Privacy Policy

Effective Date: March 2026 | Last Updated: March 2026

1. Introduction

Welcome to ApprUmp ("Service"), a property loss appraisal management application operated by Tekhnelysi LLC ("Company," "we," "us," or "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our web application at apprump.com and any associated mobile applications.

By using ApprUmp, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Service.

2. Information We Collect

2.1 Account Information

When you register for an account, we collect:

  • Full name
  • Email address
  • Password (stored as a salted hash — we never store plaintext passwords)
  • Professional title and license information (optional)
  • Company name and contact information (optional)
  • Phone number (optional)
  • Business address (optional)

2.2 Appraisal and Case Data

In the course of using ApprUmp, you may enter data related to your insurance appraisal practice, including:

  • Insured party names and contact information
  • Property addresses and loss details
  • Claim numbers, policy numbers, and carrier information
  • Panel member details (appraisers, umpires, attorneys)
  • Milestone dates, status updates, and activity logs
  • Financial data including time entries, expenses, invoices, and payments
  • Notes, correspondence, and case narratives

2.3 Files and Documents

You may upload files to ApprUmp, including:

  • Xactimate estimates and other PDF documents
  • Photographs of property damage
  • Correspondence and legal documents
  • Generated forms (Declarations of Appraiser, Awards, Retainer letters, etc.)
  • Invoices and financial documents

Files are stored in Cloudflare R2 cloud storage with user-level isolation. Each user's files are stored in a separate path and are not accessible to other users.

2.4 Automatically Collected Information

When you use ApprUmp, we automatically collect:

  • IP address and approximate geographic location
  • Browser type and version
  • Device type and operating system
  • Pages visited and features used
  • Date and time of access
  • Referring URL

3. How We Use Your Information

3.1 Providing the Service

We use your information to:

  • Create and manage your account
  • Store and display your appraisal case data
  • Generate documents, invoices, and forms
  • Process inbound emails and file attachments
  • Provide calendar scheduling and event management
  • Enable search, filtering, and reporting features
  • Deliver push notifications and task reminders

3.2 Communication

We may use your email address to:

  • Send calendar event invitations and notifications to attendees you designate
  • Deliver system notifications about your account
  • Respond to your support inquiries
  • Send important service announcements (e.g., security alerts, terms updates)

3.3 Service Improvement

We use aggregated, anonymized usage data to:

  • Understand how features are used and identify areas for improvement
  • Monitor and improve system performance and reliability
  • Diagnose technical problems

3.4 Security

We use technical information to:

  • Detect and prevent unauthorized access or abuse
  • Enforce rate limits and account lockout policies
  • Monitor for suspicious activity

3.5 Legal Compliance

We may process your information as required to comply with applicable laws, regulations, legal processes, or governmental requests.

4. AI Processing

4.1 Email Event Extraction

When you forward emails to your ApprUmp inbound email address, the email content may be processed by AI models (currently Google Gemini and OpenAI GPT) to extract potential calendar events such as site visits, deadlines, and meetings. This processing occurs in real-time and the extracted data is stored as structured JSON alongside the email record.

4.2 Appraisal Field Extraction

When you use the AI-assisted appraisal creation feature, forwarded assignment emails are processed by the same AI models to extract appraisal fields such as insured name, property address, claim number, and carrier information. This creates a draft appraisal for your review.

4.3 AI Data Handling

  • AI processing is performed via API calls to Google (Gemini) and OpenAI (GPT). We send only the specific email content needed for extraction — not your entire account data.
  • We do not use your data to train AI models. Both Google and OpenAI's API terms prohibit using API-submitted data for model training.
  • AI-extracted data is always presented for your review before being used. You can modify or discard any AI-generated suggestions.
  • A circuit breaker mechanism prevents excessive AI API calls in case of service issues.

5. How We Store and Protect Your Data

5.1 Data Storage

  • Database: Your account and appraisal data is stored in a PostgreSQL database hosted on Railway's infrastructure.
  • Files: Uploaded files and generated documents are stored in Cloudflare R2 object storage with user-level path isolation.
  • Region: Data is primarily stored and processed in the United States.

5.2 Security Measures

We implement industry-standard security measures including:

  • HTTPS/TLS encryption for all data in transit
  • HSTS with 2-year max-age and preload directive
  • Content Security Policy (CSP) with nonce-based script sources
  • Bcrypt password hashing with salt
  • Rate limiting on authentication endpoints
  • Account lockout after 10 failed login attempts (15-minute cooldown)
  • JWT tokens with issuer/audience claims and short expiration (15-minute access tokens)
  • Webhook authentication for inbound email processing
  • Multi-tenant data isolation — all database queries are scoped to the authenticated user
  • SHA-256 file deduplication to prevent redundant storage

5.3 Data Encryption

  • All data in transit is encrypted via TLS 1.2+
  • Google OAuth tokens are encrypted at rest using a dedicated encryption key
  • Passwords are stored as bcrypt hashes and are never stored or transmitted in plaintext

6. How We Share Your Information

6.1 Third-Party Service Providers

We share limited data with the following third-party providers who help us operate the Service:

Provider Purpose Data Shared
Railway Application hosting & database All application data (encrypted at rest)
Cloudflare R2 File storage Uploaded files and generated documents
Postmark Inbound email processing Email content forwarded to ApprUmp addresses
Google (Gemini API) AI event/field extraction Email body text for extraction
OpenAI (GPT API) AI event/field extraction (fallback) Email body text for extraction
Google Maps Address autocomplete & geocoding Address strings entered in forms
Google Calendar Calendar sync (user-initiated) Calendar event details (if sync is enabled)
Firebase (FCM) Push notifications Device tokens and notification payloads

6.2 Calendar Event Invitations

When you schedule events and add attendees, ApprUmp sends email invitations via Postmark to the email addresses you provide. These invitations contain event details (date, time, location, description) and the names of other attendees. You control who receives these invitations.

6.3 No Sale of Personal Data

We do not sell, rent, or trade your personal information to third parties for marketing or advertising purposes.

6.4 Legal Requirements

We may disclose your information if required to do so by law, or in the good faith belief that such action is necessary to:

  • Comply with a legal obligation or valid legal process
  • Protect and defend the rights or property of Tekhnelysi LLC
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of users or the public

7. Calendar Event Invitations

ApprUmp allows you to send calendar event invitations and notifications to professionals, companies, and other contacts in your directory. When you send an invitation:

  • The recipient receives an email with event details (date, time, location, description) and an iCal attachment
  • Recipients designated as "attendees" receive RSVP-enabled invitations
  • Recipients designated as "notify" receive informational notifications without RSVP
  • You can customize invitation templates with merge fields from your appraisal and contact data
  • Recipients can unsubscribe or request removal by contacting you or us directly

8. Cookies

ApprUmp uses the following cookies:

  • Session cookie: Required for authentication. Contains an encrypted session identifier. Expires when you close your browser or after inactivity.
  • "Remember me" cookie: Optional persistent cookie for staying logged in across browser sessions.
  • Preference cookies: Store your UI preferences (e.g., dashboard day-range selection, dark mode toggle). These are first-party cookies and do not track you across sites.

We do not use third-party tracking cookies, advertising cookies, or analytics cookies.

9. Your Rights and Choices

9.1 Access Your Data

You can access all data you've entered into ApprUmp through the application interface at any time. This includes appraisals, contacts, files, invoices, calendar events, and activity logs.

9.2 Update Your Data

You can update your account information, professional profile, and all case data through the application at any time.

9.3 Export Your Data

You can export your data using the following built-in features:

  • Download uploaded files individually or in bulk
  • Export invoices as PDF or Excel files
  • Download generated documents (DOA/SOU, Awards, Retainer letters) as PDF or DOCX
  • Subscribe to your calendar feed via iCal URL

For a complete export of all your data, contact us at privacy@tekhnelysi.com.

9.4 Delete Your Data

You can delete individual records (appraisals, contacts, files, invoices, etc.) through the application. To request complete deletion of your account and all associated data, contact us at privacy@tekhnelysi.com. We will process deletion requests within 30 days.

9.5 Opt Out of AI Processing

AI processing of emails is automatic when you forward emails to your ApprUmp inbound address. If you prefer not to use AI extraction, simply do not forward emails to ApprUmp, or ignore the AI-suggested events and fields. You may also contact us to disable AI processing for your account.

10. Data Retention

10.1 Active Accounts

We retain your data for as long as your account is active and you continue to use the Service.

10.2 Inactive Accounts

If your account is inactive for 12 consecutive months, we may send a notification to your registered email address. If no response is received within 30 days, we reserve the right to delete the account and associated data.

10.3 After Account Deletion

When your account is deleted (either by your request or due to inactivity):

  • Your personal data and case records are permanently deleted from our database within 30 days
  • Your files are permanently deleted from cloud storage within 30 days
  • Backups containing your data are overwritten within 90 days through normal backup rotation

10.4 Legal Holds

We may retain data beyond the normal retention period if required by law, legal proceedings, or regulatory requirements.

11. Children's Privacy

ApprUmp is not intended for use by anyone under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child under 18, we will take steps to delete that information promptly.

12. State-Specific Privacy Rights

12.1 California Residents (CCPA/CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect and how it is used
  • Request deletion of your personal information
  • Opt out of the sale or sharing of personal information (we do not sell your data)
  • Non-discrimination for exercising your privacy rights

To exercise these rights, contact us at privacy@tekhnelysi.com.

12.2 Other States

Residents of Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws may have similar rights. We will honor all valid privacy requests regardless of your state of residence. Contact us at the email above to exercise your rights.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make material changes, we will:

  • Update the "Last Updated" date at the top of this page
  • Notify you via email or a prominent notice within the Service
  • Give you the opportunity to review the changes before they take effect

Your continued use of ApprUmp after changes are posted constitutes acceptance of the updated Privacy Policy.

14. Contact Information

If you have questions about this Privacy Policy or our data practices, please contact us:

Tekhnelysi LLC

For privacy questions: privacy@tekhnelysi.com

For legal inquiries: legal@tekhnelysi.com