1. INTRODUCTION AND SCOPE

This Privacy Policy (“Policy”) governs the collection, use, disclosure, retention, and protection of personally identifiable information (“PII”) and sensitive business information obtained through the automated voice communication system (the “Voice AI Agent”) deployed by Palco Public Adjusting Loss Consulting (“Palco,” “Company,” “we,” “us,” or “our”).

This Policy applies specifically to information collected when clients, prospective clients, property owners, insurance professionals, or other individuals (“you,” “caller,” or “user”) interact with our Voice AI Agent via telephone communication. This Policy should be read in conjunction with our general Privacy Policy and Terms of Service.

1.1 Business Operations

Palco Public Adjusting Loss Consulting is a licensed public adjusting and loss consulting firm serving commercial and residential property owners in Texas, Oklahoma, and Nevada. Our principal office is located at:

Palco Public Adjusting Loss Consulting
Contact: (512) 553-6432
Email: claims@palcoclaims.com
Website: www.palcoclaims.com

1.2 Services Covered

This Policy applies to Voice AI Agent interactions related to:

Public adjusting services for property insurance claims
Loss consulting and damage assessment
Insurance appraisal services
Property insurance expert consultation
Claims assistance for fire, water, wind, hail, and tornado damage
Commercial and residential property claims management

1.3 Applicability

This Policy applies to all telephone interactions with our Voice AI Agent regardless of:

The caller’s location (within or outside our service states)
Whether the caller becomes a client
The nature of the inquiry (new claim, existing claim, general information)
The time of day or method of call initiation

2. INFORMATION COLLECTED BY THE VOICE AI AGENT

2.1 Categories of Information Collected

When you contact Palco via telephone and interact with the Voice AI Agent, we may collect and process the following categories of information:

2.1.1 Personal Identification Information

Full name (individual or business representative)
Telephone number(s) (mobile, home, work, business line)
Email address
Mailing address (property address and correspondence address)
Business name and organizational affiliation
Professional credentials or titles

2.1.2 Property and Loss Information

Property location and address
Property type (commercial, residential, multi-family, industrial)
Property ownership status
Date and nature of loss or damage event
Description of property damage (fire, water, wind, hail, tornado, etc.)
Estimated extent of damage
Current condition of property
Existing mitigation or repair efforts
Emergency service needs

2.1.3 Insurance Policy Information

Insurance carrier name
Policy number (if available)
Coverage type and limits
Claim number (if already filed)
Insurance adjuster contact information
Claim status and history
Previous settlement offers or communications
Policy effective dates
Deductible amounts

2.1.4 Financial and Business Information

Approximate property value
Business interruption information
Loss of income or revenue impacts
Out-of-pocket expenses incurred
Mortgage or lien holder information
Prior claims history
Business operations information (for commercial claims)

2.1.5 Communication Records

Complete audio recordings of telephone conversations
Automated transcriptions of voice interactions
Call metadata including:

Date, time, and duration of call
Caller identification information
Call outcome and disposition codes
Urgency classification
Service area determination
Follow-up requirements

2.1.6 Technical and Telecommunications Data

IP address (for VoIP communications)
Device type and operating system
Telecommunications carrier information
Geographic location data (derived from phone number)
Call routing and transfer data
Interactive voice response (IVR) selections

2.1.7 Referral and Marketing Information

How you learned about Palco
Referral source (attorney, contractor, previous client, online search, etc.)
Marketing campaign identifiers
Website visit history (if applicable)

2.2 Methods of Information Collection

Information is collected through:

Direct verbal communication with the Voice AI Agent
Automated speech recognition and natural language processing technology
Interactive voice response (IVR) menu selections
Touch-tone (DTMF) input for data entry
Caller identification systems and telecommunications metadata
Integration with customer relationship management (CRM) systems

2.3 Voluntary Nature of Information Disclosure

While interaction with the Voice AI Agent is voluntary, certain information may be necessary to:

Evaluate whether we can assist with your claim
Determine jurisdictional licensing requirements
Assess conflict of interest considerations
Provide accurate case evaluation and consultation
Schedule inspections and assessments
Prepare engagement agreements
Initiate claim documentation processes

Important Notice: Refusal to provide requested information may limit our ability to evaluate your case, provide consultation, or offer our services. You may request to speak with a live representative at any time during your interaction with the Voice AI Agent.

2.4 Special Categories of Sensitive Information

We recognize that insurance claims may involve particularly sensitive circumstances, including:

Property damage resulting from criminal activity
Losses involving death or serious bodily injury
Business failures or financial distress
Disputes with insurance carriers or contractors
Litigation or potential litigation
Regulatory investigations or compliance matters

We implement enhanced security measures and access restrictions for such sensitive matters.

3. PURPOSES AND LEGAL BASIS FOR PROCESSING

3.1 Primary Purposes

We collect and process your information for the following legitimate business purposes:

3.1.1 Client Acquisition and Onboarding

Initial case evaluation and consultation
Conflict of interest screening
Jurisdictional licensing verification
Engagement agreement preparation
Fee structure explanation and agreement
Client intake and onboarding processes

3.1.2 Claims Management and Advocacy

Property damage assessment and documentation
Insurance policy analysis and interpretation
Claim preparation, filing, and management
Negotiation with insurance carriers
Settlement evaluation and recommendation
Dispute resolution and appraisal processes
Expert witness coordination and litigation support

3.1.3 Business Operations

Appointment scheduling and coordination
Customer relationship management
Client communication and follow-up
Case status tracking and reporting
Internal workflow management
Staff assignment and workload distribution
Quality assurance and service improvement

3.1.4 Compliance and Risk Management

State licensing compliance (Texas, Oklahoma, Nevada)
Professional liability and errors & omissions documentation
Fraud prevention and detection
Anti-money laundering compliance
Regulatory reporting requirements
Attorney-client privilege protection (where applicable)
Engagement agreement documentation

3.1.5 Analytics and Improvement

Call quality monitoring and training
Service delivery optimization
Customer satisfaction assessment
Market research and business development
Voice AI Agent performance analysis
Conversion rate optimization

3.1.6 Marketing and Communications

Response to inquiries and information requests
Follow-up communications regarding services
Case studies and testimonials (with explicit consent)
Educational content and resources
Newsletter and update distribution (with opt-in consent)

3.2 Legal Basis for Processing

Our processing of your information is based on the following legal grounds:

3.2.1 Consent

Your voluntary interaction with the Voice AI Agent constitutes informed consent for:

Collection of information necessary to evaluate your case
Recording of telephone communications
Processing of information to provide requested services
Communication regarding your inquiry or claim

3.2.2 Contractual Necessity

Processing necessary to:

Evaluate whether to enter into an engagement agreement
Perform our obligations under executed engagement agreements
Facilitate payment processing and fee calculations
Provide contracted claims management services

3.2.3 Legitimate Interests

Our legitimate business interests in:

Providing efficient and effective public adjusting services
Protecting our business from fraud and abuse
Improving service quality and customer experience
Training staff and optimizing business operations
Marketing our services to appropriate audiences
Maintaining accurate business records

3.2.4 Legal Obligations

Compliance with:

State public adjuster licensing laws (Texas, Oklahoma, Nevada)
Record retention requirements under state insurance regulations
Subpoena, court order, or legal process requirements
Tax reporting and financial record-keeping obligations
Professional standards and ethical requirements

4. TECHNOLOGY PROVIDER AND DATA PROCESSING

4.1 Third-Party Service Provider

The Voice AI Agent is developed, configured, and operated by The AI Agency USA, Inc., a Nevada corporation located at 7848 W Sahara AVE #504, Las Vegas, NV 89117 (“Technology Provider” or “Service Provider”), pursuant to a comprehensive Client Services Agreement executed in accordance with industry standards and applicable privacy laws.

4.2 Service Provider Relationship

The AI Agency USA, Inc. serves as our data processor and technology service provider. Under our agreement, the Service Provider is contractually obligated to:

Implement appropriate administrative, physical, and technical safeguards
Use and disclose information only as permitted by our services agreement
Maintain confidentiality of all client and business information
Report any security incidents or data breaches within specified timeframes
Comply with all applicable data protection and privacy regulations
Return or destroy data upon termination of services
Cooperate with data subject rights requests
Maintain executed data processing agreements with all subcontractors

4.3 Technology Infrastructure and Subprocessors

The Voice AI Agent operates on third-party technology platforms, which may include:

4.3.1 Cloud Infrastructure Providers

Google Cloud Platform (data storage and processing infrastructure)
Amazon Web Services or Microsoft Azure (backup and redundancy systems)
Other HIPAA-compliant or SOC 2 certified cloud providers

4.3.2 Voice Processing Services

Voice artificial intelligence and natural language processing platforms
Speech-to-text transcription services
Text-to-speech synthesis systems
Sentiment analysis and conversation intelligence tools

4.3.3 Telecommunications Services

Voice over Internet Protocol (VoIP) carriers
Public switched telephone network (PSTN) providers
Session Initiation Protocol (SIP) trunking services
Call routing and management platforms

4.3.4 Business Systems

Customer Relationship Management (CRM) platforms
Email and communication delivery services
Analytics and reporting tools
Backup and disaster recovery systems

All subprocessors that may access PII maintain appropriate data processing agreements and comply with applicable data protection standards. We maintain a current list of all subprocessors, which is available upon request.

4.4 Data Processing Locations

Your information may be processed and stored:

Primarily within the United States
On servers located in secure data centers with SOC 2 Type II certification
In compliance with applicable state data residency requirements
With appropriate safeguards for any cross-border transfers

We do not transfer personal information to countries outside the United States except as may be required for technology infrastructure operations, and only with appropriate contractual safeguards including Standard Contractual Clauses or equivalent mechanisms.

4.5 Service Provider Changes

We reserve the right to change technology service providers as necessary for business operations. In the event of any material change:

Equivalent or superior security and privacy standards will be maintained
All new providers will execute appropriate data processing agreements
Service continuity will be maintained during transitions
Notice will be provided through updates to this Policy

5. DATA SECURITY MEASURES

We implement comprehensive security measures designed to protect your information from unauthorized access, use, disclosure, alteration, and destruction.

5.1 Technical Safeguards

5.1.1 Encryption Standards

Data at Rest: AES-256 bit encryption for all stored data including voice recordings, transcripts, and metadata
Data in Transit: Transport Layer Security (TLS) 1.3 or higher for all data transmission
End-to-End Encryption: Voice communications encrypted from origination to storage
Database Encryption: Full database encryption with encrypted backup storage
Key Management: Hardware security modules (HSM) for cryptographic key protection

5.1.2 Access Control Systems

Multi-Factor Authentication (MFA): Required for all system access
Role-Based Access Control (RBAC): Principle of least privilege implementation
Unique User Identification: Individual accounts for all authorized personnel
Password Requirements: Complex password policies with regular rotation
Automatic Session Termination: Timeout after defined periods of inactivity
Access Audit Trails: Comprehensive logging of all access activities
Privileged Access Management: Enhanced controls for administrative access
Regular Access Reviews: Quarterly certification of user access rights

5.1.3 Network Security

Firewalls: Next-generation firewalls with intrusion prevention systems
Network Segmentation: Logical separation of systems and data tiers
Virtual Private Networks (VPN): Secure remote access protocols
Distributed Denial of Service (DDoS) Protection: Traffic filtering and rate limiting
Web Application Firewalls (WAF): Protection against common web exploits
Intrusion Detection and Prevention Systems (IDS/IPS): Real-time threat monitoring

5.1.4 System Security

Antivirus and Anti-Malware: Enterprise-grade endpoint protection
Patch Management: Regular security updates and vulnerability remediation
Security Information and Event Management (SIEM): Centralized log analysis and correlation
Vulnerability Scanning: Regular automated and manual security assessments
Penetration Testing: Annual third-party security testing
Security Operations Center (SOC): 24/7/365 security monitoring

5.1.5 Application Security

Secure Development Lifecycle: Security-by-design principles
Code Reviews: Regular security-focused code audits
Input Validation: Protection against injection attacks
Output Encoding: Prevention of cross-site scripting vulnerabilities
API Security: Authentication and rate limiting for all interfaces
Session Management: Secure token generation and validation

5.1.6 Audit and Monitoring

Comprehensive Logging: All access, modifications, and security events
Real-Time Monitoring: Automated alerting for suspicious activities
Log Retention: Minimum two-year retention of security and access logs
Regular Audit Reviews: Quarterly analysis of security events
Incident Detection: Automated anomaly detection systems
Forensic Readiness: Preservation of evidence for investigations

5.2 Administrative Safeguards

5.2.1 Policies and Procedures

Written Information Security Program (WISP)
Data classification and handling procedures
Incident response and breach notification plans
Business continuity and disaster recovery procedures
Vendor management and third-party risk assessment policies
Data retention and secure disposal procedures

5.2.2 Personnel Security

Background Checks: Pre-employment screening for all personnel with data access
Confidentiality Agreements: Executed NDAs with all employees and contractors
Security Training: Annual mandatory privacy and security awareness training
Specialized Training: Role-specific training for personnel handling sensitive data
Termination Procedures: Immediate access revocation upon separation
Need-to-Know Principle: Information access limited to business necessity

5.2.3 Risk Management

Annual security risk assessments
Regular vulnerability assessments
Third-party security audits
Continuous improvement programs
Executive security oversight
Security steering committee governance

5.3 Physical Safeguards

While the Voice AI Agent operates in cloud environments, our service providers implement:

5.3.1 Data Center Security

Physical Access Controls: Biometric authentication and 24/7 security personnel
Video Surveillance: Comprehensive CCTV monitoring with retention
Environmental Controls: Climate control, fire suppression, and power redundancy
Geographic Redundancy: Multiple data center locations for disaster recovery
SOC 2 Type II Certification: Annual independent audits of controls

5.3.2 Workstation Security

Locked facilities with restricted access
Clean desk policies for sensitive information
Encrypted laptop and mobile device storage
Screen privacy filters and automatic screen locks
Secure disposal of paper records and media

5.4 Backup and Disaster Recovery

5.4.1 Data Backup

Daily Automated Backups: Incremental and full backups of all data
Geographically Distributed Storage: Backups stored in multiple regions
Encrypted Backup Storage: AES-256 encryption of all backup data
Regular Backup Testing: Quarterly restoration testing
Retention Policy: Minimum 90-day backup retention

5.4.2 Business Continuity

Documented disaster recovery procedures
Recovery Time Objective (RTO): 24 hours for critical systems
Recovery Point Objective (RPO): Maximum 24 hours of data loss
Regular disaster recovery drills
Alternate processing facilities
Crisis communication plans

5.5 Security Incident Response

5.5.1 Incident Detection and Response

24/7 security monitoring and incident response capability
Defined incident classification and escalation procedures
Incident response team with clear roles and responsibilities
Forensic investigation capabilities
Root cause analysis and corrective action plans

5.5.2 Breach Notification

In the event of a security incident involving unauthorized access to or disclosure of your personal information:

Notification Timing: We will notify affected individuals without unreasonable delay, and where feasible within 72 hours of discovery
Notification Method: Email, telephone, or written notice as appropriate
Notification Content: Description of incident, types of information involved, steps taken to address the breach, contact information for questions, and recommendations for protective measures
Regulatory Notification: We will comply with all applicable state and federal breach notification laws

5.6 Limitations of Security

While we implement reasonable and appropriate security measures consistent with industry standards:

No system is completely immune to security breaches
We cannot guarantee absolute security of information
Security risks include factors beyond our control (user device security, social engineering, etc.)
We maintain appropriate insurance coverage for data security incidents
We continuously update our security measures in response to evolving threats

6. INFORMATION SHARING AND DISCLOSURE

6.1 Disclosure to Third Parties

We may share your information with the following categories of third parties:

6.1.1 Service Providers and Business Partners

Technology Service Provider: The AI Agency USA, Inc. for Voice AI Agent operations
Cloud Infrastructure Providers: For data storage and processing
Telecommunications Carriers: For call routing and delivery
Professional Service Providers:

Structural engineers and damage assessment experts
Roof inspectors and specialty contractors
Contents inventory and valuation specialists
Forensic accountants and business interruption analysts
Environmental testing and remediation consultants

Legal Counsel: Attorneys representing Palco or advising on claims
Insurance Professionals: As necessary for appraisal, mediation, or claim resolution
Payment Processors: For fee processing and financial transactions
Document Management Services: For secure storage and retrieval

All service providers are contractually obligated to:

Maintain confidentiality of information
Use information only for specified purposes
Implement appropriate security measures
Comply with applicable privacy laws
Return or destroy information upon request

6.1.2 With Your Consent or Direction

Insurance Carriers: When you engage us to represent you in a claim
Mortgage Companies or Lien Holders: For claim settlement coordination
Attorneys: When you request we coordinate with your legal counsel
Contractors and Restoration Companies: For repair estimates and coordination
Other Parties: As you specifically authorize or direct

6.1.3 Legal and Regulatory Disclosures

We may disclose information without your consent when required by law:

Subpoenas and Court Orders: In response to valid legal process
Regulatory Authorities: Texas Department of Insurance, Oklahoma Insurance Department, Nevada Division of Insurance
Law Enforcement: When required by applicable law or to prevent imminent harm
Legal Proceedings: In connection with litigation involving Palco or our services
Government Audits: In response to regulatory examinations or investigations

6.1.4 Business Transfers

In the event of a merger, acquisition, sale of assets, or bankruptcy:

Information may be transferred to successor entities
We will provide notice before information becomes subject to different privacy practices
You will have the opportunity to opt-out of certain transfers where feasible

6.2 Information We Do Not Share

We do not:

Sell your personal information to third parties
Rent mailing lists or contact information
Share information with marketers or advertisers (except as necessary for our own marketing)
Disclose information to competitors or unrelated businesses
Use information for purposes incompatible with the reason for collection

6.3 Aggregate and De-Identified Information

We may create aggregate, anonymized, or de-identified data from the information we collect. Such data:

Does not identify you personally
May be used for research, analytics, and business purposes
May be shared with third parties for industry analysis
Is not subject to this Privacy Policy’s restrictions

Examples include:

Statistical analysis of claim types and settlement rates
Geographic trends in property damage
Service performance metrics
Industry benchmarking data

6.4 Referral Sources and Marketing Partners

If you were referred to us by an attorney, contractor, insurance professional, or other business:

We may share basic information about your inquiry with the referral source
We will not disclose specific claim details without your consent
Referral fees or commissions may be paid in accordance with applicable law

7. RECORDING AND RETENTION OF COMMUNICATIONS

7.1 Recording Notification and Consent

IMPORTANT NOTICE: All telephone calls to Palco Public Adjusting Loss Consulting are recorded for quality assurance, training, regulatory compliance, claims documentation, and business purposes.

By continuing your call after hearing this notification, you expressly consent to such recording. If you do not consent to recording, please hang up immediately and contact us via email at claims@palcoclaims.com or through other non-recorded methods.

7.1.1 One-Party Consent States

Texas, Oklahoma, and Nevada are “one-party consent” states for telephone recording. We are legally permitted to record conversations where we (or our Voice AI Agent) are a party to the communication, regardless of your location, provided:

We provide notice that recording is occurring (which we do)
The recording is for a legitimate business purpose (which it is)

7.1.2 Two-Party Consent Considerations

If you are calling from a state that requires all-party consent for recording (such as California, Florida, or others), your continuation of the call after hearing our recording notice constitutes your affirmative consent under your state’s law.

7.2 Transcription and Analysis

7.2.1 Automated Transcription

All recorded calls are automatically transcribed using speech recognition technology
Transcripts are maintained as part of your client communication record
Transcription accuracy may vary based on audio quality, accents, and technical terminology
Transcripts are reviewed by human staff when used for critical decision-making

7.2.2 Conversation Intelligence

We may use artificial intelligence and machine learning tools to analyze calls for:

Sentiment analysis and caller satisfaction assessment
Key topic and keyword identification
Urgency classification and priority routing
Quality assurance and compliance monitoring
Agent performance evaluation and training
Business intelligence and trend analysis

7.3 Retention Period

7.3.1 Standard Retention

We retain voice recordings, transcripts, and associated metadata for:

Active Clients: Duration of engagement plus seven (7) years
Prospective Clients: Three (3) years from date of inquiry
General Inquiries: Two (2) years from date of call

7.3.2 Extended Retention

Longer retention periods may apply when:

Litigation: Records relevant to actual or anticipated litigation are retained until final resolution plus applicable statute of limitations period
Regulatory Requirements: State insurance regulations may require longer retention
Claims Disputes: Records are retained while disputes are pending
Appraisal or Arbitration: Records are retained through resolution plus seven years
Legal Hold: Records are preserved pursuant to court orders or legal obligations

7.3.3 Retention Justification

Extended retention is necessary for:

Defending professional liability claims
Responding to regulatory investigations
Proving terms of oral agreements or representations
Establishing timeline of events for claims
Compliance with statute of limitations periods in Texas (2-4 years), Oklahoma (2-5 years), and Nevada (2-4 years)
Documentation of state-specific licensing requirements

7.4 Secure Storage and Access

7.4.1 Storage Security

All recordings and transcripts are encrypted at rest (AES-256)
Access is restricted to authorized personnel with legitimate business need
Access is logged and subject to audit
Redundant storage with geographic distribution for disaster recovery

7.4.2 Access Controls

Personnel with access to recordings are limited to:

Licensed public adjusters assigned to your claim
Quality assurance and compliance staff
Management with supervisory responsibility
Legal counsel (when necessary)
IT and security personnel (for system administration only)

7.5 Client Access to Recordings

7.5.1 Your Right to Access

You have the right to request:

Copies of your recorded calls
Transcripts of your conversations
Metadata associated with your communications

7.5.2 Access Procedures

To obtain copies of your recordings:

Submit a written request to claims@palcoclaims.com
Include your name, date(s) of calls, and phone number used
Provide verification of identity (to prevent unauthorized disclosure)
We will respond within thirty (30) days
Recordings will be provided in standard audio format (MP3, WAV, or similar)

7.5.3 Fees for Access

First request per year: No charge
Subsequent requests: Reasonable copying and administrative fees may apply
Large-volume requests: Fees will be quoted in advance

7.6 Secure Disposal

7.6.1 Disposal Methods

Upon expiration of retention periods, recordings and transcripts are securely destroyed using:

Digital data sanitization per NIST SP 800-88 guidelines
Cryptographic erasure of encryption keys
Overwriting of storage media
Physical destruction of decommissioned hardware
Certificate of destruction for compliance documentation

7.6.2 Disposal Verification

Authorized personnel oversee disposal processes
Destruction is logged and documented
Annual audits verify compliance with disposal procedures

8. YOUR PRIVACY RIGHTS

You have significant rights regarding your personal information. We respect these rights and have established procedures to facilitate their exercise.

8.1 Right to Access

8.1.1 Scope of Access

You have the right to request access to personal information we have collected about you, including:

Voice recordings of your telephone calls
Transcripts of your conversations
Contact information and claim details
Communications history and notes
Policy and claim documentation
Metadata associated with your account

8.1.2 Access Procedures

To request access:

Submit written request to: claims@palcoclaims.com
Subject line: “Privacy Rights – Access Request”
Include: Full name, phone number(s) used, approximate dates of contact
Provide identity verification (to prevent unauthorized disclosure)

8.1.3 Response Timeline

We will acknowledge your request within five (5) business days
We will provide access within thirty (30) days of verified request
If additional time is needed, we will notify you and provide explanation
Complex requests may require up to sixty (60) days with notice

8.1.4 Format of Access

Information will be provided in:

Commonly used electronic format (PDF for documents, MP3/WAV for audio)
Structured data format (CSV or JSON) upon request
Hard copy upon request (postage fees may apply)

8.2 Right to Correction (Rectification)

8.2.1 Correction Scope

You have the right to request correction of inaccurate or incomplete personal information, including:

Contact information (phone, email, address)
Property details and damage descriptions
Insurance policy information
Communication preferences
Any factual information we maintain about you

8.2.2 Correction Procedures

To request correction:

Submit written request to: claims@palcoclaims.com
Specify the information you believe is inaccurate or incomplete
Provide correct or complete information
Include supporting documentation where applicable

8.2.3 Correction Response

We will investigate and respond within thirty (30) days
If we agree with your correction, we will update records promptly
If we disagree, we will explain our reasoning
You may submit a statement of disagreement for our records
We will note disputes in your file for future reference

8.2.4 Limitations

We may not be able to correct:

Information in voice recordings (original audio remains unchanged, but we can annotate)
Information required by regulatory requirements
Information subject to legal holds or litigation
Information that is materially accurate

8.3 Right to Deletion (Erasure)

8.3.1 Deletion Scope

You may request deletion of your personal information in certain circumstances:

Information no longer necessary for original purpose
You withdraw consent (where consent was the basis for processing)
You object to processing and no overriding legitimate grounds exist
Information was unlawfully processed
Deletion is required by applicable law

8.3.2 Deletion Limitations

We may decline deletion requests when retention is necessary for:

Legal Obligations: State insurance record retention requirements, tax law, litigation hold
Contractual Performance: Ongoing claims or active engagement agreements
Establishment of Legal Claims: Defense of professional liability claims, statute of limitations periods
Professional Standards: Public adjuster licensing requirements and ethical obligations
Legitimate Interests: Fraud prevention, regulatory compliance, business continuity

Specific retention requirements:

Texas: Department of Insurance requires minimum 5-year retention
Oklahoma: Insurance Department requires minimum 3-year retention
Nevada: Division of Insurance requires retention per regulatory guidance
Federal Tax Law: 7-year retention for financial records

8.3.3 Deletion Procedures

To request deletion:

Submit written request to: claims@palcoclaims.com
Subject line: “Privacy Rights – Deletion Request”
Specify information you want deleted
Explain basis for deletion request (if deletion limitations may apply)

8.3.4 Deletion Response

We will respond within thirty (30) days
If we grant your request, we will confirm deletion and notify relevant third parties
If we deny your request, we will explain the legal or legitimate basis for retention
Partial deletion may be granted where some information meets deletion criteria

8.4 Right to Data Portability

8.4.1 Portability Scope

You have the right to receive personal information you provided to us in a structured, commonly used, machine-readable format, and to transmit that information to another service provider.

Portable information includes:

Contact and biographical information
Property and loss details you provided
Communications you initiated
Documents you uploaded or submitted

Portable information does not include:

Information derived from our analysis or professional services
Information created by Palco (work product, strategies, valuations)
Information subject to attorney-client privilege
Third-party proprietary information

8.4.2 Portability Procedures

To request portable data:

Submit written request to: claims@palcoclaims.com
Specify format preference (CSV, JSON, XML, PDF)
Indicate if you want data transmitted directly to another provider

8.4.3 Portability Response

We will provide portable data within thirty (30) days
Data will be provided in requested format when technically feasible
We may require verification before transmitting to third parties

8.5 Right to Restrict Processing

8.5.1 Restriction Scope

You may request restriction of processing in specific situations:

You contest accuracy of personal information (during verification period)
Processing is unlawful but you prefer restriction over deletion
We no longer need the information but you need it for legal claims
You have objected to processing pending verification of legitimate grounds

8.5.2 Effect of Restriction

When processing is restricted:

Information will be stored but not actively used
Processing may continue only with your consent or for legal claims
We will notify you before lifting restriction

8.6 Right to Object

8.6.1 Objection Grounds

You may object to processing based on legitimate interests, including:

Processing for direct marketing purposes (absolute right to object)
Processing based on our legitimate interests (unless we demonstrate compelling legitimate grounds)
Processing for research or statistical purposes

8.6.2 Objection Procedures

To object to processing:

Submit written objection to: claims@palcoclaims.com
Specify the processing you object to
Explain your particular situation (if objecting to legitimate interest processing)

8.6.3 Objection Response

We will cease processing for marketing upon receiving your objection
For other objections, we will assess whether compelling legitimate grounds exist
We will respond within thirty (30) days with our determination

8.7 Right to Withdraw Consent

8.7.1 Withdrawal Scope

Where processing is based on your consent, you may withdraw consent at any time. This includes:

Consent to marketing communications
Consent to Voice AI Agent interaction (request human-only communication)
Consent to optional data collection
Consent to third-party sharing beyond contractual necessity

8.7.2 Withdrawal Effect

Withdrawal does not affect lawfulness of processing before withdrawal
We may continue processing if we have another legal basis
We will inform you of any consequences of withdrawal

8.7.3 Withdrawal Methods

You may withdraw consent by:

Emailing claims@palcoclaims.com
Calling (512) 553-6432 and requesting human assistance
Following unsubscribe links in marketing emails
Submitting written notice to our principal office

8.8 Right to Lodge Complaint

8.8.1 Internal Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

Palco Public Adjusting Loss Consulting
Attention: Privacy Officer
Email: claims@palcoclaims.com
Phone: (512) 553-6432

We will:

Acknowledge complaints within five (5) business days
Investigate thoroughly and impartially
Respond substantively within thirty (30) days
Take corrective action if violations are found

8.8.2 Regulatory Complaints

You may also file complaints with:

Texas Residents:
Texas Department of Insurance
Consumer Protection (111)
P.O. Box 149091
Austin, TX 78714-9091
Phone: 1-800-252-3439
Website: www.tdi.texas.gov

Oklahoma Residents:
Oklahoma Insurance Department
Consumer Assistance Division
P.O. Box 53408
Oklahoma City, OK 73152-3408
Phone: 1-800-522-0071
Website: www.oid.ok.gov

Nevada Residents:
Nevada Division of Insurance
Consumer Services Section
1818 East College Parkway, Suite 103
Carson City, NV 89706
Phone: 1-888-872-3234
Website: doi.nv.gov

All U.S. Residents:
Federal Trade Commission
Consumer Response Center
600 Pennsylvania Avenue NW
Washington, DC 20580
Phone: 1-877-FTC-HELP (1-877-382-4357)
Website: www.ftc.gov/complaint

8.8.3 No Retaliation

We will not retaliate against you for:

Exercising your privacy rights
Filing complaints internally or with regulatory authorities
Participating in privacy investigations
Refusing to provide non-essential information

Your relationship with Palco will not be affected by exercising your rights. We are committed to good faith resolution of all privacy concerns.

8.9 Authorized Agents

You may designate an authorized agent to exercise privacy rights on your behalf. Requirements:

Written authorization signed by you
Proof of agent’s identity
Verification of your identity
We may contact you directly to confirm authorization

9. STATE-SPECIFIC PRIVACY RIGHTS

Residents of certain states have additional privacy rights under state law.

9.1 California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

9.1.1 CCPA Rights

Right to Know: Categories and specific pieces of personal information collected
Right to Delete: Deletion of personal information (subject to exceptions)
Right to Opt-Out of Sale: We do not sell personal information
Right to Opt-Out of Sharing: We do not share for cross-context behavioral advertising
Right to Limit Sensitive Personal Information: We do not use sensitive information beyond necessary services
Right to Non-Discrimination: Equal service regardless of privacy rights exercise

9.1.2 California-Specific Definitions

Personal Information Categories We Collect:

A: Identifiers (name, email, phone, address)
B: Commercial information (claim details, services requested)
C: Internet activity (if applicable)
D: Geolocation data (general, not precise)
F: Audio recordings and transcripts
G: Professional information (business claims)
K: Inferences (claim complexity, urgency assessment)

Sensitive Personal Information:

Account login credentials (if you create an account)
Precise geolocation (we do not collect)
Contents of communications (voice recordings)
We do not use sensitive personal information beyond providing requested services

9.1.3 California Request Methods

Email: claims@palcoclaims.com (Subject: “California Privacy Rights”)
Toll-Free: (512) 553-6432
Online Form: www.palcoclaims.com/privacy-request (if available)

9.1.4 California Response Timeline

Acknowledgment within 10 days
Response within 45 days (may extend 45 additional days with notice)

9.1.5 California Retention and Disclosure

We retain personal information as described in Section 7.3
We disclose personal information to categories described in Section 6
We have disclosed information for business purposes in the past 12 months

9.2 Virginia Residents (VCDPA)

Virginia residents have rights under the Virginia Consumer Data Protection Act:

9.2.1 VCDPA Rights

Right to access personal data
Right to correct inaccuracies
Right to delete personal data
Right to obtain copy of personal data
Right to opt-out of targeted advertising (we do not engage in this)
Right to opt-out of sale (we do not sell)
Right to opt-out of profiling (limited profiling for business purposes only)

9.2.2 Virginia Request Methods

Submit requests to: claims@palcoclaims.com (Subject: “Virginia Privacy Rights”)

9.2.3 Virginia Appeal Process

If we deny your request:

You may appeal within a reasonable time
Submit appeal to: claims@palcoclaims.com (Subject: “Privacy Appeal”)
We will respond within 60 days
If denied, you may contact Virginia Attorney General

9.3 Colorado Residents (CPA)

Colorado residents have rights under the Colorado Privacy Act:

9.3.1 CPA Rights

Right to access personal data
Right to correct inaccuracies
Right to delete personal data
Right to data portability
Right to opt-out of targeted advertising (we do not engage in this)
Right to opt-out of sale (we do not sell)
Right to opt-out of profiling for certain decisions

9.3.2 Colorado Request Methods

Submit requests to: claims@palcoclaims.com (Subject: “Colorado Privacy Rights”)

9.4 Connecticut Residents (CTDPA)

Connecticut residents have rights under the Connecticut Data Privacy Act similar to Virginia and Colorado residents.

9.5 Utah Residents (UCPA)

Utah residents have rights under the Utah Consumer Privacy Act:

9.5.1 UCPA Rights

Right to access personal data
Right to delete personal data
Right to data portability
Right to opt-out of sale (we do not sell)
Right to opt-out of targeted advertising (we do not engage in this)

9.6 Texas Residents (State-Specific Laws)

Texas residents are protected by:

9.6.1 Texas Insurance Code

Public adjusters must maintain records per Department of Insurance regulations
Clients have rights to access claim files and documentation
Complaints may be filed with Texas Department of Insurance

9.6.2 Texas Identity Theft Enforcement and Protection Act

Enhanced security obligations for sensitive personal information
Breach notification requirements
Right to security freeze on credit reports

9.7 Oklahoma Residents (State-Specific Laws)

Oklahoma residents are protected by:

Oklahoma Insurance Department regulations governing public adjusters
State breach notification laws
Consumer protection statutes

9.8 Nevada Residents (State-Specific Laws)

Nevada residents have rights under:

9.8.1 Nevada Privacy Law (SB 220)

Right to opt-out of sale of covered information
Notice: We do not sell covered information as defined by Nevada law
If you wish to submit opt-out request: claims@palcoclaims.com (Subject: “Nevada Opt-Out”)

9.8.2 Nevada Insurance Regulations

Division of Insurance regulations governing public adjusters
Record retention and access requirements

9.9 Other States

Residents of all states have rights under:

State insurance regulations governing public adjuster conduct
State breach notification laws
State consumer protection statutes
Federal laws including Gramm-Leach-Bliley Act (GLBA) where applicable

10. CHILDREN’S PRIVACY

10.1 Age Restrictions

Our services are not directed to individuals under the age of 18. We do not knowingly collect personal information from minors.

10.2 Parental Consent

If a minor’s information is collected incidentally (e.g., as part of a household insurance claim):

We require parental or guardian consent
We limit collection to necessary information only
We provide parents with access and deletion rights

10.3 Discovery of Minor Information

If we discover we have collected information from a minor without appropriate consent:

We will delete the information promptly
We will notify parents/guardians if contact information is available
We will not use the information for any purpose

11. MARKETING AND COMMUNICATIONS

11.1 Marketing Communications

We may use your contact information to send:

11.1.1 Service-Related Communications (No Opt-Out)

Responses to your inquiries
Information about your active claim
Service updates and important notices
Invoices and payment information
Legal notices required by law or regulation

11.1.2 Marketing Communications (Opt-Out Available)

Newsletters and educational content
Information about our services
Case studies and success stories
Industry news and insights
Promotional offers (rarely)

11.2 Opt-Out Methods

You may opt-out of marketing communications by:

Clicking “unsubscribe” links in emails
Emailing claims@palcoclaims.com with “Unsubscribe” in subject line
Calling (512) 553-6432 to request removal
Replying “STOP” to text messages (if applicable)

Opt-Out Effect:

We will process opt-outs within 10 business days
You will continue to receive service-related communications
Opt-out applies to future communications only

11.3 Referral Communications

If someone referred you to us:

We may notify the referral source that you contacted us
We will not share specific claim details without your consent
You may request that we not communicate with referral source

11.4 Testimonials and Case Studies

We may request permission to use your experience as:

Testimonial on our website or marketing materials
Anonymized case study
Reference for prospective clients

Your Rights:

All such uses require your explicit written consent
You may revoke consent at any time
We will anonymize or remove information upon request
You may review and approve content before publication

12. COOKIES AND TRACKING TECHNOLOGIES

12.1 Website Tracking

While this Policy primarily addresses Voice AI Agent communications, if you visit our website before or after calling:

12.1.1 Types of Tracking Technologies

Cookies: Small text files stored on your device
Web Beacons: Invisible pixels that track page views
Analytics Tools: Google Analytics or similar services
Session Storage: Temporary data for website functionality

12.1.2 Purposes

Website functionality and user experience
Analytics and performance monitoring
Marketing effectiveness measurement
Fraud prevention and security

12.1.3 Your Choices

Browser settings to block or delete cookies
Opt-out of Google Analytics: tools.google.com/dlpage/gaoptout
Do Not Track signals (we honor browser DNT settings)

12.2 Cross-Device Tracking

We do not engage in cross-device tracking. Voice AI Agent data is not linked to website browsing behavior unless you provide matching contact information through both channels.

13. CHANGES TO THIS POLICY

13.1 Right to Modify

We reserve the right to modify, amend, or update this Policy at any time to reflect:

Changes in applicable laws or regulations
Updates to our business practices
New technologies or services
Security enhancements
Industry best practice evolution
Organizational changes

13.2 Material Changes

For material changes that significantly affect how we collect, use, or share information:

13.2.1 Notice Methods

Prominent notice on our website for minimum 30 days
Email notification to current and recent clients
Updated “Last Updated” date at top of Policy
Notification during Voice AI Agent interactions (for significant changes)

13.2.2 Consent for Material Changes

Continued use of services after notice period constitutes acceptance
For certain changes, we may request explicit consent
You may object to changes and request service termination

13.3 Non-Material Changes

Minor updates (e.g., contact information changes, clarifications) will be reflected immediately with updated “Last Updated” date.

13.4 Policy Version History

We maintain version history of this Policy. Previous versions are available upon request to claims@palcoclaims.com.

13.5 Annual Review

We conduct annual reviews of this Policy to ensure:

Compliance with current laws
Accuracy of practices described
Effectiveness of privacy protections
Alignment with business operations

14. INTERNATIONAL CONSIDERATIONS

14.1 United States Operations

Palco Public Adjusting Loss Consulting operates exclusively within the United States. We are licensed in Texas, Oklahoma, and Nevada and primarily serve clients in these jurisdictions.

14.2 International Callers

If you contact us from outside the United States:

Your information will be transferred to and processed in the United States
U.S. privacy laws will govern (which may differ from your home country)
You consent to such transfer by using our services
We do not actively solicit clients outside the United States

14.3 GDPR (European Union)

While we do not target European Union residents, if EU personal data is processed:

We act as data controller for our own business purposes
GDPR rights may apply in addition to U.S. law
Legal basis for processing: legitimate interests, contract performance, legal obligations
EU residents may contact our Privacy Officer for GDPR-specific inquiries

14.4 Cross-Border Data Transfers

To the extent data is transferred internationally for technology infrastructure:

Appropriate safeguards are implemented (Standard Contractual Clauses)
Receiving parties maintain adequate data protection standards
Transfers are limited to necessary operations

15. SPECIAL CONSIDERATIONS

15.1 Attorney-Client Privilege

In certain circumstances, communications with Palco may be protected by attorney-client privilege:

15.1.1 When Privilege May Apply

When we are engaged as expert witnesses in litigation
When our work product is prepared in anticipation of litigation
When we coordinate with your attorney under joint defense or common interest agreements
As may be recognized under applicable state law

15.1.2 Privilege Protection

When privilege applies:

Communications are subject to heightened confidentiality
Disclosure to third parties may waive privilege
We will clearly identify privileged communications
Subpoenas for privileged information will be challenged

15.1.3 Limitations

Privilege determinations are complex and fact-specific
Not all communications with Palco are privileged
Crime-fraud exception may apply
Consult legal counsel for privilege advice

15.2 Conflicts of Interest

We maintain systems to identify and prevent conflicts of interest:

15.2.1 Conflict Screening

Voice AI Agent collects information for conflict checks
We screen against current and former clients
We screen against adverse parties and related entities
Potential conflicts are escalated to management

15.2.2 Information Barriers

When conflicts exist:

Information is not shared between conflicted matters
Separate staff may be assigned
In some cases, we may decline representation

15.3 Fraud Prevention

We use collected information to detect and prevent fraud:

15.3.1 Red Flags

We monitor for indicators of:

Insurance fraud or misrepresentation
Identity theft or impersonation
Conflicts of interest not disclosed
Prohibited contingent fee arrangements (where applicable)

15.3.2 Reporting Obligations

We may report suspected fraud to:

Insurance carriers (where legally required)
Regulatory authorities (per state law requirements)
Law enforcement (when appropriate)

15.4 Emergency Situations

In urgent situations involving property damage or safety concerns:

We may expedite processing of your information
We may share information with emergency services
We may contact you outside normal business hours
Enhanced confidentiality may apply to sensitive emergency situations

16. THIRD-PARTY SERVICES AND LINKS

16.1 Third-Party Websites

Our communications or website may reference third-party services:

Insurance carrier websites
Regulatory authority websites
Educational resources
Vendor or partner websites

Notice: We are not responsible for third-party privacy practices. Review their privacy policies independently.

16.2 Social Media

If we maintain social media presence (LinkedIn, Facebook, etc.):

Social media platforms have separate privacy policies
We do not collect personal information through social media
Public comments on our posts are not confidential
Do not share sensitive claim information via social media

16.3 Integration Services

We may integrate with:

Calendar systems (for appointment scheduling)
Email platforms (for communication)
Document signing services (for agreements)
Payment processors (for fee collection)

All integrated services maintain appropriate security and privacy standards and are contractually obligated to protect your information.

17. DATA BREACH NOTIFICATION

17.1 Security Incident Definition

A “security incident” or “data breach” occurs when there is unauthorized acquisition, access, use, or disclosure of personal information that compromises the security, confidentiality, or integrity of such information.

17.2 Discovery and Investigation

Upon discovering a potential security incident:

17.2.1 Immediate Actions (Within 24 Hours)

Incident response team activated
Affected systems isolated or secured
Scope of incident assessed
Forensic investigation initiated
Unauthorized access terminated

17.2.2 Investigation (Days 1-5)

Determine types of information accessed
Identify affected individuals
Assess risk of harm
Determine root cause
Implement corrective measures

17.3 Notification Timing

17.3.1 Individual Notification

Texas Law: Without unreasonable delay, generally within 60 days
Oklahoma Law: Without unreasonable delay, generally within 45 days
Nevada Law: Without unreasonable delay, generally within 30 days
Palco Standard: We notify within 30 days of discovery (or sooner if required by applicable state law)

17.3.2 Regulatory Notification

Texas Department of Insurance: As required by regulation
Oklahoma Insurance Department: As required by regulation
Nevada Division of Insurance: As required by regulation
Attorney General: If state law requires (typically for large breaches)

17.3.3 Credit Reporting Agencies

For breaches affecting 1,000+ individuals, we notify major credit bureaus.

17.4 Notification Methods

17.4.1 Primary Methods

Email: To last known email address
Written Notice: Certified mail to last known address
Telephone: Direct calls for urgent situations

17.4.2 Substitute Notice (If Primary Infeasible)

Conspicuous posting on website for 90 days
Notice to major media outlets
Email notice if email addresses available

17.5 Notification Content

Breach notifications will include:

17.5.1 Incident Description

Date(s) of breach
Date of discovery
Types of information involved
Number of individuals affected (if known)

17.5.2 Response Actions

Steps taken to secure systems
Law enforcement notification status
Investigation status

17.5.3 Individual Actions

Steps you can take to protect yourself
Contact information for questions
Resources for identity theft protection
Credit monitoring services (if offered)

17.5.4 Contact Information

Palco contact person
Toll-free telephone number
Email address for questions
Regulatory contact information (if applicable)

17.6 Breach Assistance

For significant breaches, we may offer:

Free credit monitoring services (12-24 months)
Identity theft protection services
Identity restoration services
Fraud resolution assistance
Dedicated call center for affected individuals

17.7 No Unlawful Delay

We will not unreasonably delay notification to:

Conduct investigation (investigation proceeds in parallel)
Determine scope (notification proceeds as scope is determined)
Restore systems (notification occurs while restoration in progress)

Delay only occurs when:

Law enforcement requests delay for criminal investigation
Delay is necessary to prevent additional harm
Delay is required by applicable law or regulation

18. ACCOUNTABILITY AND GOVERNANCE

18.1 Privacy Officer

We have designated a Privacy Officer responsible for:

Overseeing privacy compliance program
Responding to privacy rights requests
Managing data breach response
Conducting privacy training
Monitoring regulatory changes
Privacy policy updates

Contact Privacy Officer:
Email: claims@palcoclaims.com
Subject Line: “Attention: Privacy Officer”

18.2 Privacy Compliance Program

Our privacy program includes:

18.2.1 Policies and Procedures

Comprehensive written privacy policies
Data classification and handling procedures
Access control policies
Incident response plans
Vendor management procedures
Training and awareness programs

18.2.2 Risk Assessment

Annual privacy risk assessments
Regular compliance audits
Vendor security assessments
Emerging threat analysis

18.2.3 Training

Initial privacy training for all personnel
Annual refresher training
Role-specific training for high-risk positions
Incident response drills
Voice AI Agent-specific training

18.2.4 Monitoring and Auditing

Regular access reviews
Audit log analysis
Compliance testing
Privacy control effectiveness assessment

18.3 Vendor Management

We maintain a vendor management program for all third parties processing personal information:

18.3.1 Vendor Due Diligence

Security and privacy assessments before engagement
Review of vendor policies and procedures
SOC 2 or similar certification verification
Financial stability assessment
Regulatory compliance verification

18.3.2 Contractual Requirements

Data processing agreements with all vendors
Security requirements and standards
Breach notification obligations
Audit rights and cooperation requirements
Data return or destruction upon termination

18.3.3 Ongoing Monitoring

Annual vendor reassessment
Security incident tracking
Performance monitoring
Compliance verification

18.4 Record Keeping

We maintain comprehensive records of:

Privacy rights requests and responses
Security incidents and breach notifications
Policy updates and version history
Training completion records
Audit findings and corrective actions
Vendor assessments and contracts

Records are retained per legal requirements and best practices.

18.5 Continuous Improvement

Our privacy program includes:

Regular policy and procedure updates
Incorporation of lessons learned from incidents
Adoption of evolving best practices
Technology upgrades and enhancements
Staff feedback and suggestions
Industry benchmark comparisons

19. CONTACT INFORMATION

19.1 Privacy Questions and Concerns

For questions about this Policy, our privacy practices, or the Voice AI Agent:

Palco Public Adjusting Loss Consulting
Attention: Privacy Officer
Email: claims@palcoclaims.com
Phone: (512) 553-6432
Website: www.palcoclaims.com

19.2 Business Hours

Monday – Friday: 8:00 AM – 6:00 PM Central Time
Saturday: 9:00 AM – 2:00 PM Central Time
Sunday: Emergency calls only (transferred to on-call adjuster)
After-Hours: Voice AI Agent available 24/7

19.3 Privacy Rights Requests

Submit privacy rights requests to:

Email: claims@palcoclaims.com (Subject: “Privacy Rights Request”)
Mail: Palco Public Adjusting Loss Consulting, Attn: Privacy Officer, [Mailing Address]

19.4 Technology Provider

Our Voice AI Agent technology provider:

The AI Agency USA, Inc.
7848 W Sahara AVE #504
Las Vegas, NV 89117
Email: info@theaiagencyusa.com

ACKNOWLEDGMENT AND CONSENT

By calling Palco Public Adjusting Loss Consulting and interacting with our Voice AI Agent, you acknowledge that:

You have been provided notice that calls are recorded
You understand the information that will be collected and how it will be used
You consent to the collection, use, disclosure, and retention of your information as described in this Policy
You have had an opportunity to review this Policy and ask questions
You understand your privacy rights and how to exercise them
You understand that you may request to speak with a human representative at any time

Effective Date: This Privacy Policy is effective as of November 20, 2025, and supersedes all previous versions.

PALCO PUBLIC ADJUSTING LOSS CONSULTING
Serving Texas, Oklahoma, and Nevada

This Privacy Policy should be read in conjunction with our Client Services Agreement and any other applicable agreements between you and Palco.