Privacy Policy

Last updated: April 26, 2026

1. Introduction

Kiwi BMS Systems LLC ("Company", "we", "us") operates the Kiwi Business Management System ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service. Please read this policy carefully. By using the Service, you consent to the practices described herein.

2. Information We Collect

2.1 Information You Provide

  • Account Information: Name, email address, phone number, company name, and role when you register
  • Business Data: Client records, job and service information, commission data, billing records, and other business data you enter into the Service
  • Communications: Messages, support requests, and feedback you send to us
  • Integration Credentials: API keys and authentication tokens for third-party services you connect (stored encrypted)

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, time spent, and interaction patterns
  • Device Information: Browser type, operating system, IP address, and device identifiers
  • Log Data: Server logs including access times, error logs, and API call records
  • Cookies: Session cookies for authentication and preferences (see Section 7)

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your transactions and manage your subscription
  • Send administrative notifications (service updates, security alerts, billing reminders)
  • Respond to your support requests and communications
  • Monitor and analyze usage patterns to improve user experience
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our terms

4. Data Isolation and Multi-Tenancy

The Service operates on a multi-tenant architecture where each subscriber's data is logically isolated. Your business data (clients, jobs, commissions, etc.) is separated from other subscribers through workspace-level access controls and database-level tenant identifiers. No other subscriber can access your data, and we do not aggregate or share business data across workspaces.

5. Data Security

We implement industry-standard security measures to protect your data:

  • Encryption in Transit: All data transmitted between your browser and our servers is encrypted using TLS 1.2+
  • Encryption at Rest: Sensitive credentials (vendor portal passwords, integration API keys) are encrypted using AES-256-GCM
  • Access Controls: Role-based access control (RBAC) ensures users only access data appropriate to their role
  • Session Management: Secure, signed session cookies with automatic expiration
  • Rate Limiting: API rate limiting to prevent abuse and brute-force attacks

6. Data Sharing and Disclosure

We do not sell your personal information. We may share information only in these circumstances:

  • Service Providers: Third-party services that help us operate (cloud hosting, payment processing, email delivery), bound by confidentiality agreements
  • Legal Requirements: When required by law, subpoena, court order, or governmental regulation
  • Safety: To protect the rights, property, or safety of our users or the public
  • Business Transfers: In connection with a merger, acquisition, or sale of assets (with prior notice)
  • With Your Consent: When you explicitly authorize sharing with a third party

7. Cookies and Tracking

We use essential cookies for authentication and session management. These cookies are strictly necessary for the Service to function and cannot be disabled. We do not use advertising cookies or third-party tracking cookies. Analytics data is collected using privacy-respecting tools that do not track users across websites.

8. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Upon account termination, you have 30 days to export your data. After this period, your data will be permanently deleted from our systems within 90 days, except where retention is required by law (e.g., financial records may be retained for up to 7 years for tax compliance).

9. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you
  • Export: Download your business data at any time through the data export feature
  • Correction: Request correction of inaccurate personal data
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing of your personal data in certain circumstances

To exercise any of these rights, contact us at [email protected].

10. Industry Compliance

We understand that service businesses handle sensitive personal and financial information. Our Service is designed to help you comply with applicable regulations, including state-level data protection requirements. However, you are responsible for ensuring your use of the Service complies with all applicable laws and regulations in your jurisdiction, including any industry-specific licensing or regulatory requirements.

11. Children's Privacy

The Service is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete it promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or through the Service at least 30 days before they take effect. The "Last updated" date at the top of this page indicates when the policy was last revised.

13. Contact Us

For questions or concerns about this Privacy Policy or our data practices, please contact us at:

Kiwi BMS Systems LLC
Privacy Officer
Email: [email protected]
Website: www.insurewisesystems.com

Terms of Service|Back to Dashboard