Effective Date: June 26, 2026
Last Updated: June 29, 2026
Krishcon Guide Agentic Solutions Inc. (“KGA”, “we”, “our”, or “us”) is a Canadian InsurTech company headquartered in the Greater Toronto Area (GTA), Ontario. We build and operate KGA ARIA — an enterprise-grade Agentic AI platform for insurance operations, listed on Microsoft Azure Marketplace. This Privacy Policy governs the collection, use, and storage of personal and business data across our KGA ARIA application and our marketing website at krishconconsulting.com, in full compliance with Microsoft Marketplace general listing and offer policies (Sections 100.5 and 100.6) and the Personal Information Protection and Electronic Documents Act (PIPEDA).
1. About KGA ARIA and What We Build
KGA ARIA is an AI Intelligence Layer for Insurance Operations. It embeds 41+ specialized AI agents into three core insurance workflows:
- ARIA Claims — AI-powered claims adjudication covering FNOL intake, coverage verification, fraud signal detection, risk scoring, severity assessment, and regulatory correspondence generation.
- ARIA Policy — AI-powered underwriting support covering risk assessment, renewal decision support, submission analysis, and policy structured analysis.
- ARIA Billing — AI-powered billing and collections covering collections risk scoring, payment strategy, dunning and retention automation, and commission management.
KGA ARIA operates as a non-invasive intelligence layer — it reads events from existing insurance core systems (Guidewire, Duck Creek, or legacy platforms), processes them through specialized AI agents powered by Anthropic Claude, and returns enriched structured decisions. It does not write to or replace any core system of record. The platform is deployed on Microsoft Azure (Central US region) and is offered via the Azure Marketplace.
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- Enterprise customers and their authorized users accessing KGA ARIA through Microsoft Azure Marketplace or direct deployment
- Insurance professionals (claims adjusters, underwriters, billing teams) using the KGA ARIA application
- Visitors to our marketing website at krishconconsulting.com
- Any individuals who contact us for support, demos, pilot engagements, or partnership inquiries
3. Information We Collect
3.1 Account and Identity Information
When enterprise customers provision KGA ARIA through Azure Marketplace or directly, we collect:
- Organization name, administrator name, and business email address
- Azure Active Directory (Azure AD) credentials used for enterprise Single Sign-On (SSO) authentication
- JWT (JSON Web Token) identity tokens for session management and role-based access control
- User role assignments (Admin, Adjuster, Underwriter, Billing user)
- Billing and subscription information processed through Microsoft Azure Marketplace
3.2 Insurance Workflow Data Processed by KGA ARIA
KGA ARIA processes insurance business data submitted by enterprise customers through webhook events and API calls. This data may include:
- Claims data: First Notice of Loss (FNOL) submissions, claim identifiers, policy numbers, coverage details, incident descriptions, fraud signals, severity assessments, and settlement decisions
- Underwriting data: Policy renewal submissions, risk profiles, insured property or entity details, premium calculations, endorsement and cancellation requests
- Billing data: Account balances, payment history, delinquency indicators, dunning status, commission records, and collection activity
- AI-generated outputs: Risk scores, fraud probability scores, structured decisions, regulatory correspondence (denial letters, closure letters, partial approval letters), and reasoning trails
This insurance workflow data belongs to the enterprise customer and is processed solely to deliver the contracted KGA ARIA service. KGA does not use this data to train models, sell insights, or share information with any third party outside of the contracted service delivery.
3.3 Application Usage and Technical Data
When users access the KGA ARIA application, we automatically collect:
- Authentication and access event logs (login timestamps, session IDs, API calls made)
- Agent execution logs — which AI agents were invoked, processing duration, and structured output metadata
- Multi-tenant isolation records — every action is scoped to the customer’s tenant context
- Performance and error diagnostic data (API response times, error codes, health monitoring metrics)
- IP address, device type, browser type, and operating system
3.4 Audit and Decision Trail Data
KGA ARIA’s Audit and Decision Logger agent captures every AI decision with user context, tenant scope, and timestamp. This produces explainable, auditable records for every agent output — satisfying insurance regulatory requirements for documented AI decision-making. This audit data is retained as part of the contracted service and is accessible to the enterprise customer’s authorized administrators.
3.5 Website and Contact Data
When you visit krishconconsulting.com or contact us, we may collect your name, business email, company name, job title, and the content of your inquiry. We also collect standard web analytics data (pages visited, time on site, referring URLs, IP address) through tools such as Google Analytics.
4. How We Use Your Information
We use collected data for the following purposes:
- To provision, operate, and maintain the KGA ARIA platform and its 41+ AI agents
- To authenticate users via Azure AD SSO and JWT-based session management
- To process insurance workflow events through AI agent pipelines and return structured decisions
- To enforce multi-tenant data isolation — ensuring each customer organization’s data is completely separated
- To maintain the audit and decision trail required for insurance regulatory compliance
- To process and fulfill subscription and licensing transactions through Microsoft Azure Marketplace
- To provide customer support, respond to inquiries, and conduct pilot engagements
- To monitor platform performance, diagnose errors, and improve system reliability
- To send service-related notifications, updates, and communications
- To comply with applicable laws, insurance regulations, and Microsoft Marketplace requirements
We do not sell, rent, or trade personal information or insurance workflow data to any third party for marketing or commercial purposes.
5. How We Store Your Information
All KGA ARIA application data is stored on Microsoft Azure infrastructure (Central US region). Our storage practices include:
- Data residency: All application data, agent outputs, and audit logs are stored within Microsoft Azure data centers. Data does not leave the Azure environment except as needed to interface with Anthropic’s Claude API for AI processing (covered under Anthropic’s enterprise data protection terms).
- Encryption: All data is encrypted at rest (AES-256) and in transit (TLS 1.2+).
- Multi-tenant isolation: The Multi-Tenant Context Agent scopes every AI output, cache entry, and user decision to the correct tenant — complete data isolation across organizations is enforced at the platform level.
- Access controls: Role-based access control (Admin / Adjuster / Underwriter / Billing user roles) restricts data access to authorized personnel within each tenant organization.
- Prompt caching: The Prompt Cache and Memory Agent manages ephemeral prompt caching via Anthropic’s API to reduce latency and cost. Cached prompts are tenant-scoped and not shared across organizations.
- Backups: Regular encrypted backups are maintained to ensure data availability and integrity.
- Retention: Insurance workflow data and audit logs are retained for the duration of the subscription agreement, plus any period required by applicable insurance regulations. Upon contract termination or verified request, data is securely deleted or anonymized within 90 days.
6. How We Share Your Information
We do not share personal information or insurance workflow data except in the following circumstances:
- Anthropic (Claude AI): Insurance workflow events are sent to Anthropic’s Claude Sonnet API for AI agent processing. Anthropic processes this data under its enterprise API terms and does not use customer data to train models. KGA ARIA’s architecture supports Azure OpenAI as an alternate provider where required.
- Microsoft Azure: As our cloud infrastructure and Marketplace provider, Microsoft hosts platform data and processes subscription transactions in accordance with the Microsoft Privacy Statement and Azure Data Processing terms.
- Guidewire / Duck Creek: KGA ARIA reads webhook events from these core platforms and returns enriched intelligence to them. No personal data is written to or stored within Guidewire or Duck Creek by KGA ARIA.
- Service providers: Trusted third-party service providers (e.g., email platforms, CRM tools) may receive limited contact information and are contractually obligated to protect it.
- Legal requirements: We may disclose information if required by law, court order, insurance regulatory authority, or governmental body.
- Business transfers: In the event of a merger, acquisition, or asset sale, information may be transferred as part of that transaction.
7. AI Processing and Data Handling
KGA ARIA uses Anthropic Claude as its primary AI engine. When insurance workflow data is sent to the Claude API for agent processing:
- Data is transmitted via encrypted HTTPS connections
- Anthropic’s enterprise API terms prohibit use of submitted data for model training
- The Multi-Provider LLM Router allows enterprise customers to configure Azure OpenAI or OpenAI as alternate providers if required by their data governance policies
- All AI-generated decisions (risk scores, fraud flags, underwriting recommendations, billing strategies) are logged by the Audit and Decision Logger with full explainability — no black-box decisions
- Prompt caching is managed ephemerally and is tenant-scoped
8. Legal Basis for Processing (Canada – PIPEDA)
Krishcon Guide Agentic Solutions Inc. processes personal information under the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable provincial privacy legislation, on the following bases:
- Consent: For website visitors and individuals who contact us voluntarily.
- Contractual necessity: For enterprise customers — processing is necessary to deliver the KGA ARIA service under the subscription agreement.
- Legitimate business purposes: For operational data necessary to run the platform securely and reliably.
- Legal obligation: Where retention or processing is required by insurance regulations or applicable law.
9. Data Security
We implement enterprise-grade security measures appropriate to the sensitivity of insurance operations data, including:
- Azure AD and JWT-based enterprise authentication with bcrypt password hashing
- Multi-tenant isolation enforced at the platform level for all data and AI outputs
- TLS 1.2+ encryption in transit; AES-256 encryption at rest
- Role-based access controls (Admin, Adjuster, Underwriter, Billing user)
- Comprehensive audit logging of every AI decision and user action
- Health monitoring endpoints and hot reload capabilities for rapid incident response
- Regular security reviews and vulnerability assessments
While we implement appropriate security measures, no system is completely immune to risk. We will notify affected customers promptly in the event of a confirmed data security incident.
10. Your Privacy Rights
Enterprise customers and individual users may have the following rights regarding their personal information:
- Right to Access: Request a copy of personal information we hold about you or your organization.
- Right to Correction: Request correction of inaccurate or incomplete information.
- Right to Withdrawal of Consent: Withdraw consent to processing at any time (subject to contractual obligations).
- Right to Erasure: Request deletion of personal information, subject to legal and regulatory retention obligations.
- Right to Data Portability: Request a copy of your data in a structured, machine-readable format.
- Right to Complaint: Lodge a complaint with the Office of the Privacy Commissioner of Canada (OPC) or a relevant provincial privacy authority.
Enterprise customers may also exercise rights over their organization’s insurance workflow data directly through their KGA ARIA administrator account or by contacting us at the details in Section 13.
11. Cookies and Authentication Tokens
Our marketing website (krishconconsulting.com) may use cookies and web analytics tools (e.g., Google Analytics) to understand visitor behavior. You can manage cookie preferences through your browser settings.
The KGA ARIA application uses JWT tokens and Azure AD session tokens for secure authentication. These are technical necessities for secure multi-tenant operation and are not used for advertising or tracking purposes.
12. Children’s Privacy
KGA ARIA is an enterprise software platform designed exclusively for insurance industry professionals and organizations. We do not knowingly collect personal information from individuals under the age of 18. If we become aware that such information has been inadvertently collected, we will promptly delete it.
13. Contact Us
For questions, concerns, access requests, or privacy complaints related to this Privacy Policy or our handling of personal information, please contact us:
Krishcon Guide Agentic Solutions Inc.
Greater Toronto Area (GTA), Ontario, Canada
Website: krishconconsulting.com
Email: privacy@krishconconsulting.com
General inquiries: info@krishcons.com
14. Changes to This Policy
We may update this Privacy Policy to reflect changes in our platform capabilities, applicable law, insurance regulatory requirements, or Microsoft Marketplace policies. Updates will be posted on this page with a revised “Last Updated” date. Enterprise customers will be notified of material changes through their registered account email. Continued use of KGA ARIA after the updated policy is posted constitutes acceptance of the changes.
© 2025–2026 Krishcon Guide Agentic Solutions Inc. All rights reserved. · Greater Toronto Area (GTA), Ontario, Canada
