CommIQ

Privacy Policy

Effective date: May 18, 2026

1. Who We Are

CommIQ, Inc. ("CommIQ," "we," "us") operates the CommIQ commission tracking platform at commissionstracker.io. This Privacy Policy explains how we collect, use, and protect information when you use our Service.

2. Information We Collect

Account information

When you sign up, we collect your name, work email address, agency name, and password (stored as a secure hash via Supabase Auth).

Commission and policy data

You upload carrier commission statements and policy records to CommIQ. This data may include policyholder names, policy numbers, Medicare Beneficiary Identifiers (MBIs), effective dates, and premium amounts. This is your data — we process it only to provide the Service.

Agent submission data

When agents submit policies via the dashboard form, we collect applicant details including name, date of birth, phone, email, address, Medicare card details, and doctor/medication information as provided by the agent.

Usage data

We collect standard server logs including IP addresses, browser type, pages visited, and timestamps for security and performance monitoring.

3. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process commission reconciliation and generate reports
  • To send transactional emails (invites, alerts, password resets)
  • To detect and prevent fraud or unauthorized access
  • To comply with legal obligations
  • To respond to support requests

We do not sell your personal information or use it for advertising.

4. Data Sharing

We share your data only with the sub-processors required to operate the Service:

  • Supabase — database and authentication infrastructure (US data centers)
  • Vercel — hosting and edge network
  • Resend — transactional email delivery
  • Stripe — payment processing (we never store card numbers)
  • Upstash — rate limiting and ephemeral cache
  • Sentry — error monitoring (PHI fields are scrubbed before transmission)

Each sub-processor is governed by their published data processing terms and, where applicable, a Business Associate Agreement covering protected health information. We do not share data with insurance carriers, FMOs, or any third party without your explicit consent.

5. HIPAA

CommIQ may process Medicare Beneficiary Identifiers and related health-adjacent data on your behalf. Where you are a HIPAA covered entity or business associate, we will execute a Business Associate Agreement (BAA) before any protected health information is loaded into the Service. Email support@commissionstracker.io to request a BAA before onboarding PHI.

We implement administrative, technical, and physical safeguards appropriate to the sensitivity of commission and policyholder data, including AES-256 encryption of identifiers at rest, TLS in transit, role-based access controls, blind-indexed lookup of Medicare IDs, and audit logging of sensitive actions.

6. Data Retention

We retain your data for as long as your account is active. After account termination, we retain data for 30 days before permanent deletion, unless a longer retention period is required by law. You may request earlier deletion by contacting support@commissionstracker.io.

7. Security

We use industry-standard security measures including TLS encryption, password hashing handled by Supabase Auth, row-level access controls, and regular security reviews. No method of transmission over the internet is 100% secure. In the event of a data breach affecting your information, we will notify you as required by applicable law.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate data
  • Request deletion of your data
  • Export your data in a portable format
  • Opt out of certain processing

To exercise any of these rights, email support@commissionstracker.io. We will respond within 30 days.

9. Cookies

CommIQ uses strictly necessary cookies for authentication session management. We do not use advertising or tracking cookies. You can disable cookies in your browser settings, but doing so will prevent you from logging in.

10. Children's Privacy

CommIQ is a professional business tool and is not directed at children under 18. We do not knowingly collect personal information from minors.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or in-app notice. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

For privacy-related questions or to exercise your rights:

CommIQ, Inc.
Email: support@commissionstracker.io