RiskWiseSign In

Privacy Policy

Last updated: April 21, 2026

1. Introduction

JOOP LLC, doing business as RiskWise ("RiskWise," "we," "our," or "us"), is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our risk management platform at www.getriskwise.com (the "Service").

By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

2. Information We Collect

We collect information you provide directly to us, including:

  • Account information: Name, email address, company name, password (managed by Supabase Auth)
  • Contract documents: Subcontracts and related documents you upload for analysis
  • Insurance information: Certificates of insurance, policy details, and coverage documents
  • Employee and crew data: Names, phone numbers (if voluntarily provided), training records, and safety documentation
  • Subcontractor compliance data: COIs, licenses, and MSAs uploaded by or on behalf of your subcontractors
  • Payment information: Billing details processed by Stripe (we do not store full card numbers)
  • Communications: Messages sent through AskRW, support requests, and feedback

We also automatically collect:

  • Usage data: Pages visited, features used, timestamps, and interaction patterns
  • Device information: Browser type, operating system, and screen resolution
  • Log data: IP addresses, access times, and referring URLs
  • Error data: Application errors and performance metrics collected via Sentry

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Analyze contracts and identify risk clauses using AI
  • Generate insurance coverage gap analyses and compliance reports
  • Deliver toolbox talks and safety training content
  • Send transactional emails (account verification, billing, feature notifications)
  • Process payments and manage subscriptions
  • Monitor and improve platform security, performance, and reliability
  • Respond to your support requests and AskRW queries
  • Generate aggregated, de-identified data products (see Section 5)
  • Comply with legal obligations

4. AI & Machine Learning Data Processing

The Service uses artificial intelligence to analyze contracts, assess risk, and respond to user queries. We use the following AI providers:

  • Anthropic (Claude API): Used for contract analysis, risk assessment, and the AskRW assistant. Under Anthropic's API usage policy, data submitted through the API is not used to train their models.
  • OpenAI: Used solely for generating text embeddings (vector representations of text for search and similarity features). Document content sent for embedding is not used by OpenAI to train models under their API data usage policy.

Your uploaded documents are sent to these AI providers solely for the purpose of generating analysis results or embeddings. RiskWise does not use your uploaded documents to train any AI model, and we do not permit our AI subprocessors to do so.

Analysis results and embeddings are stored within your account and are subject to the same access controls and retention policies as your other data.

For a complete list of third-party services that process your data, see our Subprocessors page.

5. Aggregated Data

RiskWise may create aggregated, de-identified data derived from information collected through the Service. This includes industry-level risk trends, common contract clause patterns, coverage gap statistics, and similar insights that cannot be used to identify any individual user, company, or specific contract.

We retain a perpetual, irrevocable, royalty-free license to use, analyze, publish, and commercialize aggregated data. This right survives account termination. Aggregated data may be shared with or licensed to third parties, including insurance carriers and industry researchers.

Aggregated data is not "personal information" as defined under applicable privacy laws because it cannot reasonably be linked to any individual. Accordingly, there is no opt-out right for aggregated data. You may, however, exercise your right to delete your personal data (see Section 10), after which no new aggregated data will be derived from your account.

6. Data Sharing

RiskWise does not sell your personal information as defined by the CCPA or any other applicable privacy law. We may share personal data with:

  • Service providers and subprocessors: Third-party services that assist in operating the platform (see Subprocessors)
  • Legal authorities: When required by law, subpoena, or court order, or to protect our legal rights
  • Business transfers: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the successor entity
  • Aggregated data recipients: De-identified, aggregated data may be shared with or licensed to third parties (see Section 5)

7. SMS Messaging

RiskWise offers optional SMS text messaging to employees whose employers have added them to the platform. SMS messaging is entirely optional and is not required to create an account, maintain a subscription, or access any feature of the platform. All platform functionality is available via the web application and email without SMS.

Messages include safety toolbox talk delivery, compliance reminders, document signature requests, and account notifications. Messages are work-related only — we do not send marketing or promotional messages via SMS.

Consent is collected when an employee voluntarily provides their phone number during onboarding, or when an employer confirms consent on behalf of the employee. Message frequency varies (typically 1–4 messages per week). Message and data rates may apply.

Recipients may opt out at any time by replying STOP to any message. For help, reply HELP or email Hello@GetRiskWise.com. Phone numbers are not sold, shared, or rented to third parties. See our full SMS Consent Policy for details.

8. Cookies & Tracking Technologies

We use cookies and similar technologies to operate the Service. For detailed information about the cookies we use, their purposes, and how to manage your preferences, see our Cookie Policy.

In summary, we use:

  • Essential cookies: Required for authentication and core functionality (e.g., Supabase auth token)
  • Analytics cookies: Used to understand how the Service is used (Vercel Analytics), enabled only with your consent
  • Error monitoring: Sentry collects error data to help us fix issues

9. Data Security

We implement industry-standard security measures to protect your data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256)
  • Row-level security (RLS) policies on all database tables
  • Authentication managed by Supabase Auth
  • Content Security Policy (CSP) and HTTP Strict Transport Security (HSTS) headers
  • Rate limiting on API endpoints
  • Regular security monitoring and logging

No method of transmission or storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. For more details, see our Security Overview.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal data (subject to legal retention requirements)
  • Data portability: Receive your data in a structured, machine-readable format
  • Opt out of marketing: Unsubscribe from marketing communications at any time
  • Data export: Export your data within 30 days of request

To exercise any of these rights, contact us at Hello@GetRiskWise.com. We will verify your identity before processing your request and respond within the timeframe required by applicable law.

11. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

  • Right to Know: You may request details about the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purposes, and the categories of third parties with whom we share it.
  • Right to Delete: You may request deletion of your personal information, subject to certain exceptions (e.g., legal retention requirements, ongoing service provision).
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Opt Out of Sale/Sharing: RiskWise does not sell your personal information as defined by the CCPA. We do not share personal information for cross-context behavioral advertising. We may share de-identified, aggregated data that cannot reasonably be linked to any individual.
  • Right to Limit Use of Sensitive Personal Information: We only use sensitive personal information for purposes authorized by the CCPA.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

Categories of personal information collected in the preceding 12 months: Identifiers (name, email), commercial information (subscription data), internet activity (usage data), professional information (company name, trade), and inferences drawn from the above.

To exercise any of these rights, contact us at Hello@GetRiskWise.com. We will verify your identity before processing your request and respond within 45 days as required by law. You may designate an authorized agent to make a request on your behalf.

12. Additional State Privacy Rights

Residents of certain states may have additional privacy rights under their respective state laws, including but not limited to:

  • Virginia (VCDPA): Rights to access, correct, delete, obtain a copy of, and opt out of targeted advertising and profiling.
  • Colorado (CPA): Similar rights to Virginia, plus the right to appeal a denial of your privacy request.
  • Connecticut (CTDPA): Rights to access, correct, delete, and opt out of targeted advertising, profiling, and sale of personal data.
  • Utah (UCPA), Iowa, Indiana, Tennessee, Montana, Texas, Oregon: Various consumer privacy rights as provided by each state's applicable law.

To exercise any state-specific privacy rights, contact us at Hello@GetRiskWise.com. If we decline your request, you may appeal by contacting us with "Privacy Appeal" in the subject line.

13. Data Retention

We retain your data for as long as your account is active or as needed to provide the Service. Specific retention periods:

  • Account data: Retained while account is active; available for export for 30 days after account closure, then deleted
  • Uploaded documents: Deleted within 30 days of account closure or upon your request
  • Analysis results: Retained with account data; deleted upon account closure
  • Backups: Retained for up to 60 days after data deletion for disaster recovery purposes
  • SMS consent records: Retained for 5 years after last consent action as required by TCPA compliance
  • Billing records: Retained as required by applicable tax and financial regulations
  • Aggregated data: Retained perpetually (de-identified, not linked to your account)

14. International Data Transfers

The Service is operated in the United States. All subprocessors are located in the United States. If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Service, you consent to such transfer.

15. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe we have inadvertently collected information from a child, please contact us at Hello@GetRiskWise.com and we will promptly delete it.

16. Breach Notification

In the event of a data breach that compromises your personal information, we will notify affected users and relevant authorities as required by applicable law, including within 72 hours where required by state breach notification statutes. Notification will be sent via email to the address associated with your account.

17. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you by email or by posting a notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

18. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us at:

JOOP LLC, d/b/a RiskWise

Email: Hello@GetRiskWise.com

Website: www.getriskwise.com

Legal HubTerms of ServicePrivacy PolicySubprocessors