Trellis Connect End User Privacy Policy

Effective Date: December 1, 2021

This Privacy Policy covers Trellis Technologies, Inc. (“Trellis,” “we,” “us,” “our”) policies on the collection, use, and disclosure of personally identifiable information and/or personal information, as defined by applicable law (collectively “Personal Information”) when end users optionally provide consent to the collection and disclosure of Personal Information in connection with the Trellis Connect API  (collectively the “Services”).

Section 8.A is intended to provide the Notice of Collection required under the California Consumer Privacy Act.

 
A quick note about Trellis

Our customers (we’ll call them “Developers” here) integrate the Trellis Connect API to enable you (the “End User”) to consent to the collection and disclosure of insurance data, including Personal Information, that we’ve translated and standardized, so that the Developers can provide their services to you.

Please note that this Privacy Policy covers only Trellis’ collection, use and disclosure practices. Please review the privacy policies of applicable Developers for information about the use and disclosure of Personal Information received with your consent.

 

1. Personal Information Collected by Trellis

Information Provided by End User. When you connect your insurance accounts with a Developer software application or otherwise connect your insurance accounts through the Trellis Connect API, we collect login information required by the provider of your account, such as your username and password, answers to challenge questions, or a security token. When providing this information, you give the Developer and Trellis the authority to act on your behalf to access and transmit your information from the relevant insurance provider to the Developer.

Information Collected From Your Insurance Provider. The information we receive from the insurance providers that maintain your insurance accounts varies depending on the information made available by those providers. But, in general, we collect the following types of information from your insurance provider, including your:

  • Name, address, phone number, email address;
  • Social security number, driver’s license, date of birth, marital status;
  • Vehicle information;
  • Medical and financial information;
  • Insurance coverages, limits and rates, and payment and claims history (including billing transaction amount, date, type, quantity, price, and a description of the transaction)
Information from Developers. We may also receive information about you directly from the relevant Developer. For example, Developers may provide information about which insurance provider you use, or what information they expect to receive from an insurance provider.
 
Device Information.  Our technology is generally embedded in Developers’ software applications. When you use your device to connect to our Services through a Developer software application, we receive information about that device, including IP address, hardware model, operating system, and other technical information about the device. A user’s IP address is identified and logged automatically in our server log files whenever you visit, along with the time of the visit and the page(s) that were visited, and the actions taken on those pages. Trellis uses IP addresses for calculating usage levels of the Services, helping diagnose server problems, and administering the Services.
 
Cookies. Cookies are files with a small amount of data, which may include an anonymous unique identifier.  Cookies are sent to your browser from a website and transferred to your device. The Services use essential cookies which are strictly necessary for our Services to operate properly.  You can set your browser to remove or reject cookies; however Services may not work properly without cookies.
 
 
See Section 2- Analytics which describes your options to control or limit Trellis’ use of analytics-based cookies.
 
 

2. Personal Information Received by Trellis or Disclosed or Shared by Trellis

Personal Information is collected to:

Share with Developers with Your Consent. By connecting Trellis with your insurance provider, you are requesting and authorizing Trellis to disclose Personal Information within your insurance policy, as well as related terms and rates, to Developers to use, process and disclose in accordance with their notices provided at the time of collection.

Provide Trellis Services.  Personal Information is collected to facilitate provision of the Services to:

  • Provide, operate, maintain, and improve the Services;
  • Respond to inquiries regarding the Services;
  • Provide customer support and feedback;
  • Develop new services;
  • Detect, prevent, and investigate security incidents that compromise the availability, authenticity, integrity or confidentiality of stored or transmitted Personal Information;
  • Protect against malicious, deceptive, fraudulent or illegal activity directed at Trellis;
  • Debug to identify and repair errors that impair existing intended functionality;
  • Analyze data to assess, understand and improve the Services and personalize user experiences, including creation of anonymized aggregated, statistical and benchmark data. Aggregated data is utilized to help develop and market products or services and present targeted content and advertising;
  • Enable functionality of the Services to authenticate a user, prevent fraud, and implement security measures;
  • Undertake activities to verify or maintain the quality of a service or product that is developed or provided, and to improve, upgrade, or enhance any service or product that is developed or provided by Trellis.

Share with Service Providers.  Trellis has engaged with service providers to provide and maintain the Services and operate our business, including without limitation, database management hosting, information technology services, email delivery, customer support, analytics, data security and compliance services necessary to provide the Services. For each service provider, Trellis will have in place written contracts that describes the purpose of the service and disclosure of Personal Information and requires the service provider to not use Personal Information for any purpose except performing the services pursuant to such contract.

Analytics: Trellis uses the following analytics services:
  
  • Google Analytics. Trellis utilizes Google Analytics for data analytics to generate insights and recommendations. End Users can manage ad settings on Google Advertising Opt-Out and revisit their privacy preferences on Google’s Privacy Checkup tool. 
  • Amplitude. Amplitude collects data and information regarding the behavior and usage patterns of End Users of the Services. If you wish to opt out of sharing, you may adjust your cookie preferences settings.
  • FullStory. FullStory records user sessions on their website, enabling meaningful insight into a users’ experience, as an effective way to identify usability problems and other areas for improvement. For more information on the privacy policy of this service, please see:  FullStory Privacy Policy and its Acceptable Use Policy.  If you wish to prevent all websites using the FullStory Services to be able to record activity, you can  opt-out of the FullStory Services. Opting out will create a cookie that tells FullStory to turn off recording on any site which uses the FullStory Services. The presence of this cookie is required to continue opting out, so if you clear your browser cookies, you will have to opt-out again.
  • Datadog. Trellis utilizes Datadog, a SaaS based monitoring and analytics platform to obtain analytics, service application and infrastructure logs. Please see the  Datadog Privacy Policy and DataDog Cookie Policy for  additional information regarding your cookie preferences.
  • Sentry. Sentry provides real-time error-tracking to help improve our Services.  Please see Sentry Privacy Policy.
Compliance and Protection. Personal Information may be disclosed to serve our legitimate business interests as follows: (a) as required by law, such as to comply with a subpoena, or similar legal process, (b) if Trellis is involved in a merger, acquisition, or sale of all or a portion of its assets, (c) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (d) enforce our agreements with you, and/or (e) investigate and defend ourselves against any third-party claims or allegations. We will use commercially reasonable efforts to notify you about law enforcement or court ordered requests for data unless otherwise prohibited by law.
 
 

3. Personal Information of Minors

Trellis does not knowingly collect Personal Information from anyone under the age of 16. If we learn we have collected or received Personal Information from anyone under the age of 16 without verification of parental consent, we will delete that information. If a parent or guardian becomes aware that his or her child under the age of 16 has provided Trellis with Personal Information without their consent, he or she should contact Trellis at legal-notices@trellisconnect.com. Trellis will delete such Personal Information from our files within a commercially reasonable time, but no later than required under the applicable law.
 
 

4. Retention and Deletion of Personal Information; De-Identified Data

Unless erasure is otherwise requested under applicable law or as otherwise stated in this Privacy Policy, Trellis will retain account data as long as it is necessary to provide its Services to Developers or until an End User exercises the right to opt-out of further disclosures to Developers. Anonymized and pseudo-anonymized data will be retained as long as Trellis determines such data is commercially necessary for its legitimate business interests. To the extent Trellis de-identifies any Personal Information, Trellis shall maintain and use such de-identified data without attempting to re-identify the data.
 
 

5. Trellis’s Security Practices

We have implemented reasonable administrative, technical and physical security measures to protect Personal Information against unauthorized access, destruction or alteration. However, although we endeavor to provide reasonable security for Personal Information we process and store, no security system can ever be 100% secure.
 
 
6. RESPONSE TO “DO NOT TRACK” SIGNALS
“Do Not Track” is a feature enabled on some browsers that sends a signal to request that a website disable its tracking or cross-website user tracking. 
 
Trellis shall treat any user-enabled Global Privacy Control, such as a browser plug-in or privacy setting, device setting, or other mechanism, that communicates or signals the consumer’s choice to opt-out of the sale of their Personal Information as a valid opt-out request submitted under applicable law (including, but not limited to, the CCPA as defined in Section 8) for that browser or device, or, if known, for the consumer.
 
 
7. Changes to this Privacy Policy
If we make material changes to our Privacy Policy, we will notify you by changing the last updated date within this Privacy Policy.
 
 
8. Supplemental U.S. State-Specific Notices
This supplemental notice sets forth the disclosures and rights applicable to residents of California, Colorado, Virginia, Connecticut, and Utah pursuant to the California Consumer Privacy Act of 2018, Civil Code sections 1798.100 et seq (“CCPA”), the Colorado Privacy Act and its implementing regulations (“CPA”); the Utah Consumer Privacy Act (“UCPA”); and the Virginia Consumer Data Protection Act of 2021, as amended, VA Code Title 59.1 a chapter numbered 52, consisting of sections numbered 59.1-571 through 59.1-581 (“VCDPA”).  Such consumer privacy notices and rights shall also apply to other state residents to the extent other state consumer privacy laws are implemented following the last effective update to this Privacy Policy.
 
A. Notice of Collection: Trellis collects, uses and discloses, and in the last preceding 12 months has collected, used and or disclosed,  Personal Information as follows:
 
Categories of Personal Information:
  • Identifiers, such as a name, postal address, unique personal identifiers, email address, account username and password, telephone number, insurance policy number, account name, social security number, gender, driver’s license number, and other similar identifiers;
  • Driving and claims history, including information about any prior accidents or insurance claims contained in your insurance policy file;
  • Vehicle information, such as a vehicle identification number (VIN), vehicle details, including any customizations, and vehicle photos, contained in your insurance policy file;
  • Professional and Employment related information contained in your insurance policy file;
  • Financial identifiers, such as a bank account number, credit card number, debit card number, or other financial information contained in your insurance policy file;
  • Medical information contained within your insurance policy file;
  • Commercial information about consumer transactions and experiences with us and others, such as payment history, claims, coverage and vehicle changes, contained in your insurance policy file;
  • Usage and device information, online identifier(s), Internet Protocol address, search history;
  • Geolocation data.
Sources of Collection: Trellis collects each of the above categories either directly from End Users, from Developers with whom you have a relationship, or from insurance providers with your consent.
 
Purpose of Collection and Disclosure: Trellis collects each of the above categories of information for purposes of:
  • Performing services;
  • Auditing related to a current interaction with you and concurrent transactions, including, but not limited to, counting ad impressions to unique visitors, verifying positioning and quality of ad impressions, and auditing compliance;
  • To assess and improve our product and service offerings, including the development of new products and services;
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
 Categories and Purposes of Disclosure: Trellis discloses the above categories of Personal Information to: 
  • Service providers that assist us in providing Services;
  • Service providers involved in our verification, data-processing, risk-assessment, security and anti-fraud efforts;
  • Developers with your consent;
  • Governmental and law enforcement authorities to serve our legitimate business interests as follows: (a) as required by law, such as to comply with a subpoena, or similar legal process, (b) to investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies as required by law; (c) enforce our agreements with you, and/or (d) investigate and defend ourselves against any third-party claims or allegations.
Trellis does not retain a consumer’s Personal Information for longer than is reasonably necessary for each disclosed purpose.
 
B. Sale of Personal Information; Sharing of Personal Information; Right to Opt-Out 
Trellis does not share Personal Information with third parties for cross-context behavioral advertising purposes or with third parties who are not our service providers or contractors (as those terms are defined by applicable laws).
 
Trellis does not sell your Personal Information.
 
To discontinue the disclosure of your Personal Information to Developers, End Users can click  on the Do Not Sell My Personal Information link located at https://trellisconnect.com. End Users can also submit a request to opt-out by emailing us at legal-notices@trellisconnect.com with the subject line “Do Not Sell or Share.”
 
C. Collection of Sensitive Information
Trellis does not collect Sensitive Information for purposes other than for purposes permitted under the CCPA.
 
D. Consumer Rights. Consumers may contact Trellis to exercise the following consumer rights:
 

 1. Request Trellis Disclose at No Charge (“Right to Know”):

    • Specific pieces of Personal Information it has collected about you;
    • categories of Personal Information collected, used, and/or disclosed about you;
    • categories of sources from which Personal Information is collected;
    • business and/or commercial purposes for collecting and disclosing your Personal Information;
    • categories of third parties with whom your Personal Information has been disclosed/shared

Right to Know Requests can be submitted to Trellis by email at legal-notices@trellisconnect.com.

2. Request Trellis to Delete at No Charge (“Right to Delete”):
Deletion Requests can be submitted to Trellis be email at legal-notices@trellisconnect.com  or by mail to Trellis at:  Trellis, Inc., Attention: Privacy Request to Delete, 2093 Philadelphia Pike #7288, Claymont DE 19703. 

E. Request Trellis Correct at No Charge (“Right to Correct”): 
Requests that Trellis correct any inaccurate Personal Information collected by Trellis can be submitted by email to legal-notices@trellisconnect.com.
 
F. Verified Request Process
Trellis will verify all consumer requests prior to taking any action in response to any such request.  For consumers that maintain an account with Trellis, it may verify the identity of the consumer making the request by either matching information with the account information on file or through existing account authentication credentials.  
 
Under applicable state law, you may exercise these rights yourself or you may designate an authorized agent to make these requests on your behalf.  Authorized agents must demonstrate they have written authorization from you to make requests on your behalf. Trellis may additionally require the consumer to confirm their identity and verify the authorized agent’s permission before complying with any request.
  
G. Consumer Request Limitations
Please note that these rights are not absolute and in certain cases are subject to conditions or limitations as specified in the applicable laws, including, but not limited to: 
 
  • Trellis is obligated to disclose/delete only upon a verifiable Consumer request from the consumer or an authorized agent acting on behalf of Consumer.
  • In certain states, consumers may only make a Personal Information request twice in a 12-month period.
  • Deletion is not required if it is necessary for Trellis to maintain the Personal Information to fulfill applicable permissible purposes enumerated pursuant to applicable privacy laws.
Trellis will confirm and respond to all requests within the timeframe required under applicable state law.  In responding to any request to disclose/delete, Trellis shall maintain a record of the requests as required under applicable state law. 
  
H. Non-Discrimination Policy
You have the right not to receive discriminatory treatment for exercising any rights conferred by the CCPA and VCDPA. Trellis shall not discriminate against a consumer for exercising any statutory consumer privacy rights, including, but not limited to, (a) denying goods or services, (b) charging different prices or rates (including discounts/penalties) that is not directly related to the value provided to Trellis for the Personal Information, (c) suggesting Consumer will receive a different rate/price or different level of quality of goods/services, or (d) providing a different level of quality of goods/ services. 
 
Employees, applicants and independent contractors have the right not to be retaliated against for the exercise of their CCPA rights.
  
I. Your Virginia Privacy Rights under VCDPA
If Trellis is unable to process requests relating to your Personal Information and denies your request, Virginia residents have the right to appeal by emailing Trellis at legal-notices@trellisconnect.com. Trellis will respond to your appeal request within 60 days of receiving the request to appeal. 
  
J. Your California Privacy Rights under California Civil Code Section 1798.83 & Business and Professions Code Section 22581
California law permits Consumers to request and obtain from Trellis once a year, free of charge, certain information about their Personally Identifiable Information (“PII”) (as defined by California law) disclosed to third parties for direct marketing purposes in the preceding calendar year (if any). If applicable, this information would include a list of the categories of PII that was shared and the names and addresses of all third parties with which we shared information in the immediately preceding calendar year. 
  
In addition, a business subject to California Business and Professions Code Section 22581 must allow California residents under age 18 who are registered users of online sites, services or applications to request and obtain removal of content or information they have publicly posted. Your request should include a detailed description of the specific content or information to be removed. Please be aware that your request does not guarantee complete or comprehensive removal of content or information posted online and that the law may not permit or require removal in certain circumstances.
 
K. Accessibility of this Policy
You can download and print a copy of this Notice as a separate document.
 
 
9. Contact Us
If you have any questions regarding your Personal Information or about our privacy practices, please contact us at: Trellis, Inc., Attention: Privacy Department, 2093 Philadelphia Pike #7288, Claymont DE 19703 or by email at:  legal-notices@trellisconnect.com.
 
 

This Privacy Policy was last updated on June 30, 2023

Trellis logo
JOIN TRELLIS