Effective Date: March 14, 2026
RenewalCompass is a renewal management platform operated by Regency Software LLC, a Michigan limited liability company ("we," "us," "our"), accessible at renewalcompass.com and app.renewalcompass.com. This Privacy Policy describes how we collect, use, disclose, and protect information when you use our services.
If you have questions about this policy, contact us at hello@renewalcompass.com.
We collect information in the following categories:
Account Information. When you register for RenewalCompass, we collect your name, work email address, and password (stored as a BCrypt hash -- we never store plaintext passwords). If you are invited by an agency administrator, your email is collected at the time of invitation.
Agency and Business Data. When your agency uses RenewalCompass, you and your team enter business data including client names, contact details, policy information, carrier records, renewal actions, and notes. This data belongs to your agency and is stored on our infrastructure on your behalf.
Usage Information. We collect standard server logs including IP addresses, browser type, pages visited, and timestamps. This information is used for security monitoring and product improvement.
Payment Information. Billing and payment card details are collected and processed by our payment processor (Stripe). We do not store full card numbers on our servers. We retain records of subscription status and billing history.
Communications. If you contact us by email or through our contact form, we retain those communications to respond to you and improve our support.
We use the information we collect to:
We do not use your data for advertising. We do not sell your data to third parties. We do not use your client data to train machine learning models.
Certain sensitive client fields -- specifically client phone numbers, street address line 1, and street address line 2 -- are encrypted at rest using AES-256 encryption before being written to the database. The encryption key is stored as an environment variable on the server and is never committed to source control or exposed in any database export.
Passwords are hashed with BCrypt and are never stored or transmitted in plaintext.
All data in transit is protected by TLS/HTTPS. We do not serve any portion of the application over unencrypted HTTP.
We share your data only in the following limited circumstances:
Service Providers. We use a small number of third-party providers to operate the platform, including our payment processor (Stripe) and our transactional email provider (Brevo). These providers are contractually bound to process your data only as directed by us and may not use it for their own purposes.
Legal Requirements. We may disclose your information if required to do so by law, court order, or government request, or when we believe disclosure is necessary to protect our rights, protect your safety, or investigate fraud.
Business Transfers. If Regency Software LLC or the RenewalCompass product is acquired, merged, or sells its assets, your data may be transferred as part of that transaction. We will notify you via email or a prominent notice on our website before your data becomes subject to a different privacy policy.
We do not share, sell, or rent your data to advertisers, data brokers, or any third party for marketing purposes.
We retain your account data for as long as your subscription is active or as needed to provide you the service. If you cancel your subscription, we retain your data for 90 days to allow for reactivation. After 90 days, your data may be purged from our systems.
Deleted records within the platform (clients, policies, etc.) are soft-deleted -- they are marked inactive but retained in the database for audit purposes. You may contact us to request a full data export or complete deletion of your agency's data.
You have the right to:
To exercise any of these rights, email us at hello@renewalcompass.com. We will respond within 30 days.
RenewalCompass uses a small number of cookies and browser storage mechanisms:
HttpOnly Refresh Token Cookie. Upon login, we set a secure, HttpOnly cookie containing your refresh token. This cookie is scoped to the /api/auth path and is not accessible to JavaScript. It is used exclusively to obtain new access tokens without requiring you to log in again.
Analytics. We use Google Analytics (GA4) on our marketing website (renewalcompass.com) to understand page traffic. This uses Google's standard analytics cookie. The application at app.renewalcompass.com does not include marketing analytics.
We do not use advertising cookies, tracking pixels, or third-party behavioral targeting of any kind.
We take reasonable technical and organizational measures to protect your data against unauthorized access, alteration, disclosure, or destruction. These measures include AES-256 field encryption, BCrypt password hashing, HTTPS-only connections, short-lived JWT access tokens (15-minute expiration), HttpOnly refresh token cookies, and agency-level data isolation enforced at the database query layer on every operation.
No method of electronic transmission or storage is 100% secure. While we strive to use commercially acceptable means to protect your data, we cannot guarantee absolute security. If we become aware of a security breach affecting your data, we will notify you as required by applicable law.
We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page. For material changes, we will notify active subscribers by email. Your continued use of RenewalCompass after the effective date of any changes constitutes your acceptance of the updated policy.
If you have questions or concerns about this Privacy Policy or our data practices, contact us at:
Regency Software LLC (dba RenewalCompass)
hello@renewalcompass.com