Privacy Policy — KonnectSP

1. Introduction

KonnectSP, LLC (“KonnectSP,” “we,” “our,” or “us”) provides a technology platform purpose-built for the structured planning industry, enabling financial professionals, insurance carriers, and settlement planning organizations to manage sensitive case data, process annuity applications, extract document variables, validate policies, and conduct document-based queries.

We understand that the nature of structured settlement planning involves highly confidential personal information, including medical records, financial data, and legal case details. This Privacy Policy describes in detail the categories of information we collect, the purposes for which we use it, how we safeguard it, and the rights and choices available to you regarding your data.

This Policy applies to all users of the KonnectSP platform, website (konnectsp.com), and related services (collectively, the “Services”). By accessing or using our Services, you acknowledge that you have read and understood this Privacy Policy.

2. Our Data Philosophy

KonnectSP is built on a zero data sharing foundation. We believe that trust is the cornerstone of our relationship with customers, especially given the sensitive nature of structured settlement, annuity, and insurance planning data. Our core commitments include:

No Shared Model Training: We do not use customer-uploaded case or document data to train, fine-tune, or improve shared artificial intelligence or machine learning models.
No Data Monetization: We never sell, rent, license, or otherwise commercially exploit customer data to any third party for marketing, advertising, analytics, or any purpose unrelated to delivering our Services.
Customer Data Ownership: You retain full ownership of all case data, documents, and content you upload to KonnectSP. We act solely as a data processor on your behalf.
Purpose Limitation: Customer data is processed exclusively to fulfill the specific features and services you have requested.

3. Information We Collect

3.1 Information You Provide Directly

Account registration information: full name, email address, organization or company name, job title, and professional credentials
Billing and payment information: payment method details, billing address, and transaction history (processed through PCI-compliant payment processors)
Communications: inquiries, support requests, and correspondence you send to us
Preferences and settings: notification preferences, platform configuration, and feature selections

3.2 Case and Document Data

As a platform serving the structured planning industry, KonnectSP processes highly sensitive data that you upload, including but not limited to:

Structured settlement case files and related legal documents
Annuity application forms, proposals, and policy documents
Medical records, life care plans, and diagnostic reports
Financial statements, tax records, and asset disclosures
Court orders, settlement agreements, and qualified assignment documents
Personally identifiable information (PII) of claimants, beneficiaries, and other parties

Important: Case and document data may contain Protected Health Information (PHI) as defined under HIPAA, financial information subject to Gramm-Leach-Bliley Act (GLBA) protections, and other categories of sensitive personal information. KonnectSP treats all uploaded case data with the highest level of confidentiality regardless of classification.

3.3 Automatically Collected Information

Device and browser information: device type, operating system, browser type and version, screen resolution
Usage data: features accessed, pages viewed, session duration, and interaction patterns
Log data: IP addresses, timestamps, request metadata, API call logs, and error logs
Cookies and similar technologies: session identifiers, authentication tokens, and analytics data (see Section 9)

4. How We Use Information

4.1 Service Delivery

We use the information we collect for the following service-related purposes:

Processing and extracting variables from uploaded documents
Generating, validating, and managing annuity applications and policy documents
Providing document query and search functionality
Authenticating users and managing account access
Processing billing transactions and managing subscriptions

4.2 Platform Operations and Improvement

Maintaining, monitoring, and securing the platform infrastructure
Diagnosing technical issues, debugging errors, and performing system maintenance
Analyzing aggregated, de-identified usage patterns to improve platform performance and user experience
Developing new features and capabilities based on anonymized usage trends

4.3 Communications

Sending transactional notifications (account verification, password resets, security alerts)
Providing customer support and responding to inquiries
Delivering product updates, maintenance notices, and policy changes
Sending optional marketing communications (with your consent and easy opt-out)

4.4 Legal and Compliance

Complying with applicable laws, regulations, and legal processes
Enforcing our Terms of Service and other contractual obligations
Protecting the rights, safety, and property of KonnectSP, our customers, and third parties
Detecting, investigating, and preventing fraud, abuse, or security incidents

5. Data Sharing and Disclosure

KonnectSP does not sell or share customer data with third parties for marketing, advertising, or any commercial purpose unrelated to delivering our Services. We may share information only in the following limited circumstances:

5.1 Authorized Subprocessors

We engage a limited number of trusted subprocessors to deliver core infrastructure and platform services. All subprocessors are bound by written data processing agreements (DPAs) that require them to:

Process data only as instructed by KonnectSP
Maintain security measures at least as rigorous as our own
Promptly notify us of any data breach or security incident
Delete or return all customer data upon termination of the relationship

A current list of our subprocessors is available upon request by contacting privacy@konnectsp.com.

5.2 Legal Obligations

We may disclose information if required to do so by law, regulation, court order, subpoena, or other governmental authority, or when we reasonably believe disclosure is necessary to protect our legal rights, the safety of our users, or the public interest.

5.3 Business Transfers

In the event of a merger, acquisition, reorganization, bankruptcy, or sale of all or a portion of our assets, customer data may be transferred as part of that transaction. We will provide notice before any such transfer and ensure that the receiving entity is bound by equivalent data protection obligations.

5.4 With Your Consent

We may share information with third parties when you have provided explicit, informed consent for such sharing.

6. Data Security

Given the highly sensitive nature of structured planning data, KonnectSP maintains a comprehensive, defense-in-depth security program. Our security measures include:

6.1 Encryption

Data in transit: all communications are encrypted using TLS 1.3
Data at rest: all stored data is encrypted using AES-256 encryption
Key management: encryption keys are stored in FIPS 140-2 validated hardware security modules (HSMs) and are never exposed in plaintext, with automatic rotation enforced by policy

6.2 Access Controls

Role-based access controls (RBAC) enforcing the principle of least privilege
Multi-factor authentication (MFA) required for all administrative access
Unique user accounts with strong password policies
Session management with automatic timeout and re-authentication

6.3 Infrastructure Security

SOC 2 Type II ready environment with continuous monitoring
Multi-region failover and disaster recovery capabilities
Regular vulnerability assessments and penetration testing
Web application firewall (WAF) and intrusion detection systems
Comprehensive audit logging of all system access and data operations

6.4 Organizational Controls

Background checks for all employees with access to customer data
Mandatory security awareness training and confidentiality agreements
Documented incident response plan with defined escalation procedures
Regular internal and external security audits

7. Data Retention

KonnectSP retains your information only for as long as necessary to fulfill the purposes described in this Privacy Policy, or as required by law. Our retention practices are as follows:

Data Category	Retention Period
Account information	Duration of active account plus 30 days after deletion request
Case and document data	As directed by the customer; available for export or deletion on demand
Billing and transaction records	As required by applicable tax and financial regulations (typically 7 years)
Usage and log data	Up to 24 months, then aggregated or deleted
Support communications	Duration of account plus 12 months

When data is no longer required, it is securely deleted or irreversibly anonymized using industry-standard methods.

8. Your Rights and Choices

KonnectSP respects your ability to control your personal data. Depending on your jurisdiction, you may have the following rights:

Right of Access: Request a copy of the personal data we hold about you.
Right to Rectification: Request correction of inaccurate or incomplete personal data.
Right to Deletion: Request deletion of your personal data, subject to legal and contractual retention requirements.
Right to Data Portability: Request your data in a structured, commonly used, machine-readable format.
Right to Restrict Processing: Request that we limit how we process your data under certain circumstances.
Right to Object: Object to processing based on legitimate interests or for direct marketing purposes.
Right to Withdraw Consent: Where processing is based on consent, you may withdraw that consent at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at privacy@konnectsp.com. We will respond to verified requests within 30 days (or such shorter period as required by applicable law). We may ask for additional verification to protect against unauthorized requests.

9. Cookies and Tracking Technologies

KonnectSP uses cookies and similar technologies for the following purposes:

Strictly Necessary Cookies: Required for platform operation, authentication, and security. These cannot be disabled.
Functional Cookies: Enable personalized features, saved preferences, and enhanced functionality.

KonnectSP does not use analytics cookies or any third-party tracking technologies that share data with external advertisers or analytics providers.

You may manage cookie preferences through your browser settings. Disabling certain cookies may affect the functionality of our Services.

10. International Data Transfers

KonnectSP primarily processes and stores data within the United States. If data is transferred to jurisdictions outside your country of residence, we ensure that appropriate safeguards are in place, including:

Standard contractual clauses approved by relevant regulatory authorities
Data processing agreements with all recipients requiring equivalent levels of protection
Compliance with applicable cross-border data transfer frameworks

11. Children’s Privacy

KonnectSP Services are designed for use by licensed professionals and business organizations in the structured planning industry. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that we have inadvertently collected such information, we will promptly delete it.

12. Third-Party Links and Integrations

Our Services may contain links to third-party websites or integrate with third-party services. This Privacy Policy does not apply to those third-party services, and we are not responsible for their privacy practices. We encourage you to review the privacy policies of any third-party services before providing them with your information.

13. Industry-Specific Compliance

KonnectSP is committed to supporting our customers’ compliance obligations within the structured planning and insurance industries. Our platform and data handling practices are designed to align with:

HIPAA: Where applicable, KonnectSP can enter into Business Associate Agreements (BAAs) with customers who process Protected Health Information through our platform.
GLBA: Our security controls and data handling practices support compliance with the Gramm-Leach-Bliley Act safeguards for financial information.
State Insurance Regulations: Our platform supports compliance with data protection requirements established by state insurance regulatory authorities.
SOC 2 Type II: Our environment is SOC 2 Type II ready, demonstrating our commitment to the highest standards of security, availability, and confidentiality.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

Post the updated policy on our website with a revised effective date
Notify registered users via email or in-platform notification at least 30 days prior to the changes taking effect
Obtain renewed consent where required by applicable law

Your continued use of the Services after the effective date of a revised policy constitutes acceptance of those changes.

15. Contact Information

If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:

Konnect SP LLC

Privacy Team

Email: privacy@konnectsp.com

End of Privacy Policy