Privacy Policy

Effective Date: [19/06/2025]

This Privacy Policy sets out how Invision Cyber (“Invision,” “we,” “us,” or “our”) collects, uses, stores, and protects personal information obtained in connection with our cyber insurance services.

By using our website or submitting an application for coverage, you acknowledge and accept the practices described in this policy.

Scope

This Privacy Policy applies to all personal data collected by Invision through our digital platforms and application processes. It governs how we handle data from organisations and individuals interacting with our services, currently within the United States.

Information we collect

We only collect personal and business information directly from you when it is necessary for processing an insurance application or managing a related enquiry. This may include:

·       Name, email address, and contact details

·       Organisation name, size, and industry

·       Revenue, security risk profile, and other application-related disclosures

·       Any supporting documentation voluntarily submitted (e.g., security reports, organisational charts)

We do not collect personal data through passive browsing of our website, nor do we engage in behavioural tracking or third-party advertising.

Purpose of Collection

We process your information for the following purposes:

·       To assess and process insurance applications

·       Support ongoing insurance coverage and future policy renewals

·       The handling of incidents and insurance claims

·       To communicate with applicants and authorised brokers

·       To maintain business records and regulatory compliance

·       To improve service delivery and ensure application completeness

We do not use your data for marketing or profiling.

Disclosure of Information

Invision does not sell, rent, or share your personal information with third parties for advertising or unrelated purposes.

We may share information only with:

• Your nominated insurance broker
• Our capacity providers (Beazley, Munich Re, Antares) for the purposes of reviewing and issuing insurance coverage
• Secure third-party technology partners (e.g., application hosting or cybersecurity platforms) operating under strict confidentiality obligations

All disclosures are made on a need-to-know basis and in accordance with applicable legal or regulatory obligations.

Application Form Data

As part of the application process, we collect two key types of information:

1. Application Form - When you apply for cover, you provide us with an application form that includes essential business and risk-related information. This form is shared only with your appointed insurance broker, who requires it to assess your needs and facilitate coverage discussions. Invision also retains a copy of this form for underwriting purposes.
2. Invision Insights Report - In addition to the application form, you authorise access to your Invision Insights Report within Trend Vision One™. This data is treated with the highest level of confidentiality. It is not shared with your broker, nor with any third parties. Only Invision has access to this report, and it is used solely for underwriting and risk assessment purposes.

Use of Anonymised Data
We may, from time to time, aggregate and anonymise data across our portfolio to identify patterns and produce high-level trend reports. These reports may be shared with our capacity providers to support the development of sustainable and forward-thinking cyber insurance solutions.
Importantly, any information used in this way will be fully anonymised and will not include any personal, identifiable, or sensitive data.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

Access to application data is restricted to authorised personnel only and protected by secure data handling protocols.

All customer data is encrypted both at rest and in transit. Sensitive information — including access tokens and API keys — is further protected through application-level encryption before being stored in our databases.

Data Retention

We retain personal data only for as long as necessary to:

·       Complete the application and policy process

·       Comply with legal, regulatory, or contractual requirements

·       To support ongoing insurance coverage and future policy renewals

·       To support claims handling

·       Resolve disputes or enforce our terms

·       To assess and process insurance applications

After this period, data is securely deleted or anonymised.

Your Rights

Depending on your jurisdiction, you may have the right to:

·       Access the personal data we hold about you

·       Request correction of inaccurate information

·       Request deletion of data, subject to regulatory requirements

·       Object to or restrict processing in certain circumstances

Requests may be submitted by contacting us using the details below.

Your Rights

Depending on your jurisdiction, you may have the right to:

·       Access the personal data we hold about you

·       Request correction of inaccurate information

·       Request deletion of data, subject to regulatory requirements

·       Object to or restrict processing in certain circumstances

Requests may be submitted by contacting us using the details below.

International Data Transfers

Invision is based in the United Kingdom. As a result, information provided by applicants outside the UK may be transferred to and processed in the UK.

We ensure that all data transfers are handled securely and in accordance with applicable data protection laws. The UK is currently recognised by U.S. authorities and various international regulators as providing an adequate level of data protection.

By submitting an application or interacting with our services, you consent to this international transfer of data, solely for the purpose of processing your application, handling claims and managing your insurance product.

Contact Information

If you have questions about this Privacy Policy or how we handle your personal information, please contact Invision Cyber at:

email: enquiries@invisioncyber.com


Address: Invision Cyber, 71 Fenchurch St, London, EC3M 4BS

Updates to this Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be posted on this page with an updated effective date.

EU GDPR Addendum (for EEA/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional information applies in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

• Contractual necessity – to assess and process your application for insurance services
• Legal obligation – to comply with applicable regulatory requirement
• Legitimate interest – to operate and improve our services, provided such interests are not overridden by your rights
• Consent – where required, such as for optional communications or marketing (currently not used)

Your Rights Under GDPR

As an individual in the EEA or UK, you have the right to:

·       Request access to your personal data

·       Request correction of inaccurate or incomplete data

·       Request erasure of your data (“right to be forgotten”)

·       Object to or restrict processing of your data

·       Request transfer of your data (data portability)

·       Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please contact us at enquiries@invisioncyber.com. We may require verification of your identity before fulfilling your request.

Data Controller

Invision Cyber is the data controller for personal data processed under this policy.


You may also contact the UK’s Information Commissioner’s Office (ICO) or your local supervisory authority if you believe your rights under GDPR have been violated.