Privacy Policy
Last updated: April 13, 2026 — Version 2.0
1. Data Controller
GeraSure is operated by Gera Systems (registered in England and Wales), a microinsurance platform. We are the data controller under the UK GDPR and Data Protection Act 2018.
- Website: gerasure.com
- Data Protection: privacy@gera.services
Insurance Notice: GeraSure facilitates access to insurance products from regulated insurers. We are an insurance intermediary. Insurance contracts are between you and the regulated insurer — not Gera Systems. Insurance data is processed subject to applicable insurance regulation in addition to UK GDPR.
2. What Personal Data We Collect
2.1 Identity and Contact Data
Full name, date of birth, email address, phone number, residential address.
2.2 Insurance Application Data
Information required to assess and provide insurance quotes, which may include: occupation, income level (where relevant), health status (for health or life products — see below), property details (for home insurance), vehicle details (for vehicle insurance), and claims history.
2.3 Health Data (Special Category — where applicable)
Where you apply for health, life, or travel insurance products, we may collect health information. This is special category data processed only with your explicit consent (UK GDPR Art. 9(2)(a)) and shared only with the insurer underwriting the policy.
2.4 Financial Data
Premium payment history, payment type and last four digits, claims paid.
2.5 Claims Data
Details of claims submitted, supporting documentation, and claims outcomes.
2.6 Usage and Technical Data
IP address, browser type, device identifiers, session data.
3. Legal Bases for Processing
| Purpose | Legal Basis |
|---|---|
| Account creation and policy management | Contract (Art. 6(1)(b)) |
| Obtaining insurance quotes and underwriting | Contract (Art. 6(1)(b)) |
| Processing health data for applicable products | Explicit Consent (Art. 9(2)(a)) |
| Claims handling | Contract (Art. 6(1)(b)) |
| Fraud prevention and claims validation | Legitimate Interests + Legal Obligation (Art. 6(1)(c)(f)) |
| Regulatory compliance (FCA rules) | Legal Obligation (Art. 6(1)(c)) |
| Marketing communications | Consent (Art. 6(1)(a)) |
4. Data Retention
- Policy data: duration of policy + 6 years (insurance limitation period)
- Claims data: 6 years from claim resolution
- Health data: duration of policy + 6 years
- Financial records: 6 years (HMRC)
- Analytics: 13 months rolling
5. Who We Share Your Data With
We do not sell your data. We share only as necessary:
- Insurance underwriters — application and health data required for underwriting (with your explicit consent for health data)
- Claims assessors — claims documentation
- Insurance fraud databases (e.g., CIFAS, IFB) — to detect and prevent fraud
- FCA and regulatory bodies — as required
- Stripe — premium payments
- Railway, Neon, Vercel — infrastructure
- PostHog (EU, anonymised); Sentry (EU, errors)
6. Your Rights
Access, rectify, erase, restrict, port, or object to your data. Health and insurance data may be subject to retention requirements. Email privacy@gera.services. Complaints to the ICO.
7. Security
TLS 1.2+ in transit, AES-256 at rest, MFA on admin. Health and financial data in access-controlled environments with audit logging.
8. Cookies
Essential, functional, and (with consent) analytics cookies. See our Cookie Policy.
9. Contact
- Data Protection: privacy@gera.services
- Support: support@gerasure.com