Privacy Policy.

This Privacy Policy describes how DAOFRONT INC. (doing business as “Layerup”, and referred to in this policy as “DAOFRONT”, “Layerup”, “we”, “us” or “our”) collects, uses, discloses, and protects information about you when you visit our website, communicate with us, or use our products and services (collectively, the “Services”).

DAOFRONT provides an enterprise AI platform for insurance carriers, health insurers, MGAs, MGUs, and TPAs. We operate primarily as a business-to-business service provider. When you use our Services as an employee, contractor, or authorized user of one of our enterprise customers, that customer is generally the “controller” (or “business”) of the personal information processed through the Services, and we act as the “processor” (or “service provider”) on their behalf. Their privacy notices govern how that information is used.

This Privacy Policy applies to information we collect directly as a controller — for example, when you visit our marketing website, request a demo, sign up for communications, or otherwise interact with DAOFRONT outside the scope of an enterprise customer’s deployment.

We collect personal information in the following categories. Not every category applies to every visitor or customer.

• Identity and contact data. Name, business email address, business phone number, job title, employer, and country, when you submit a form, request a demo, or correspond with us.
• Account and authentication data. Credentials and related metadata where you have an account with the Services (typically provisioned through your employer’s identity provider or single sign-on).
• Usage and device data. IP address, browser type and version, device identifiers, operating system, referring and exit pages, pages viewed, links clicked, session duration, and similar telemetry collected automatically when you visit our website or use the Services.
• Cookies and similar technologies. Information collected via cookies, local storage, pixels, and similar technologies. See the Cookies section below for details.
• Communications. Records of your communications with us, including emails, demo requests, support tickets, and meeting notes.
• Marketing and event data. Information you provide when registering for events, downloading content, or subscribing to updates, along with your engagement with that content.
• Customer-provided content. Personal information that our enterprise customers, or their authorized users, upload, transmit, or otherwise make available to the Services for processing on their behalf. This may include policyholder, claimant, member, provider, broker, or employee information, including in some cases sensitive categories such as health information governed by HIPAA, financial information, or government identifiers. We process such information only under the terms of our written agreement with the applicable customer, and the customer’s privacy notices govern its use.

We do not knowingly collect personal information directly from individual consumers in connection with their personal insurance transactions. If you are a policyholder, claimant, member, employee, or other individual whose information is processed through the Services on behalf of one of our enterprise customers, please contact that customer directly to exercise rights or ask questions about how your information is used.

We use personal information for the following purposes.

• Operate, maintain, and improve the Services. Provide, secure, troubleshoot, and improve our website, products, and related features, and develop new functionality.
• Customer relationships. Respond to inquiries, schedule and conduct demos, provide customer support, manage accounts, and communicate about subscriptions, renewals, billing, and changes to the Services.
• Sales and marketing. Send communications about DAOFRONT and Layerup products, events, research, and related content, in each case in accordance with applicable law and your preferences.
• Security, fraud prevention, and abuse detection. Protect the Services, our customers, our personnel, and our infrastructure; detect, investigate, and respond to suspicious or unlawful activity; and enforce our agreements and policies.
• Compliance and legal obligations. Comply with applicable laws, regulations, and lawful requests; respond to legal process; establish, exercise, or defend legal claims; and meet regulatory obligations applicable to DAOFRONT or our customers.
• Analytics and product research. Understand how visitors and authorized users interact with our website and Services in aggregate so we can improve them.
• With consent. For any other purpose disclosed to you at the time of collection, or with your consent.

We do not use personal information to train publicly available foundation models. Customer-provided content is processed solely to deliver the Services in accordance with our customer agreement and is not used to train models for the benefit of other customers without contractual authorization.

If you are located in the European Economic Area, the United Kingdom, or Switzerland, we rely on the following legal bases under the GDPR (and analogous frameworks) to process personal information:

• Performance of a contract with you or your employer, for example to provide the Services and respond to your inquiries.
• Legitimate interests pursued by DAOFRONT or a third party, including operating, securing, marketing, and improving our Services, where those interests are not overridden by your interests or fundamental rights.
• Compliance with a legal obligation to which DAOFRONT is subject.
• Consent, where required by law, for example for certain marketing communications or cookies.

Where we process personal information on behalf of an enterprise customer, the customer is responsible for identifying and maintaining the appropriate legal basis for that processing.

We share personal information only as described in this Privacy Policy and in accordance with applicable law.

• Service providers and sub-processors. We engage vendors and sub-processors to host our infrastructure, deliver communications, provide analytics, support customer success, and perform other functions on our behalf. These parties are bound by contractual obligations limiting their use of personal information to the services they provide to us. A current list of sub-processors is available on request.
• Enterprise customers. When you use the Services in connection with an enterprise customer, we make information about your use available to that customer (for example, account administrators and authorized supervisors) as part of the Services we provide to them.
• Affiliates. We may share personal information with our corporate affiliates for the purposes described in this Privacy Policy.
• Legal and safety. We may disclose personal information when we believe in good faith it is necessary to (a) comply with applicable law, lawful requests, or legal process; (b) protect the rights, property, safety, or security of DAOFRONT, our customers, our personnel, or the public; (c) detect, prevent, or otherwise address fraud, security, or technical issues; or (d) enforce our agreements and policies.
• Business transactions. If DAOFRONT is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, personal information may be transferred as part of that transaction, subject to commitments consistent with this Privacy Policy.
• With consent or at your direction. We may share personal information for other purposes with your consent or at your direction.

DAOFRONT does not sell personal information for money, and does not share personal information for cross-context behavioral advertising as those terms are defined under the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA).

DAOFRONT is headquartered in the United States. We and our service providers may transfer, store, and process personal information in countries other than the country in which it was originally collected, including the United States.

Where required by applicable law, we use appropriate safeguards for international transfers of personal information, including the European Commission’s Standard Contractual Clauses, the UK International Data Transfer Addendum, or equivalent mechanisms.

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, including to provide the Services, comply with our legal obligations, resolve disputes, enforce our agreements, and maintain appropriate business records.

Customer-provided content processed on behalf of enterprise customers is retained, returned, or deleted in accordance with the terms of the applicable customer agreement and the customer’s documented instructions.

Specific retention periods depend on the type of information, the reason for collection, applicable legal and regulatory obligations, and the duration of our relationship with you or the relevant customer.

DAOFRONT maintains administrative, technical, and physical safeguards designed to protect personal information against unauthorized access, disclosure, alteration, loss, or destruction. Our security program is designed to meet the expectations of enterprise insurance and healthcare customers, including controls for access management, encryption in transit and at rest, network segmentation, monitoring, vulnerability management, secure software development, vendor risk management, and incident response.

Additional information about our security program is available on the Security page.

No security program is perfect, and no method of transmitting or storing information can be guaranteed to be entirely secure. If you have reason to believe that your interaction with DAOFRONT is no longer secure, please contact us immediately using the details below.

Subject to applicable law, you may have the following rights with respect to personal information we process about you as a controller. These rights are not absolute and may be limited by law.

• Access to the personal information we hold about you.
• Correction of inaccurate or incomplete personal information.
• Deletion of personal information in certain circumstances.
• Portability — to receive certain personal information in a structured, commonly used, and machine-readable format.
• Restriction or objection to certain processing activities.
• Withdrawal of consent, where we rely on consent as the legal basis for processing.
• Opt-out of sale or sharing of personal information. As noted above, DAOFRONT does not sell personal information or share it for cross-context behavioral advertising.
• Limit use of sensitive personal information as defined under California law.
• Non-discrimination for exercising your privacy rights.

To exercise any of these rights, please contact us using the details below. We will respond consistent with applicable law and may need to verify your identity or your authority to act on behalf of another person before responding. If you are an authorized agent submitting a request on behalf of a consumer, we may require proof of your authority and the consumer’s identity.

If you are an individual whose personal information is processed through the Services on behalf of one of our enterprise customers (for example, as a policyholder, claimant, member, broker, or employee of that customer), please direct your privacy rights request to that customer. We will assist them in responding consistent with our contractual obligations and applicable law.

Our Services are not directed to children, and we do not knowingly collect personal information from children under the age of 16. If you believe a child has provided personal information to us, please contact us so we can take appropriate action.

We and our service providers use cookies, pixels, local storage, and similar technologies on our website to operate the site, remember your preferences, understand usage, and support our marketing efforts. We use the following categories:

• Strictly necessary. Required for the site to function properly, including security and load balancing.
• Performance and analytics. Help us understand how visitors use the site so we can improve it.
• Functional. Remember preferences such as language or region.
• Marketing. Measure the effectiveness of our marketing campaigns. We do not use these technologies for cross-context behavioral advertising.

You can control cookies through your browser settings and, where offered, through any cookie banner or preference center we provide. Disabling certain cookies may affect the functionality of our website.

Our website may contain links to third-party sites, services, and resources that are not operated by DAOFRONT. This Privacy Policy does not apply to those third parties. We encourage you to review their privacy policies before providing them with personal information.

We may update this Privacy Policy from time to time to reflect changes to our practices, the Services, applicable law, or for other operational or regulatory reasons. When we do, we will update the “Last updated” date at the top of this page and, where appropriate or required, provide additional notice (for example, by posting a notice on our website or contacting you directly).

We encourage you to review this Privacy Policy periodically to stay informed about our practices.

If you have questions, comments, or requests regarding this Privacy Policy or our privacy practices, please contact us at:

For data protection inquiries from individuals in the European Economic Area or the United Kingdom, please mark your request “EEA/UK Data Subject Request” in the subject line so we can route it appropriately. You also have the right to lodge a complaint with your local supervisory authority.