Website Privacy Policy
Like most website operators, Spear Technologies (“Spear”) collects non-personally-identifying information that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Spear’s purpose in collecting this information is to better understand how visitors use our website. From time to time, Spear may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of our website.
Spear also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on any of our websites. Spear only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that website commenter IP addresses are visible and disclosed to the administrators of the website where the comment was left.
Your privacy is important to us. At Spear we have a few fundamental principles:
- We do not ask you for personal information unless we need it.
- We don’t share your personal information with anyone except to comply with the law, develop and operate our products and services, or protect our rights.
- We do not store personal information on our servers unless required for the ongoing operation of one of our products or services.
In our member products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted. It is Spear’s policy to respect your privacy regarding any information we may collect while operating our websites and services.
Your privacy is critically important to us.
WEBSITE PRIVACY POLICY
Last Updated: June 4, 2023
Like most website operators, Spear collects non-personally-identifying information that web browsers and servers typically make available, such as the browser type, language preference, referring site, and the date and time of each visitor request. Spear’s purpose in collecting this information is to better understand how visitors use our website. From time to time, Spear may release non-personally-identifying information in the aggregate, e.g., by publishing a report on trends in the usage of our website.
Spear also collects potentially personally-identifying information like Internet Protocol (IP) addresses for logged in users and for users leaving comments on any of our websites. Spear only discloses logged in user and commenter IP addresses under the same circumstances that it uses and discloses personally-identifying information as described below, except that website commenter IP addresses are visible and disclosed to the administrators of the website where the comment was left.
Your privacy is important to us. At Spear we have a few fundamental principles:
• We do not ask you for personal information unless we need it.
• We don’t share your personal information with anyone except to comply with the law, develop and operate our products and services, or protect our rights.
• We do not store personal information on our servers unless required for the ongoing operation of one of our products or services.
In our member products, we aim to make it as simple as possible for you to control what’s visible to the public, seen by search engines, kept private, and permanently deleted. It is Spear’s policy to respect your privacy regarding any information we may collect while operating our websites and services.
NOW THE LEGAL STUFF
Spear (“Spear,” “we,” “our,” or “us”) respects your privacy and is committed to protecting it through our compliance with this Privacy Policy. This Privacy Policy describes (1) the types of personal information we may collect from you or that you may provide when you visit our website located at https://spear-tech.com/ (our “Website”), and (2) our practices for collecting, using, protecting and disclosing that information. This Privacy Policy also describes how we collect and use data in connection with our software-as-a-service offering and related professional services that we provide pursuant to written agreements with our customers (herein referred to as the “Services”).
COLLECTION AND USE OF PERSONAL INFORMATION
Spear Website
Personal information collected from you on our Website will be used to carry out the actions you have requested or authorized. Additionally, we may use your personal information to provide you with information about our Services.
Our Website may collect certain information about your visit, such as the name of your Internet service provider and the Internet Protocol (IP) address through which you access the Internet; the browser you are using; the date and time you access our Website; the pages that you access while at our Website and the Internet address of the Website from which you linked directly to our Website. This information is used to help improve our Website, analyze trends, and administer our Website.
From time to time, we may engage third party providers of marketing services to assist us with the purposes set forth above. We maintain contracts with each of these third parties restricting their access, use, and disclosure of personal data. We otherwise do not disclose personal information collected from our Website to non-agent third parties without authorization from the individual that submitted such information to us.
We provide the opportunity for individuals to “opt-out” of having their personal information (as collected from our Website) used for the purposes set forth above. If you do not wish your personal information (as collected from our Website) to be stored on our systems, or provided to third parties, we will remove your information from these systems. Simply email info@spear-tech.com with the details of your request and we will respond promptly.
Spear Services
As part of our Services, we provide a web-based system to our customers (primarily companies and governmental entities) and their designated third-party users (collectively, our “Users”) that tracks information related to insurance and risk in order to help our Users manage insurance claims, improve safety and reduce costs. In providing the Services to our Users, we store and process data that our Users submit to us or instruct us to process. We use such information in order to provide and improve the Services to our Users pursuant to the terms of the written agreement between us and our customer, and we do not use this information for any other purpose.
While our Users decide what data to submit, it typically includes insurance-related information such as claims, incidents, and policies, as well as related supporting documentation and analysis. This information may include personally identifiable information. When we provide our Services to our Users, in some instances we process personal information about third parties that is provided by our Users.
We use a limited number of third-party service providers to assist us in providing our Services to our Users. These service providers fall into one of the following categories:
• Hosting provider (we currently use Microsoft’s Azure Web Services https://azure.microsoft.com ) Please visit Microsoft’s Trust center to learn about the cybersecurity protections afforded our customer’s data through use of our Connections Management System, including: a broad set of international and industry-specific compliance standards, such as General Data Protection Regulation (GDPR), ISO 27001, HIPAA, FedRAMP, SOC 1 and SOC 2, as well as country-specific standards, including Australia IRAP, UK G-Cloud, and Singapore MTCS. Rigorous third-party audits, such as those done by the British Standards Institute, verify Azure’s adherence to the strict security controls these standards mandate. https://azure.microsoft.com/en-us/overview/trusted-cloud/
• Providers of additional functionality for our Services (as set forth in the written agreement between us and our customer)
These third parties may access, process, or store personal data in the course of providing their services. We will only provide personal information to these third parties for the purpose of providing our Services to our Users. We maintain contracts with each of these third parties restricting their access, use, and disclosure of personal data. Our customers and Users generally will not have the opportunity to opt out of having their personal information shared with these third-party service providers for these purposes while receiving our Services. We otherwise do not disclose personal information to non-agent third parties except as may be contemplated by a written agreement with our customer or otherwise as directed by our Users.
Disclosure Required by Law
In certain situations, we may be required to disclose personal data in response to lawful requests by public authorities, including to meet national security or law enforcement requirements. We reserve the right to disclose personal information as required by law and when we believe that disclosure is necessary to protect our legal rights and/or to comply with a judicial proceeding, court order, or legal process.
ACCESS TO PERSONAL INFORMATION
We acknowledge the desire of individuals to access their personal data as collected through our Website. Individuals wishing to review, edit, supplement or delete their personal data as collected through our Website may do so by contacting us at info@spear-tech.com, and we will promptly respond to any such request.
Individuals wishing to review, edit, supplement or delete their personal data as provided to us by our Users for use with our Services should contact the applicable User that provided this data to us. Alternatively, such an individual can contact us at info@spear-tech.com and we will work with our User to respond to the request. However, note that we are contractually bound to our customers to maintain the confidentiality and integrity of the personal information that we store as part of our Services, and any such request from an individual that is not our customer would need to be approved by our customer except as otherwise required by law.
SECURITY OF YOUR PERSONAL INFORMATION
We are committed to protecting the security of your personal information. While no computer system is completely secure, we have put in place commercially reasonable physical, electronic, and managerial procedures to safeguard and secure your personal information.
USE OF YOUR PERSONAL INFORMATION
We may use the personal information we collect in a variety of ways, including to:
• Provide you with the best customer experience possible;
• Provide necessary support, management, and functionality of the Website and Services;
• Remember you when you visit the Website or use the Services;
• Measure the use of the Website and Services and improve the content of the Website and Services;
• Address network integrity and security issues; and
• Comply with applicable laws and as otherwise allowed by law.
Disclosure Required by Law
If you are a California resident and have an established business relationship with us, you can request that we provide certain information about our company’s sharing of personal information with third parties for direct marketing purposes. We do not share any California consumer personal information with third parties for marketing purposes without consent. California residents who wish to make this request may contact us using the contact information below.
Social Media Sites
When you interact with an Spear account on a social media platform, such as LinkedIn or Twitter, we may collect the personal information that you make available to us on that page or account, including your user ID and/or user name, and any information you have made public in connection with that social media service. Please note, however, that we will comply with the privacy policies of the corresponding social media platform and we will only collect and store such personal information that we are permitted to collect by these social media platforms. Our Website may include social media widgets. These features may collect information about your IP address and which page you’re visiting on our Website, and they may set a cookie to make sure their feature functions properly. Social media features and widgets are either hosted by a third party or hosted directly on our Website. Your interactions with those features are governed by the privacy policies of the companies that provide them.
eChoice of Future Communications
From time to time, we may send you information about our Services that may be of interest to you. At such a time, you will be given an opportunity to opt-out of future communications.
Transfer of Information
If we sell all or part of our business, or make a sale or transfer of our assets, or are otherwise involved in a merger or transfer of all or a material part of our business, or are involved in a bankruptcy, we may transfer your information to the party or parties involved as part of that transaction.
COOKIES AND TRACKING
We may use technology to track the patterns of behavior of visitors to our Website. This can include using a “cookie,” a text file sent by a web server to a web browser, and stored by the browser for record keeping purposes. As a result, it is possible to speed up your future activities on our Website and allow us to provide you with a personalized browsing experience.
You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. This may prevent you from taking full advantage of the features of our Website.
Our Website does not process or respond to web browsers’ “do not track” signals or other similar transmissions that indicate a request to disable online tracking of users who visit our Website.
LINKS TO THIRD PARTY WEBSITES
Our Website and our Services may provide links to unaffiliated third-party websites. As we do not control these websites, we encourage you to review the policies of these third-party sites.
CHANGES TO THIS PRIVACY POLICY
We may occasionally update this Privacy Policy. When we do, we will also revise the “Last Updated” date at the top of this Privacy Policy. We encourage you to periodically review this Privacy Policy to stay informed about how we are helping to protect the personal information we collect. Your continued use of our Website or Services constitutes your agreement to this Privacy Policy and any updates.
CONTACT AND ENFORCEMENT INFORMATION
If you have any questions regarding this Privacy Policy, please contact us at info@spear-tech.com. If you believe that we have not adhered to this Privacy Policy, please contact us at info@spear-tech.com, and we will attempt to promptly determine and remedy the problem.
Overview
Spear is a unified solution providing a 360 degree view of the insurance process lifecycle. The Spear platform is a market-leading cloud-based core insurance software suite built from the ground-up specifically for P&C insurers and claim administrators.
Spear uses security tools to scan our internal environment, system and services. We also engage professional security vendors to perform third-party penetration tests and audits of our environment on an annual basis, respectively, while internal system scans are performed quarterly. The Core Insurance Platform service is hosted in multiple data centers to provide redundancy. The data centers are geographically distributed and highly redundant in themselves.
Access to Customer Data
A subset of Spear’s Personnel has access to customer data as necessary to support the platform and provide the service. Individual access is granted based on individual role and job responsibilities. Access to systems containing customer data is reviewed on a regular basis and is monitored on an ongoing basis.
Secure Data Handling and Destruction
Our solution is hosted on one or more cloud-based Infrastructure-as-a-Service platforms. These cloud providers are responsible for the security of the underlying cloud infrastructure and Spear takes the responsibility of securing workloads we deploy inside the cloud infrastructure. Cloud providers monitor and audit computing environments continuously, with certifications from accreditation bodies across geographies and verticals, including ISO 27001, FedRAMP, DoD CSM, and PCI DSS. Any device storing any data is subjected to data-at-rest encryption. The service makes use of code-level logic and permissions to segregate customer data.
Customer Responsibilities
As a user of the Core Insurance Platform, customers should be proactive in recognizing the value and sensitivity of the information provided by the service as well as the need to safeguard such data appropriately. This document details Spear’s customer responsibilities as they relate to use of the Core Insurance Platform. It is the responsibility of Spear customers to familiarize themselves with the information and procedures set forth below and comply with them.
Safeguarding of Assets and Information
To safeguard information assets and policy enforcement capabilities available in the Core Insurance Platform, the customers’ IT governance processes should include end-user training regarding appropriate use and awareness of the need for securing access to their Core Insurance Platform account credentials. As with most cloud services, access to the Core Insurance Platform requires a login ID and password or integration with a Single-Sign-On (SSO) provider. When an organization subscribes to the Core Insurance Platform service, it is the customer’s responsibility to manage which users should be given access to the service. Customers should also define when access should be removed. For example, removing access upon termination of employment or as part of departmental changes that result in change of duties or responsibilities. Only valid account credentials should be used by authorized users to access the Spear Core Insurance Platform service; users should not share authentication credentials.
Spear’s Core Insurance Platform service should be considered sensitive and confidential by users of the service. Users should follow information security best practices to ensure that access to their account credentials is appropriately limited, and the information and functionality provided by the Core Insurance Platform service is protected from unauthorized use. Core Insurance Platform users are responsible for maintaining the security and confidentiality of their user credentials (e.g., Login ID and Password), and are responsible for all activities and uses performed under their account credentials whether authorized by them or not. By establishing user credentials and accessing the platform, users of the Spear Core Insurance Platform service agree to comply with these requirements to safeguard assets and account information.
Service Termination
Spear service can be terminated per the terms of any in-effect contract or agreement by contacting legal@spear-tech.com, unless otherwise instructed in such agreement. If you do not receive a reply within 48 hours, you must make contact with Spear via telephone and speak with a company officer to ensure receipt of such request.
Password Management
The Core Insurance Platform service is accessible via the Internet. As a result, great care must be exercised by Core Insurance Platform users in protecting their subscription against unauthorized access and use of their credentials. By establishing user credentials and accessing the service, users agree to proactively protect the security and confidentiality of their user credentials and never share service account credentials, disclose any passwords or user identifications to any unauthorized persons, or permit any unauthorized person to use or access their Core Insurance Platform accounts. Any loss of control of passwords or user identifications could result in the loss or disclosure of confidential information and the responsible account owner(s) may be liable for the actions taken under their service account credentials whether they authorized the activity or not. Additionally, when establishing Core Insurance Platform account credentials, end users are required to establish strong passwords following password strength and complexity best practices; passwords should not be easily guessable.
Reporting Operational Issues
All Spear services are monitored 24×7 to meet our service commitments. All planned maintenance will be performed in accordance with Spear’s maintenance plan, which is communicated to customers when they sign up for the service. If there is a need to perform emergency maintenance for a vulnerability or bug fix, we will notify customers prior to the work being performed. To get updates in real-time, customers can subscribe to email notifications. On the occasion that Spear customers observe performance issues, problems or service outages, they can contact support@spear-tech.com or open a support ticket to report such issues.
Incidents and Breaches
By establishing Core Insurance Platform account credentials or accessing its service, customers agree to notify Spear immediately of any security incident, including any suspected or confirmed breach of security. Also, users of the service agree to log out or exit the service immediately at the end of each session to provide further protection against unauthorized use and intrusion. Spear customers should also notify Spear immediately if they observe any activity or communications in other forums that may indicate that other Spear customers have had their accounts compromised. Lastly, Spear encourages users to practice responsible disclosure by notifying Spear of any potential or confirmed security vulnerabilities. Spear is dedicated to providing secure services to clients, and will triage all security vulnerabilities that are reported. Furthermore, Spear will prioritize and fix security vulnerabilities in accordance with the risk that they pose.
Compliance Issues
Regulatory requirements and industry mandates are continuously increasing in scope & depth and can vary from industry to industry. Spear users agree to abide by the regulatory requirements, industry mandates, and other compliance requirements imposed on their organizations and understand that use of cloud-based services does not exclude the organizations from responsibilities for restricting access to application information and functionality.
Responsible Disclosure Policy
Spear is dedicated to keeping its cloud platform safe from all types of security issues thereby providing a safe and secure environment to our customers. Data security is a matter of utmost importance and a top priority for us. If you believe you have discovered a security flaw in the Core Insurance Platform or the underlying infrastructure, we appreciate your support in disclosing the issue to us in a responsible manner. Our responsible disclosure process is managed by the security team at Spear. We are always ready to recognize the efforts of security researchers by rewarding them with a token of appreciation, provided the reported security issue is of high severity and not already known to us. When reporting the security vulnerability to our Security team, please refrain from disclosing the vulnerability details to the public outside of this process without explicit permission. Please provide the complete details necessary for reproducing the issue. We determine the risk of each vulnerability by assessing the ease of exploitation and business impact associated with the vulnerability.
Response
As a security researcher, if you identify or discover a security vulnerability in compliance with the responsible disclosure guidelines, Spear commits to:
• acknowledge the receipt of the reported security vulnerability in a timely fashion
• notify you when the vulnerability is remediated
• extend our gratitude by providing a token of appreciation in supporting us to make our customers safer and more secure
Please report security issues to: itsupport@spear-tech.com
Whistleblower Policy
Spear maintains a whistleblower policy for reporting suspected or confirmed issues that violate our Code of Conduct. Issues can be reported by emailing whistleblower@spear-tech.com or by calling 833-564-5211 and asking for the CEO.
Data Retention
By default, we will retain your data indefinitely. You can ask to close your account by contacting us at support@spear-tech.com and we will delete your information upon request. We may, however, retain information, including personal information to the extent applicable, for an additional period as is required under applicable laws, for legal, tax, or regulatory reasons, or for legitimate and lawful business purposes.
Changes to our Privacy Policy
The Privacy Policy in effect at the time you use the Core Insurance Platform service governs how we may use your information. Our business may change from time-to-time. As a result, at times it may be necessary for Spear to make changes to the Privacy Policy. Spear reserves the right to update or modify the Privacy Policy at any time. If we make material changes we will post the updated policy on this page with an updated Effective Date. Please review our Privacy Policy periodically, and especially before providing your data to Spear through our website or by registering for the Core Insurance Platform service. Your continued use or access to the Spear corporate website or the Core Insurance Platform service after any changes or revisions to the Privacy Policy shall indicate your agreement with the terms of the revised Privacy Policy.
Changes to our Service Commitments
While rare, we may occasionally change our service terms. This includes, but is not limited to, our commitments regarding security, confidentiality, performance or availability. In the event that we intend to make such changes, we will notify the business contact for organization at the email address we have within our customer database at least thirty (30) days prior to such changes taking effect.
Contacting Spear
For general inquiries, please contact us at support@spear-tech.com
This website content may contain the trade names or trademarks of various third parties, and if so, any such use is solely for illustrative purposes only. All product and company names are trademarks™ or registered® trademarks of their respective holders. Use of them does not imply any affiliation with, endorsement by, or association of any kind between them and Spear Technologies.