Privacy Policy

Effective Date: [19/06/2025]

This Privacy Policy sets out how Invision Cyber (“Invision,” “we,” “us,” or “our”) collects, uses, stores, and protects personal information obtained in connection with our cyber insurance services.

By using our website or submitting an application for coverage, you acknowledge and accept the practices described in this policy.

Scope

This Privacy Policy applies to all personal data collected by Invision through our digital platforms and application processes. It governs how we handle data from organisations and individuals interacting with our services, currently within the United States.

Information we collect

We only collect personal and business information directly from you when it is necessary for processing an insurance application or managing a related enquiry. This may include:

·       Name, email address, and contact details

·       Organisation name, size, and industry

·       Revenue, security risk profile, and other application-related disclosures

·       Any supporting documentation voluntarily submitted (e.g., security reports, organisational charts)

We do not collect personal data through passive browsing of our website, nor do we engage in behavioural tracking or third-party advertising.

Purpose of Collection

We process your information for the following purposes:

·       To assess and process insurance applications

·       Support ongoing insurance coverage and future policy renewals

·       The handling of incidents and insurance claims

·       To communicate with applicants and authorised brokers

·       To maintain business records and regulatory compliance

·       To improve service delivery and ensure application completeness

We do not use your data for marketing or profiling.

Disclosure of Information

Invision does not sell, rent, or share your personal information with third parties for advertising or unrelated purposes.

We may share information only with:

• Your nominated insurance broker
• Our capacity providers (Beazley, Munich Re, Antares) for the purposes of reviewing and issuing insurance coverage
• Secure third-party technology partners (e.g., application hosting or cybersecurity platforms) operating under strict confidentiality obligations

All disclosures are made on a need-to-know basis and in accordance with applicable legal or regulatory obligations.

Application Form Data

As part of the application process, we collect two key types of information:

1. Application Form - When you apply for cover, you provide us with an application form that includes essential business and risk-related information. This form is shared only with your appointed insurance broker, who requires it to assess your needs and facilitate coverage discussions. Invision also retains a copy of this form for underwriting purposes.
2. Invision Insights Report - In addition to the application form, you authorise access to your Invision Insights Report within Trend Vision One™. This data is treated with the highest level of confidentiality. It is not shared with your broker, nor with any third parties. Only Invision has access to this report, and it is used solely for underwriting and risk assessment purposes.

Use of Anonymised Data
We may, from time to time, aggregate and anonymise data across our portfolio to identify patterns and produce high-level trend reports. These reports may be shared with our capacity providers to support the development of sustainable and forward-thinking cyber insurance solutions.
Importantly, any information used in this way will be fully anonymised and will not include any personal, identifiable, or sensitive data.

Data Security

We implement appropriate technical and organisational measures to protect your personal data against unauthorised access, alteration, disclosure, or destruction.

Access to application data is restricted to authorised personnel only and protected by secure data handling protocols.

All customer data is encrypted both at rest and in transit. Sensitive information — including access tokens and API keys — is further protected through application-level encryption before being stored in our databases.

Data Retention

We retain personal data only for as long as necessary to:

·       Complete the application and policy process

·       Comply with legal, regulatory, or contractual requirements

·       To support ongoing insurance coverage and future policy renewals

·       To support claims handling

·       Resolve disputes or enforce our terms

·       To assess and process insurance applications

After this period, data is securely deleted or anonymised.

Your Rights

Depending on your jurisdiction, you may have the right to:

·       Access the personal data we hold about you

·       Request correction of inaccurate information

·       Request deletion of data, subject to regulatory requirements

·       Object to or restrict processing in certain circumstances

Requests may be submitted by contacting us using the details below.

California Privacy Notice (for California Residents)

This section applies only to individuals residing in the State of California whose personal information we may process in connection with cyber insurance applications underwritten by Lloyd’s Underwriters. We act as a service provider on behalf of the Underwriters and process personal information solely for the purpose of delivering insurance services at their direction.

We do not sell or share personal information for commercial purposes outside our business relationship with the Underwriters.

Categories of Personal Information We Collect:

• Identifiers (e.g., name, email address, job title, organisation)
• Professional or employment-related information
• Internet or network activity related to your use of our application portal
• Application-related information (e.g., industry, security profile)

Use of Information

We collect and process this information to:

• Assess insurance applications on behalf of Underwriters
• Manage policy administration, renewals, and claims
• Comply with legal and regulatory requirements

Your Rights Under the California Consumer Privacy Act (CCPA)

If you are a California resident, you have the following rights, which we honour on behalf of the Underwriters:

• Right to Know - to request details of the personal information we hold about you;
• Right to Delete - to request deletion of your personal information, subject to legal exceptions;
• Right to Correct - to request correction of inaccurate personal data;
• Right to Opt Out of Sale or Sharing - note: we do not sell or share your personal information;
• Right to Limit Use of Sensitive Personal Information - if applicable.

To exercise any of these rights, please contact us using either of the following:

• Toll-free number: TBC
• Email: enquiries@invisioncyber.com

You may also forward privacy-related requests directly to the relevant Lloyd’s Underwriter. In all cases, we will coordinate with the Underwriters regarding fulfilment of your request and provide a response in accordance with their instructions.

International Data Transfers

Invision is based in the United Kingdom. As a result, information provided by applicants outside the UK may be transferred to and processed in the UK.

Where personal data is transferred from the UK to a country not subject to a UK adequacy decision, including the United States, we implement additional safeguards to ensure your data remains protected in accordance with applicable laws.

Where such transfers occur, the parties agree that the transfer will be governed by the EU Standard Contractual Clauses (Controller-to-Controller, Commission Decision 2021/914), as supplemented by the UK International Data Transfer Addendum (version B1.0, issued by the UK Information Commissioner on 21 March 2022). These terms are incorporated into and form part of this Privacy Policy and apply to the transfer of your data from Invision to your appointed US-based insurance broker, Woodruff Sawyer.

These safeguards ensure your data is processed lawfully and with appropriate levels of security, including confidentiality, purpose limitation, and support for your data protection rights.

To request a copy of the Standard Contractual Clauses and Addendum, please contact us using the details provided below.

Contact Information

If you have questions about this Privacy Policy or how we handle your personal information, please contact Invision Cyber at:

email: enquiries@invisioncyber.com


Address: Invision Cyber, 70 Fenchurch St, London, EC3M 4BS

Updates to this Policy

We reserve the right to update this Privacy Policy at any time. Material changes will be posted on this page with an updated effective date.

EU GDPR Addendum (for EEA/UK Residents)

If you are located in the European Economic Area (EEA) or the United Kingdom, the following additional information applies in accordance with the General Data Protection Regulation (GDPR) and the UK Data Protection Act 2018.

Legal Basis for Processing

We process your personal data based on one or more of the following legal bases:

• Contractual necessity – to assess and process your application for insurance services
• Legal obligation – to comply with applicable regulatory requirement
• Legitimate interest – to operate and improve our services, provided such interests are not overridden by your rights
• Consent – where required, such as for optional communications or marketing (currently not used)

Your Rights Under GDPR

As an individual in the EEA or UK, you have the right to:

·       Request access to your personal data

·       Request correction of inaccurate or incomplete data

·       Request erasure of your data (“right to be forgotten”)

·       Object to or restrict processing of your data

·       Request transfer of your data (data portability)

·       Withdraw consent at any time, where processing is based on consent

To exercise any of these rights, please contact us at enquiries@invisioncyber.com. We may require verification of your identity before fulfilling your request.

Data Controller

Invision Cyber is the data controller for personal data processed under this policy.


You may also contact the UK’s Information Commissioner’s Office (ICO) or your local supervisory authority if you believe your rights under GDPR have been violated.