Privacy Policy

Scope

Who this applies to

This policy applies when you use Vantage websites, APIs, and product surfaces (for example: policy analysis, Finder, comparison, dashboard, chat, and claim workflows). For PDPA purposes, "Vantage" means the Vantage service operator.

By using Vantage, you consent to collection, use, and disclosure of personal data for the purposes in this policy, subject to your rights under applicable law.

What We Collect

Personal data categories

• Account and session data: session identifiers, account email (for signed-in users), and basic account state.
• Policy and profile data: policy PDFs, policy metadata, and profile inputs you provide (for example age, income, dependants, medical and lifestyle context).
• Claim and dispute data: claim workspace entries, rejection letter extracts, uploaded supporting files, and drafting outputs.
• Chat and interaction data: prompts, responses, tool outputs, and related context required to produce answers.
• Billing data: Stripe customer and subscription identifiers, subscription status, and billing event metadata.
• Technical and usage data: runtime logs, device/browser signals, and aggregated product analytics.

We do not sell personal data.

How We Use Data

Purpose limitation

We use personal data to run Vantage features and maintain service quality, including:

• - analyse policy wording and generate coverage/gap insights;
• - rank and compare policy options, and route scenario decisions;
• - support claim tracking, appeal/dispute drafting, and export workflows;
• - deliver account features (sync, persistence, access control, deletion controls);
• - process subscriptions and plan entitlements;
• - send operational notifications (for example proactive attention digests) when enabled;
• - monitor abuse, debug incidents, and protect system integrity.

AI Processing

How model providers are used

Vantage uses AI providers to process your submitted content and generate outputs. We configure our API integrations for product functionality and do not use your API traffic to train our own models.

You should avoid uploading unnecessary identifiers in documents where possible.

Cookies And Storage

Browser-level identifiers

• - vantage_sid cookie is used to link requests to your active Vantage session.
• - vantage.* keys in local/session storage are used for profile/session continuity.
• - Product analytics may collect aggregated usage telemetry for service improvement.

You can clear local browser storage from your browser settings; some features may stop working until a new session is established.

Third-Party Processors

Infrastructure and service partners

• Supabase: Database, authentication, file storage, and secure retrieval of your workspace data.
• Vercel: Application hosting, edge/network delivery, runtime logs, and service availability.
• Anthropic, OpenAI, and Mistral: AI and OCR processing for policy analysis, chat answers, comparison, and drafting features.
• Stripe: Subscription checkout, billing events, and customer/subscription status updates.
• Resend: Operational email delivery for proactive attention digests and alert workflows when enabled.

Retention

How long we keep data

• - Session-mode data is cleaned after approximately 24 hours of inactivity.
• - Anonymous claims are automatically deleted after approximately 24 hours.
• - Signed-in active claims are retained while active.
• - Signed-in closed or settled claims are deleted after approximately 180 days.
• - Signed-in users can delete account data from in-app controls at any time.

We may retain limited records where required for legal obligations, security investigations, fraud prevention, or dispute resolution.

Security

Safeguards

We use technical and organizational safeguards, including encrypted transport, restricted access, credential controls, and periodic operational reviews. No internet service is completely risk-free, but we design Vantage with data minimization and least-privilege principles.

International Transfers

Cross-border processing

Some service providers process data outside Singapore. Where we transfer personal data across borders, we use contractual and technical safeguards designed to provide comparable protection standards.

Your PDPA Rights

Access, correction, withdrawal, deletion

• - Request access to personal data we hold about you.
• - Request correction of inaccurate or incomplete data.
• - Withdraw consent for future processing, subject to legal/operational limits.
• - Request deletion of data, or use in-app deletion controls when available.

If you are not satisfied with our response, you may contact Singapore's Personal Data Protection Commission (PDPC).

Children

Age guidance

Vantage is designed for adults managing insurance decisions. If you are below the legal age to provide consent in your jurisdiction, use Vantage only with appropriate parental/guardian involvement.

Policy Changes

Updates to this notice

We may update this policy as our product, legal obligations, or processors change. Material updates are reflected by updating the "Last updated" date on this page.

Contact

Privacy and data requests

To make an access, correction, consent-withdrawal, or deletion request, contact us via email with the subject line "PDPA Request" and enough information for verification.