Privacy Policy

Mysa (“we,” “us,” “our”) operates the website meetmysa.com and provides AI-powered claims automation services for the insurance industry.

Mysa acts as the data controller for personal data collected through this website. When processing claims data on behalf of our insurance clients, Mysa acts as a data processor under the direction and agreements of those clients.

For any privacy-related questions, you can reach us at hello@meetmysa.com.

Website visitors

We may collect the following categories of personal data when you visit our website or interact with us:

• Usage data — pages visited, time spent, referral source, device type, browser information, and general browsing patterns collected through analytics providers.
• Contact information — name, email address, company name, job title, and any other details you voluntarily provide through forms, email, or other communications.
• Cookies and identifiers — small data files stored on your device to help us understand how you interact with our site. See our Cookie Policy for details.

Platform users and client data

When you use our platform as an authorized user of one of our insurance clients, additional data categories may apply. These are governed by separate data processing agreements between Mysa and the relevant client. If you are a policyholder whose claim is being processed through our platform, your insurer is the data controller for that data and their privacy policy applies.

We use the data we collect to:

• Improve and optimize our website, platform, and services.
• Analyze traffic patterns and site performance.
• Respond to your inquiries and provide support.
• Send relevant communications if you have opted in to receive them.
• Ensure the security and integrity of our services.

We process your personal data based on one or more of the following legal grounds under the GDPR:

• Consent — where you have given clear consent for us to process your data for a specific purpose (e.g., subscribing to communications).
• Legitimate interests — where processing is necessary for our legitimate business interests, such as improving our services, ensuring security, and understanding how our website is used, provided these interests are not overridden by your rights.
• Contractual necessity — where processing is necessary for the performance of a contract with you or to take steps at your request prior to entering a contract.
• Legal obligation — where processing is necessary for compliance with a legal obligation to which we are subject.

Our website uses cookies to ensure basic functionality and to understand how visitors interact with our site. We categorize cookies as strictly necessary or analytics-related.

For a detailed breakdown of the cookies we use and how to manage your preferences, please see our Cookie Policy.

We do not sell, rent, or trade your personal data. We may share data with:

• Service providers who assist us in operating our website and delivering our services, such as cloud hosting, analytics, and customer support tools. These providers are bound by data processing agreements and may only use your data for the purposes we specify.
• Professional advisors including legal, accounting, and insurance advisors where necessary.
• Regulatory or legal authorities where required by applicable law, regulation, or legal process.

We do not share personal data with third parties for their own marketing purposes.

We retain personal data only for as long as necessary to fulfill the purposes described in this policy or as required by law. Specifically:

• Contact information submitted through forms is retained for the duration of our business relationship and a reasonable period afterward (typically no more than 24 months after last contact).
• Analytics data is retained in aggregated or anonymized form.
• If you request deletion of your data, we will process your request in accordance with applicable law.

Under the General Data Protection Regulation (GDPR), you have the right to:

• Access — request a copy of the personal data we hold about you.
• Rectification — ask us to correct inaccurate or incomplete data.
• Erasure — request deletion of your personal data.
• Restriction — ask us to limit how we process your data.
• Portability — receive your data in a structured, commonly used, machine-readable format.
• Objection — object to processing based on legitimate interests.
• Withdraw consent — where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at hello@meetmysa.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection supervisory authority.

Your data may be processed outside the European Economic Area (EEA) by our service providers. Where this occurs, we ensure appropriate safeguards are in place, such as standard contractual clauses approved by the European Commission or equivalent mechanisms recognized under applicable data protection law, to protect your data.

We implement appropriate technical and organizational measures to protect personal data against unauthorized access, alteration, disclosure, or destruction. These include encryption of data in transit and at rest, access controls, and regular security assessments.

Mysa uses artificial intelligence and automated processing as part of its claims automation services. Where automated decision-making is used in a way that may significantly affect individuals, our platform is designed to support human oversight, provide transparency into how decisions are reached, and enable review of automated outcomes. Our approach to AI is guided by applicable regulations, including the principles of the EU AI Act.

For website visitors, we do not use automated decision-making that produces legal or similarly significant effects.

Our website and services are not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have collected data from a child, please contact us and we will take steps to delete it.

We may update this Privacy Policy from time to time to reflect changes in our practices, services, or applicable law. We will post any updates on this page and update the “Last updated” date. For significant changes, we will make reasonable efforts to notify you, such as by email or a prominent notice on our website.

If you have any questions about this Privacy Policy or how we handle your data, please contact us at:

Mysa
Email: hello@meetmysa.com
Website: meetmysa.com