Legal
Privacy policy
This policy explains, at an operational level, how personal data may be processed in relation to the public website, information requests, demos and use of 360Claims.
Last updated: May 3, 2026
1. Who is the controller
The controller for data collected through this website and, where applicable, the direct commercial relationship with 360Claims is ByeByeBits, LLC, with registered address at 3424 SW 34th Ct, Topeka, Kansas, United States.
Privacy and support contact: soporte@360claims.app.
No Data Protection Officer has been designated. The contact point for privacy questions and rights requests is soporte@360claims.app.
When 360Claims provides the service to a claims practice or independent adjuster, it may process certain data on behalf of that customer. In those cases, the customer will be the controller, or will act according to its applicable role, and 360Claims will act as processor or subprocessor under the applicable contract.
2. Who this policy applies to
This policy applies to:
- people who visit the 360Claims website;
- people who request information, a demo, a trial or assisted implementation;
- commercial or professional contacts linked to claims practices, insurers or interested organizations;
- authorized users who access the platform;
- people whose data may be added to case files, communications, documents or settings by a 360Claims customer.
3. Data we may process
Depending on the relationship with 360Claims, we may process the following categories of data.
360Claims does not request special-category data on the website to request a demo. However, customers may add information related to expert claim files inside the platform. The customer must ensure that such data is processed according to applicable law and that unnecessary information is not added.
| Category | Examples |
|---|---|
| Identity and contact data | Name, surname, email, phone, company and role. |
| Professional data | Practice type, team size, plan of interest and implementation needs. |
| Demo or trial request data | Preferences, functional needs and messages submitted through forms. |
| Authorized user data | Account, credentials, permissions, role, associated company and usage activity. |
| Data entered by customers into the platform | Case files, parties, contacts, communications, documents, attachments, billing, settlements and configuration. |
| Technical data | IP address, logs, device, browser, security events, errors and operational metrics. |
| Support data | Incidents, support communications, tickets and documentation provided. |
| Billing and contracting data | Plan, licenses, subscription, amounts, payment history, tax and administrative data. |
4. Why we process data
We may process personal data for the following purposes and under the legal bases indicated in each case.
| Purpose | Legal basis |
|---|---|
| Responding to information, contact or demo requests | Pre-contractual steps or legitimate interest. |
| Managing the commercial or contractual relationship | Contract performance. |
| Creating and administering user accounts | Contract performance. |
| Providing, maintaining and improving 360Claims | Contract performance and legitimate interest. |
| Managing support, incidents and assisted implementation | Contract performance or pre-contractual steps. |
| Managing subscriptions, licenses, billing and payments | Contract performance and legal obligations. |
| Enabling case-file, communications, attachments, Claimy, billing, settlement and configuration features | Contract performance; where applicable, processing on behalf of the customer. |
| Protecting platform security | Legitimate interest and compliance with legal obligations. |
| Complying with applicable legal obligations | Legal obligation. |
| Sending commercial communications related to 360Claims | Consent or legitimate interest, as applicable. |
5. Relationship between 360Claims and customer data
360Claims is a platform for the integrated management of claims practices and full case files. It connects case files, communications, documentation, remote inspections, Claimy, billing and settlements inside one operation.
Case-file data is normally entered by the customer. The customer decides which data to add, for what purpose and under which legal basis. In those cases, 360Claims processes the information to provide the contracted service and under the customer instructions, without using it for incompatible own purposes.
360Claims does not use real case-file data to train own or third-party models unless there is a sufficient legal basis, applicable contractual provision, clear information to customers and specific safeguards.
6. Claimy and artificial intelligence
Claimy is contextual assistance integrated into 360Claims. It may assist with tasks related to the case file, communications, documentation, reviewable proposals or other operational workflows in the platform.
Claimy outputs must be reviewed by professional users before being incorporated into final work. Claimy does not replace the adjuster, does not make professional decisions by itself and must not be used as the sole basis for decisions with relevant legal, economic or technical effects.
Claimy may use external artificial-intelligence providers. As a general rule, assisted flows work with prompts, summaries or processed fragments necessary for the task, not with full case files unless the specific service functionality requires it.
When Claimy involves technology providers or artificial-intelligence services, the corresponding contractual, technical and organizational safeguards will apply.
7. Communications, WhatsApp, SMS and attachments
360Claims may allow receiving, assigning, sending or managing communications and attachments linked to case files through channels such as email, WhatsApp, SMS or other connected systems.
The customer must have a sufficient lawful basis to communicate with insured parties, third parties, handlers or other data subjects, and to add those communications to the case file.
When messaging, email, SMS, storage or communications providers are involved, the corresponding contractual and technical safeguards will apply, and their involvement will be documented under the contract and applicable law.
8. Recipients and providers
Service provision may involve technology providers required for hosting, infrastructure, database, storage, communications, email, messaging, payments, billing, support, security, monitoring, automation, artificial intelligence or other auxiliary services.
Where applicable, these providers act as processors or subprocessors and must process data only under the applicable instructions and contractual safeguards.
The detailed list of providers, processing locations and applicable safeguards will be documented internally and, where appropriate, provided to customers or data subjects under the contract or applicable law.
- infrastructure, hosting, database and storage providers;
- communications, email, WhatsApp, SMS and case-file messaging providers;
- payment, subscription and billing providers;
- support, security, monitoring and incident-resolution providers;
- artificial-intelligence or automation providers used by Claimy, where applicable;
- web analytics or measurement providers, if added in the future.
9. International transfers
Service provision may involve certain providers, subprocessors or affiliated entities processing data from locations outside the European Economic Area.
Where an international data transfer exists, the safeguards required by data-protection law will apply, such as adequacy decisions, standard contractual clauses, applicable certification frameworks or other valid mechanisms.
Specific information about transfers, affected providers and applicable safeguards will be documented internally and provided where appropriate under the contract or applicable law.
10. Data retention
Data will be retained for the time needed to fulfil the purposes for which it was collected and, afterwards, for the periods necessary to address contractual, legal, tax, technical or security liabilities.
Retention periods apply according to the nature of each processing activity, the contractual conditions and applicable legal obligations.
- information or demo requests will be retained while the request is handled and for up to 24 months for commercial follow-up, unless the data subject objects or requests erasure where applicable;
- customer and user data will be retained while the contractual relationship exists;
- data entered by the customer into the platform will be retained according to the contract, service configuration and customer instructions. After cancellation, 360Claims may facilitate data export and apply subsequent blocking or deletion within an operational period of 30 to 90 days, unless legal obligations, incidents or different contractual instructions apply;
- billing data will be retained for the applicable legal periods;
- technical and security logs will be retained for 12 months for security, traceability and incident resolution, unless an incident, legal obligation or defence need requires longer retention.
11. Data-subject rights
Data subjects may request access, rectification, erasure, objection, restriction of processing, portability and, where applicable, withdrawal of consent by writing to soporte@360claims.app.
The request must allow the data subject to be reasonably identified. If there are doubts about the requester identity, strictly necessary additional information may be requested for verification.
When 360Claims acts as processor on behalf of a customer, it may forward the request to the customer controller or handle it under the applicable contractual instructions.
Data subjects may also lodge a complaint with the competent supervisory authority. In Spain, the reference authority is the Spanish Data Protection Agency, where applicable.
12. Security
360Claims applies technical and organizational measures aimed at protecting information processed in the platform, including access controls, user management, permissions, traceability, technical-security measures and support procedures.
Security also depends on correct use of the tool by the customer: user configuration, roles, permissions, credentials, devices, communication channels and quality of the data entered.
No system can guarantee absolute security, but 360Claims works to reduce risks, protect confidentiality, integrity and availability of information, and respond to incidents when necessary.
13. Cookies and similar technologies
The website may use cookies or similar technologies for technical operation, security, measurement or experience improvement.
When non-technical cookies, analytics tools or similar technologies subject to consent are added, 360Claims will enable the mechanisms needed to accept, reject or configure those technologies and will update the corresponding information.
14. Changes to this policy
360Claims may update this policy to reflect legal, technical, operational or provider changes. The published version will always state the latest update date.
When changes are relevant, they will be communicated by appropriate means or highlighted on the website itself.
15. Privacy contact
For privacy questions or rights requests: soporte@360claims.app.