1. Introduction

POP Holdings LLC and its affiliate entities ("POP," "we," "us," or "our") are committed to protecting your privacy and personal data. This Privacy Policy outlines how we collect, use, disclose, and protect your information when you use our insurance and technology services, including Software-as-a-Service ("SaaS") solutions through our POP Tech Platform.

2. Definitions

This Policy incorporates defined terms from our client agreements. In particular:

• API: Application Programming Interface or other functional integration tool.

• Applicable Law: All U.S. federal, Puerto Rico Commonwealth, or municipal laws, including but not limited to the Puerto Rico Insurance Code.

• Confidential Information: As defined under Article 6 of applicable service agreements.

• Data Security Measures: Safeguards for securing systems and data.

• Effective Date: As defined in the underlying client agreement.

• Integration Facility: Mechanisms like API or SFTP used to exchange data.

• Integration Process: Processes enabling data exchange between Subscriber systems and the POP Tech Platform.

• Personally Identifiable Information (PII): Data identifying an individual, such as name, address, government ID, financial or medical info, login credentials, etc.

• Policies or Products: Insurance offerings listed in your agreement (e.g., Schedule A).

• Platform: The POP Tech Platform for quoting, marketing, and managing insurance policies.

• Operational Territory: Any jurisdiction where POP provides services.

3. Data Types & Classification

• Company Data: Data provided to us by our clients (Client Partners). This remains the property of the Client Partner.

• Personal Data: Any data that relates to an identified or identifiable natural person.

• Sensitive Data: Includes data on health, biometrics, racial or ethnic origin, etc., processed only when necessary and with appropriate safeguards.

4. Legal Bases for Processing

POP processes personal data under the following bases:

• Contractual necessity

• Compliance with legal obligations

• Legitimate interests (balanced with data subject rights)

• Explicit consent (when legally required)

5. Data Uses

We process data to:

• Enable the use of our Platform to quote, bind, and deliver insurance policies

• Support integration with Subscriber systems

• Improve and enhance service functionality

• Ensure compliance with laws (e.g., AML, data privacy)

• Communicate with users (with consent, if required)

6. API & Integration

Use of APIs and SFTP in Integration Processes is governed by applicable agreements. Use is restricted to authorized purposes only. We do not authorize API use independent of our Platform.

7. Data Subject Rights

Depending on the jurisdiction, individuals may have rights to:

• Access, correct, delete, restrict, or port their personal data

• Object to processing

• Withdraw consent (where applicable) Requests can be submitted to contact@cuvroinsurance.com.

8. Data Security

POP maintains strong Data Security Measures, including:

• Encryption in transit and at rest

• Authentication and access controls

• Secure software development lifecycle

• Regular audits and penetration testing

9. Confidentiality

POP and its service providers are bound by confidentiality obligations outlined in our agreements. Unauthorized disclosure or use of Confidential Information is prohibited and may be subject to injunctive relief.

10. Cookies and Tracking

Cookies may be used to:

• Improve website performance

• Understand user interaction

• Support secure sessions Marketing cookies will only be used with consent where required by law.

11. Cross-Border Transfers

We transfer personal data across jurisdictions only under recognized safeguards such as:

• Adequacy decisions

• Standard Contractual Clauses (SCCs)

• Industry frameworks compliant with Applicable Law

12. Marketing and Branding

Use of Subscriber Marks for marketing purposes is subject to prior written consent and outlined in your agreement (e.g., Schedule C).

13. Policy Ownership & Claims

POP Technologies does not have underwriting or claims authority. These remain the responsibility of Subscriber and/or the licensed insurance carrier.

14. Data Breaches

In case of a Data Breach:

• We will notify affected parties immediately

• Cooperate to meet legal obligations

• Bear related costs if caused by our actions

15. Term & Termination

Privacy obligations survive termination of any agreement. Any retained data will continue to be protected under this policy.

16. Governing Law

This Privacy Policy is governed by the laws of the Commonwealth of Puerto Rico, without prejudice to local data protection rights in any Operational Territory.

17. Contact Information

Email: contact@cuvroinsurance.com

18. Intellectual Property Rights

All intellectual property rights related to the POP Tech Platform, APIs, Integration Facilities, and other materials provided by POP remain the exclusive property of POP Holdings LLC or its affiliates. No license or right is granted to use such property except as expressly permitted in our agreements.

19. Data Retention

We retain personal data only for as long as necessary to fulfill the purposes outlined in this policy, comply with applicable legal, regulatory, or contractual obligations, resolve disputes, or enforce agreements. After the retention period, data is securely deleted or anonymized.

20. Limitation of Liability

To the fullest extent permitted by law, POP shall not be liable for any indirect, incidental, or consequential damages arising from the use of our services. You agree to indemnify POP against claims resulting from your misuse of our services or violations of this Privacy Policy.

21. Children’s Privacy

Our services are not intended for individuals under the age of 16. We do not knowingly collect personal data from children without verified parental consent. If we become aware of such data, we will promptly delete it unless required by law to retain it.

Last updated: April 22, 2025