Back to Home

Privacy Policy

Last Updated: February 19, 2026

1. Introduction

Mitigation Audit LLC ("we," "us," or "our") is committed to protecting the confidential business data you entrust to us and to complying with applicable privacy laws, including the Connecticut Data Privacy Act (CTDPA). This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use our AI-powered pre-review Service for mitigation invoices (the "Service").

Important Notice: The Service is exclusively for business use by insurance carriers, independent adjusters, and third-party administrators (TPAs). It is not intended for individual consumers, policyholders, restoration contractors, or public adjusters.

2. Information We Collect

We collect only the minimum data necessary to perform the audit:

  • Uploaded Content: Mitigation invoices, estimates, drying logs, photos, and related documents provided by you.
  • Account Information: Name, business email, company name, and billing details.
  • Usage Data: IP address, browser type, timestamps, and interaction logs.

3. Cookies and Tracking

We use cookies strictly for essential operation and limited analytics:

  • Essential Cookies: Required for secure login and payment processing (via Stripe).
  • Analytics: We use Google Analytics with IP anonymization to monitor site performance. We do not use advertising features or tracking pixels for retargeting.
  • No Third-Party Ads: We do not allow third-party advertising networks to collect data on our site.

4. How We Use Your Information

We use your data solely to provide, maintain, and improve the Service. In particular, we use your information to:

  • Analyze uploaded files via our logic engine to generate Audit Reports.
  • Payment processing: Process payments through Stripe and deliver receipts.
  • Maintain the security and integrity of the Service.

5. Strict AI Data Usage Policy (No Training)

We utilize enterprise-grade API settings to ensure confidentiality. Your uploaded content and data are NOT used to train, improve, or fine-tune public Artificial Intelligence models. Your data remains isolated to your specific audit session ensuring confidentiality.

6. Automated Decision-Making

Our Service provides automated insights and recommendations based on industry standards (e.g., ANSI/IICRC guidelines). These recommendations are non-binding and intended as advisory tools only. They do not constitute formal expert opinions or coverage determinations

  • Human in the Loop: The Service functions as a calculator/auditor, not a final decision-maker. No decisions regarding coverage or payment are made solely by automated means.
  • Final Authority: All final claim decisions remain with you (the adjuster/carrier).

7. Data Retention

  • Files: Uploaded documents are deleted from our active processing servers 30 days after the report is generated.
  • Reports: Generated PDF audit reports remain stored in your account indefinitely (by default) to allow you to review your history. You may delete individual reports at any time through the Service, or request deletion of all stored reports.
  • Account Deletion: Upon request, we will delete all your personal data within 30 days, except for records required by law for tax/accounting purposes.

8. Data Sharing

We do not sell, rent, or trade your data. We share data only with trusted third parties as necessary to provide the Service:

Third-Party Subprocessors and Service Providers, we use the following subprocessors and vendors, all of which are bound by strict data protection agreements:

  • Amazon Web Services (AWS): Hosting infrastructure and data storage.
  • OpenAI: AI model processing and Optical Character Recognition (OCR) for uploaded documents.
  • Stripe: Payment processing services.
  • Other Trusted Partners: Such as analytics or email providers, as needed to operate the Service.
  • Legal Compliance: If required by a subpoena, court order, or regulatory mandate.

We never share data with policyholders, contractors, or public adjusters.

9. Payment Security

All payments are processed by Stripe. We do not store or have access to your full credit card number. Payment data is encrypted and handled in compliance with Payment Card Industry Data Security Standard (PCI-DSS) standards.

10. Business Continuity and Disaster Recovery

We maintain comprehensive business continuity and disaster recovery plans to ensure the reliability and availability of our Service. Our infrastructure uses redundant, geographically distributed data centers (e.g., across multiple AWS availability zones) and regular automated backups to prevent data loss. In the event of a service disruption or disaster, we have documented procedures to restore operations quickly with minimal downtime. We also regularly test our backup and recovery processes. All data is encrypted at rest and in transit to protect against unauthorized access, and we continuously monitor our systems to promptly detect and respond to any incidents.

11. Your Responsibility for PII

You acknowledge that you are the data controller for the documents you upload. You are responsible for redacting Sensitive Personally Identifiable Information (e.g., Social Security numbers, dates of birth) before upload. You agree to indemnify Mitigation Audit LLC against claims arising from the upload of unredacted sensitive data.

12. Your Rights (CTDPA & General)

Under applicable state laws (including the Connecticut Data Privacy Act), you may have the right to:

  • Access, correct, or delete your personal information.
  • Opt-out of certain data processing.
  • Appeal a decision regarding a rights request.

To exercise these rights, email info@mitigationaudit.com. We will respond to all verified requests in accordance with the CTDPA and other applicable laws, typically within 30 days.

13. International Transfers

Your data is processed in the United States. If you access the Service from outside the US, you acknowledge that your data will be transferred to US-based servers subject to US privacy laws. We will protect your data in accordance with this Privacy Policy and applicable U.S. laws.

14. Children's Privacy

The Service is a B2B tool and is not directed to individuals under 18. We do not knowingly collect information from children. If we become aware that a child under 18 has provided us with personal data, we will promptly delete such data.

15. Governing Law

This Privacy Policy is governed by the laws of the State of Connecticut, without regard to conflict of law principles.

Contact Us

For privacy questions, please contact:

Mitigation Audit LLC
Email: info@mitigationaudit.com
Glastonbury, Connecticut, USA