Legal

Privacy Policy

Last updated: March 31, 2026

Overview

CommissionIQ ("we," "our," or "us") is operated by Magpie Labs. This policy explains how we collect, use, and protect information when you use our commission reconciliation platform.

Information We Collect

Account Information

When you create an account, we collect your email address and password (stored as a secure hash). We do not collect names, phone numbers, or physical addresses during registration.

Commission Data

When you upload carrier statements or import policy records, we store the parsed data (carrier names, policy numbers, insured names, commission amounts) in your account. This data is used solely to provide the reconciliation service to you.

Usage Analytics

We use PostHog to collect anonymous usage analytics. This includes page views, feature usage, and session duration. Analytics data is used to improve the product and understand how agencies use the platform. You can opt out of analytics tracking at any time via the cookie consent banner.

PostHog analytics may collect:

  • Pages visited and features used
  • Browser type and device category (desktop, mobile, tablet)
  • Referring URL and UTM campaign parameters
  • Country-level location (from IP address, not stored)
  • Session duration and return visit frequency

PostHog does not have access to your commission data, policy records, or carrier statement contents.

How We Use Your Information

  • Commission data: Solely to provide statement parsing, policy matching, and discrepancy detection services to your account.
  • Account information: To authenticate you and associate your data with your account.
  • Usage analytics: To understand feature adoption, identify usability issues, and improve the product.

Data Sharing

We do not sell, rent, or share your commission data with any third party, including insurance carriers, competitors, or data brokers.

We share data only with:

  • Supabase (database hosting) — stores your account and commission data with row-level security isolation
  • PostHog (analytics) — receives anonymous usage events only, no commission data
  • Vercel (hosting) — serves the application, no persistent data storage

Data Security

  • All data is encrypted in transit (TLS 1.3) and at rest
  • Row-level security (RLS) ensures each account can only access its own records — no cross-tenant data access is possible
  • Passwords are hashed using bcrypt (never stored in plain text)
  • API routes are protected with authentication checks and input validation
  • We do not store credit card numbers or financial account information

Your Rights

You have the right to:

  • Access the data we hold about your account
  • Delete your account and all associated commission data at any time
  • Opt out of analytics tracking via the cookie consent banner
  • Export your data in a standard format

Cookies

We use essential cookies for authentication (keeping you logged in) and optional analytics cookies via PostHog. You can accept or decline analytics cookies when first visiting the site. Your preference is stored locally and can be changed at any time by clearing your browser's local storage.

Data Retention

Your commission data and account information are retained for as long as your account is active. If you delete your account, all associated data is permanently removed within 30 days. Anonymous analytics data is retained for up to 12 months.

Changes to This Policy

We may update this privacy policy from time to time. Material changes will be communicated via email to registered users. The "Last updated" date at the top of this page reflects the most recent revision.

Contact

For privacy-related questions, contact us at privacy@commissioniq.app.

← Back to CommissionIQ