derived from IP address.

If you submit a contact request, we collect the details you provide, such as name, work email, company, and message content. We also use cookies and similar technologies to support website performance, security, and analytics.

Carpe provides insurance intelligence products built from publicly available data and other lawfully sourced signals. Our products are designed to help carriers evaluate claims, underwriting, SIU, and related risk workflows with structured context that can be reviewed by human decision makers.

We do not position our products as fully autonomous decision engines. Product outputs are intended to support trained insurance professionals, and we design every workflow to preserve reviewability, defensibility, and human accountability.

Carpe maintains a formal AI governance framework that applies to all models, algorithms, and automated processes used in our insurance intelligence products. This framework defines standards for model development, deployment approval, ongoing monitoring, and retirement.

All Carpe products that use AI or machine learning operate under a human-in-the-loop model. No automated system makes final coverage, claims, or underwriting decisions on behalf of our customers. AI-generated outputs are designed as decision-support tools that surface relevant context for qualified professionals to evaluate.

Our governance practices include documented model inventories, defined ownership and accountability for each production model, regular review cycles, and escalation procedures for outputs that fall outside expected parameters.

Carpe is committed to responsible development and deployment of AI systems that do not produce unfairly discriminatory outcomes. We conduct bias and fairness evaluations as part of our model development lifecycle, with particular attention to protected class considerations relevant to insurance.

Our fairness testing practices are designed to align with the NAIC Model Bulletin on the Use of Artificial Intelligence Systems by Insurers, state Department of Insurance guidance on algorithmic accountability, and evolving federal and state regulations governing automated decision-support in insurance.

We maintain documentation of fairness evaluation methodologies, results, and remediation steps. Customers can request fairness and bias assessment summaries for products deployed in their workflows.

Carpe applies structured model risk management practices across the full model lifecycle, from development and validation through production deployment, monitoring, and retirement.

Production models are subject to performance monitoring, output quality tracking, and drift detection. Model updates follow a controlled release process that includes validation testing, staged rollout, and rollback capability.

We maintain version-controlled model documentation that records training data sources, feature engineering decisions, validation results, known limitations, and deployment history. This documentation supports customer audit and regulatory review requirements.

Carpe sources data exclusively from publicly available information and other lawfully obtainable signals. We do not engage in private-data scraping, unauthorized data collection, or acquisition of data through deceptive means.

Our data sourcing practices include documented provenance chains that record where information was obtained, when it was collected, and how it was processed. This chain-of-custody approach supports the defensibility and explainability of outputs derived from our data.

We regularly review data sources for continued availability, legal compliance, and alignment with our quality and ethical sourcing standards.

Carpe monitors and designs its products with awareness of applicable regulatory frameworks, including the NAIC Model Bulletin on AI in insurance, state-level Department of Insurance guidance on algorithmic accountability, the Fair Credit Reporting Act where applicable to our products, and emerging state and federal privacy and AI regulations.

We engage with industry groups, regulatory developments, and customer compliance teams to ensure our products and governance practices remain aligned with the evolving regulatory landscape for AI in insurance.

Carpe supports customer regulatory compliance by providing documentation, attestations, and direct engagement with customer compliance and legal teams during procurement, audit, and ongoing governance reviews.

We may share information with service providers that support hosting, analytics, security, communications, and customer relationship management. These providers are contractually restricted to using data only for approved business purposes.

We may disclose information where required by law, legal process, or regulatory request, and where necessary to protect rights, safety, and security. Carpe does not sell personal information in exchange for monetary consideration.

Where Carpe uses third-party AI models or services as components of our products, those integrations are subject to the same governance standards applied to internally developed models. This includes vendor security review, data handling controls, output quality validation, and contractual restrictions on data use.

We maintain a subprocessor program that documents third-party services involved in data processing, their role, data access scope, and applicable security and privacy controls. Subprocessor changes that materially affect data handling are communicated to customers.

Carpe maintains an incident response program that covers security incidents, data breaches, and material model failures. Our response procedures include defined severity classification, containment protocols, root cause analysis, remediation, and stakeholder notification.

In the event of a confirmed data breach involving customer data, Carpe will notify affected customers in accordance with applicable law and contractual commitments. We also maintain procedures for responding to model-related incidents, including unexpected output patterns or data quality degradation.

California residents may have rights to request access to specific pieces and categories of personal information, request correction of inaccurate information, request deletion of eligible information, and request details about disclosure practices.

California residents may also have rights related to sensitive personal information and to opt out of certain sharing practices as defined by law. Carpe will not discriminate against individuals for exercising eligible privacy rights.

To submit a rights request, contact privacy@carpe.io with the subject line "California Privacy Request." We may need to verify your identity before completing the request.

We retain personal information only for as long as necessary for the purposes described in this policy, including service delivery, legal compliance, security, dispute resolution, and contract enforcement.

Retention periods vary based on data type, legal obligations, and operational requirements. When information is no longer required, it is deleted, de-identified, or otherwise handled in accordance with applicable law and internal policy.