← Back to Cairie
Privacy Policy
Last updated: June 5, 2026
Who we are
Cairie is a Chrome extension built for licensed Medicare insurance agents, operated by Cairie Agentics, LLC ("we," "us"). This policy explains what data Cairie collects, where it goes, and what we never do with it.
What Cairie collects
During a live call, Cairie reads three classes of data:
- Live transcript and Medicare-related fields from the agent's call platform (EnrollHere) and authorized portal scrapes (CMS MARx, Sunfire Matrix, ThinkAgent, Heartland). This may include client name, date of birth, Medicare Beneficiary Identifier (MBI), pharmacy, providers, drug list, current plan, LIS subsidy level, Medicaid status, and election history.
- Agent settings — Hathr.ai credentials, agent name/NPN, feature toggles, call-script content.
- Subscription information — agent email and payment data, handled by ExtensionPay (Stripe). We never see your card number.
Where the data goes
- Hathr.ai (Claude on AWS GovCloud), operating under a HIPAA Business Associate Agreement with the agent. AI processing of transcripts and Medicare context happens here.
- The agent's authorized carrier and CMS portals — Sunfire, EnrollHere, MARx, ThinkAgent, Heartland — when the agent triggers an auto-fill or auto-scrape.
- Encrypted local storage on the agent's machine — AES-GCM-encrypted Dexie database with a non-extractable browser-scoped master key. Audit log retained per HIPAA §164.312(b), PHI-redacted by construction.
- ExtensionPay / Stripe for subscription billing only.
What Cairie never does
- No screenshots, no vision data, no image content in any prompt or log.
- No raw client PHI to any AI service outside Hathr.ai's HIPAA-covered pipeline.
- No auto-submission of enrollments — high-risk actions (Submit, Enroll, Sign, Pay, Confirm) always pause for the agent's approval.
- No data sold or shared with third parties for advertising, marketing, or any purpose unrelated to assisting the agent on Medicare enrollment workflows.
- No access to carrier portals outside the small allowlist of agent-authorized tools. The Cairie navigator agent is hard-blocked from unauthorized domains.
Retention
- In-flight session data: held in memory only during a call; purged after 12 hours.
- Encrypted local storage: persists until the agent purges via the extension's Options page.
- Audit log: retained permanently per HIPAA §164.312(b), with all PHI redacted at write time.
Your rights
You can export your encrypted data, review the audit log, or delete everything from the extension's Options page. Subscription cancellation is self-serve via the ExtensionPay management portal.
Contact
Privacy questions: support@letcairie.com
Agency / multi-seat: agency-sales@letcairie.com