Avallon Labs, Inc.
Privacy Policy

Last Updated: 18.05.2026

Colored gradient
Colored gradient

Avallon Labs, Inc., a Delaware corporation (“Avallon,” “Company,” “we,” “us,” or “our”), is committed to protecting the privacy and security of Personal Information.

This Privacy Policy (“Privacy Policy”) describes and governs the manner in which the Company collects, uses, maintains, discloses, and otherwise processes information about you when you visit or use our AI-powered claims operations platform, including agentic workflows, AI voice agents, document parsing, email orchestration, and related software, APIs, tools, dashboards, and integrations (collectively, the “Services”), and any other online services that link to this Privacy Policy.

Please read this Privacy Policy carefully before using the Services. By accessing or using the Services, or by clicking to accept these terms, you acknowledge that you have read and understood this Privacy Policy and agree to be bound by it, as well as by our Terms of Use (the “Terms of Use”), which are incorporated herein by reference.

If you do not agree to this Privacy Policy or the Terms of Use, you must not access or use the Services.

1. CATEGORIES OF PERSONAL INFORMATION WE COLLECT.

We may collect information that identifies, relates to, describes, or could reasonably be linked to an identifiable individual (“Personal Information”) in the following key categories:

·        General Personal Information: Name, username and password, business address, email address, phone number, and any other Personal Information requested for account creation, identity verification, and to comply with applicable laws.

·        Information You Upload: Any content you provide, submit, generate, or upload using the Services (“Content”), including but not limited to claim documents, workflow configurations, automation scripts, integration data, API credentials, and documents or reports generated through the Services. Because the Services include free-form uploads and configurations, Content may contain sensitive information depending on what you choose to include. You are responsible for the content you upload.

·        Payment Information: We may collect information related to fees we charge for use of our Services. Payment card information is processed by third-party payment processors and is not stored directly by the Company, except as provided to us by such processors. We may retain transaction records associated with your account.

·        Device and Usage Information: Information about how you access and use the Services, including IP address; device type, operating system, and application version; browser type; login and authentication events; feature usage events (e.g., workflow executions, API calls, automation triggers, AI feature interactions); crash logs, error reports, and performance metrics; and timestamps associated with activity. We collect this information to maintain security, ensure system reliability, prevent fraud, and improve the Services.

·        Marketing and Website Visitor Information: When you visit our marketing website, we and our service providers (including third-party identity resolution and enrichment providers) may collect online identifiers such as IP address, cookie and device identifiers, browser and device metadata, pages viewed, timestamps, and referrer parameters. In some cases, our service providers may associate your website session with professional or firmographic information derived from third-party professional data sources, such as your name, job title, company name, business email address, and company attributes. This information is used for sales and marketing purposes and is governed by our service providers’ own privacy practices.

·        Call Recordings, Transcripts, and Voice Communications: If you or your end users interact with our AI voice agents (including inbound call reception or outbound dialing features), we may record and transcribe those calls to provide the Services, generate claim data, and maintain audit logs. The Company’s AI voice features may involve the use of automated technology to initiate or receive telephone calls. Call recordings and transcripts are processed and stored in accordance with this Privacy Policy. You are solely responsible for ensuring that your use of the Company’s voice and calling features complies with all applicable laws, including the Telephone Consumer Protection Act (“TCPA”), applicable state telemarketing and mini-TCPA statutes, and federal and state recording and wiretapping laws. This includes obtaining all legally required consents from end users prior to initiating or enabling automated calls, prerecorded voice messages, or call recordings through the Services. The Company acts as a technology platform and service provider with respect to voice communications and is not responsible for your compliance obligations as the party directing use of these features.

·        Inferences: We may make inferences based on the information we collect for marketing and sales purposes, such as associating website sessions with a person or company and enriching with professional or firmographic details. We do not use claim content or customer data for this purpose.

·        Information from Third-Party Sources: We may receive limited information from service providers or publicly available sources as necessary for fraud prevention, security, or compliance purposes. We do not purchase consumer marketing profiles for personal or household purposes.

·        Sensitive and Regulated Information: The Services are designed for use by insurance carriers, third-party administrators, and their partners in connection with claims operations. In that context, the Services may process information that constitutes protected health information (“PHI”) as defined under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Where required, the Company enters into Business Associate Agreements (“BAAs”) with covered entities and business associates prior to processing PHI through the Services. PHI processed through the Services is handled in accordance with applicable HIPAA requirements and the terms of the applicable BAA. If you are a covered entity or business associate and have not executed a BAA with us, please contact us before submitting any PHI through the Services.

2. HOW WE COLLECT PERSONAL INFORMATION.

We collect Personal Information from the following sources:

Directly. We collect Personal Information directly from you when you register for the Services, submit information in an online form, request information from us, upload content, or otherwise communicate with us or our support personnel.

Passively. We and our service providers collect Personal Information from you passively through automatic data collection tools, including cookies, web beacons, and similar technologies.

Cookies. A cookie is a small file placed on your device. Cookies and similar technologies help enable core functionality of the Services, maintain session integrity, authenticate users, and support security, analytics, and performance monitoring. You may disable cookies through your browser settings, though doing so may limit certain features of the Services.

Web Beacons. Pages of our website or certain areas of the Services may contain small electronic files known as web beacons that permit the Company, for example, to count users who have visited those pages, measure engagement, and verify system and server integrity.

Monitoring and Observability Tools. We use tools that collect logs and performance metrics (such as request metadata, IP address, device and browser information, and error traces) to maintain the security, availability, and reliability of the Services.

From Customer-Enabled Integrations. If you configure the Services to connect with third-party systems (such as claims management systems, CRM platforms, document storage, or communication tools), we may receive information from those systems as directed by you. Such integrations are enabled at the customer’s direction and are subject to the third party’s own terms and privacy practices.

3. WHERE YOUR INFORMATION IS STORED AND PROCESSED.

Cloud Infrastructure. Personal Information and Content are stored and processed using secure cloud infrastructure and vetted service providers located primarily in the United States. Certain customer deployments may be configured to store and process data within the European Union or other jurisdictions, depending on the applicable customer configuration and agreement.

Service Providers. Personal Information may be processed by third-party service providers that support the operation, hosting, security, analytics, monitoring, and AI functionality of the Services. These providers process information on our behalf pursuant to written confidentiality, data protection, and security obligations.

International Transfers. If you access the Services from outside the United States, your Personal Information may be transferred to and processed in the United States or other jurisdictions where our service providers operate. By using the Services, you acknowledge that your Personal Information may be transferred to jurisdictions with data protection laws different from those in your country of residence.

Cross-Border Safeguards. Where required by applicable law, including the General Data Protection Regulation (“GDPR”) and applicable UK data protection law, we rely on recognized legal transfer mechanisms for cross-border transfers of Personal Information, which may include standard contractual clauses approved by the European Commission or other appropriate safeguards. Customers subject to GDPR or UK data protection law may be required to execute a separate Data Processing Agreement (“DPA”) with the Company prior to processing personal data of data subjects located in the European Economic Area or United Kingdom through the Services.

4. USE OF PERSONAL INFORMATION.

Avallon may disclose your Personal Data in the good faith belief that such action is necessary to:

We may use Personal Information for the following purposes:

·        to create, manage, secure, and authenticate your account credentials and access to the Services;

·        to process purchases, subscriptions, and maintain transaction records;

·        to provide customer support and respond to inquiries;

·        to operate, maintain, secure, monitor, debug, and improve the Services;

·        to maintain system integrity, prevent fraud, detect security incidents, and protect against misuse;

·        to perform analytics and diagnostic activities to understand feature usage, performance, and reliability;

·        to develop de-identified or aggregated insights that do not identify you;

·        to operate AI-enabled features using your inputs and Content solely to provide the outputs and functionality you request;

·        to record, transcribe, and process voice interactions with our AI agents in order to generate structured claims data, automate workflow actions, and maintain records of claim-related communications;

·        to identify and engage with prospective customers using website visitor data and professional enrichment information, where you have visited our marketing website;

·        to send service-related communications, administrative notices, and product updates; and

·        to comply with legal obligations and enforce our agreements.

We process Content only as necessary to provide, maintain, secure, and support the Services. We do not use customer Content or claim data to train AI models. We may use aggregated, de-identified operational data (such as system performance metrics) to maintain and improve the reliability of the Services. We do not sell Personal Information and do not share Personal Information for cross-context behavioral advertising or targeted advertising.

5. MANAGEMENT OF PERSONAL INFORMATION.

Our goal is to keep Personal Information accurate and up-to-date. If you find that your Personal Information is not accurate, please contact us. We will use reasonable efforts to investigate your concerns and make the necessary corrections, additions, or deletions.

6. SHARING PERSONAL INFORMATION.

We may share your Personal Information with third parties under the following circumstances:

·        At your direction. We may share your Personal Information or Content at your express direction and with your authorization.

·        With service providers. We may share Personal Information with vendors and contractors who assist us with hosting, infrastructure, analytics, monitoring, security, billing, payment processing, customer support, identity resolution and firmographic enrichment for sales and marketing purposes, AI infrastructure and model serving, and related service operations. We require service providers to use Personal Information only as instructed and to implement appropriate security measures.

·        To comply with applicable law. We may share your information with appropriate authorities if we believe disclosure is required by applicable law. Where permitted by law, we will provide prompt notice of any such required disclosure so that you may seek a protective order or other appropriate remedy.

·        To protect the rights and property of the Company. We may share your Personal Information with third parties to protect the property and rights belonging to us or a third party, to protect the safety of the public or any person, or to prevent or stop activity we consider to be illegal, fraudulent, or legally actionable.

·        In connection with a sale or merger. In the event of a reorganization, merger, or sale, we may transfer your Personal Information to the relevant third party. We will continue to protect Personal Information as described in this Privacy Policy and will notify you of any material changes as required by law.

7. RETENTION

We will retain your Personal Information only for as long as is necessary to provide the Services and in accordance with our internal retention and deletion policies. We will retain and use your Personal Information to the extent necessary to comply with our legal obligations, resolve disputes, and enforce our legal agreements and policies.

We will also retain usage data for internal analysis purposes. Usage data is generally retained for a shorter period of time, except when this data is used to strengthen the security or to improve the functionality of our products and services, or we are legally obligated to retain this data for longer time periods.

Upon account termination or expiration, we will delete or de-identify Content and Personal Information in accordance with our retention policies unless continued retention is required by law. You may request deletion of your account at any time by contacting us at the address listed in Section XV below, and the Company will process such requests

8. OUR SERVICES ARE NOT INTENDED FOR CHILDREN.

The Services are not intended for, and may not be used by, individuals under eighteen (18) years of age. We do not knowingly collect Personal Information from anyone under 18. If we obtain actual knowledge that we have collected Personal Information from a minor, we will promptly delete such information in accordance with applicable law. If you believe that we may have collected Personal Information from a minor, please contact us at the address listed in Section XV below.

9. SECURITY OF YOUR PERSONAL INFORMATION.

The security of your Personal Information is important to us. We employ administrative, technical, and physical safeguards appropriate to the nature of the Personal Information, including encryption in transit and at rest where applicable, access controls, and least-privilege practices across our infrastructure and with service providers. No method of electronic storage or transmission is fully secure, and we cannot guarantee absolute security.

10. WE DO NOT SELL OR SHARE PERSONAL INFORMATION.

The Company does not sell Personal Information for monetary consideration. The Company does not share Personal Information for cross-context behavioral advertising or targeted advertising. We do not use Content for advertising purposes.

11. U.S. STATE PRIVACY RIGHTS.

If you reside in a U.S. state that provides privacy rights under applicable data protection laws, you may have certain rights with respect to your Personal Information, subject to applicable limitations and exceptions. Depending on your state of residence, these rights may include:

·        Right to Access. You may request confirmation of whether we process your Personal Information and request access to, or a copy of, the Personal Information we maintain about you.

·        Right to Correction. You may request that we correct inaccuracies in Personal Information we maintain about you.

·        Right to Deletion. You may request that we delete Personal Information we have collected from or about you, subject to certain exceptions permitted by applicable law.

·        Right to Data Portability. You may request a copy of certain Personal Information in a portable and, to the extent technically feasible, readily usable format.

·        Right to Opt Out of Sale or Sharing. As described in Section X above, the Company does not sell Personal Information and does not share Personal Information for cross-context behavioral advertising or targeted advertising.

·        Right to Appeal. If we deny your request, you may have the right to appeal our decision as permitted by applicable law.

You have the right to exercise these rights without being subject to unlawful discrimination. To exercise any of the rights described above, please contact us at the address listed in Section XV below. We may take reasonable steps to verify your identity before responding to your request.

12. EXERCISING YOUR PRIVACY RIGHTS.

To protect your privacy and security, we may take reasonable steps to verify your identity before responding to your request. If you submit a request through an authorized agent, we may require proof of the agent’s authority and may also require you to verify your identity directly with us.

We may decline or limit requests where permitted by applicable law, including where we are required to retain information to:

·        complete a transaction or provide the Services requested by you;

·        comply with legal obligations;

·        detect or prevent fraud, abuse, or security incidents;

·        enforce our agreements; or

·        protect our rights or the rights and safety of others.

13. ACCOUNT AND COMMUNICATION CHOICES.

You may choose whether to provide certain Personal Information to us; however, some features of the Services may not function properly without it.

If you receive service-related or administrative communications from us, you may not opt out of those communications. You may opt out of non-essential communications (such as promotional emails) by following the unsubscribe instructions included in those communications or by contacting us at the address listed in Section XV below.

Call Recording and Transcription. Where the Company’s AI voice agent features are used, end users interacting with those features may be presented with an option to opt out of call recording and transcription, where that option has been enabled and configured by the applicable customer. The availability of this opt-out depends on customer configuration and applicable law. You are responsible for ensuring that your deployment of the Services provides appropriate notice and opt-out mechanisms to end users in compliance with applicable recording and wiretapping laws.

14. CHANGES TO THIS PRIVACY POLICY.

We reserve the right, at our sole discretion, to change, modify, add, or remove any portion of this Privacy Policy at any time. Notification of changes will be posted on our website. Amendments to this Privacy Policy will be effective when posted. Your continued use of the Services following the posting of any amendment constitutes your acceptance thereof.

Contact Information

If you would like to contact us with questions or comments concerning our Privacy Policy,
please e-mail us at team@avallon.ai, or write to us at:

Avallon Labs, Inc.

Attention: Privacy

[INSERT ADDRESS]