← Back to Cairie.

Privacy policy.

Last updated June 8, 2026

01

Who we are

Cairie is a Chrome extension built for licensed Medicare insurance agents, operated by Cairie Agentics, LLC ("we," "us"). This policy explains what data Cairie collects, where it goes, and what we never do with it.

02

What Cairie collects

During a live call, Cairie reads three classes of data:

  • Live call audio transcribed on the agent's own device via on-device ASR (Moonshine). Audio never leaves the device for transcription — only the resulting transcript text crosses any boundary. Medicare-related fields read from authorized portal pages the agent already has open in their authenticated session (CMS MARx, Sunfire Matrix, ThinkAgent, Heartland). This may include client name, date of birth, Medicare Beneficiary Identifier (MBI), pharmacy, providers, drug list, current plan, LIS subsidy level, Medicaid status, and election history.
  • Agent settings — agent name/NPN, feature toggles, call-script content.
  • Subscription information — agent email and payment data, handled by ExtensionPay (Stripe). We never see your card number.
03

Where the data goes

  • Hathr.ai (Claude on AWS GovCloud), operating under a HIPAA Business Associate Agreement. AI processing of transcripts and Medicare context happens here. The agent's subscription includes that BAA coverage.
  • The agent's authorized carrier and CMS portals — Sunfire, EnrollHere, MARx, ThinkAgent, Heartland — when the agent triggers an auto-fill or context read.
  • Encrypted local storage on the agent's machine — AES-GCM-encrypted Dexie database with a non-extractable browser-scoped master key. Audit log retained per HIPAA §164.312(b), PHI-redacted by construction.
  • ExtensionPay / Stripe for subscription billing only.
04

What Cairie never does

  • No screenshots, no vision data, no image content in any prompt or log.
  • No raw client PHI to any AI service outside Hathr.ai's HIPAA-covered pipeline.
  • No auto-submission of enrollments — high-risk actions (Submit, Enroll, Sign, Pay, Confirm) always pause for the agent's approval.
  • No data sold or shared with third parties for advertising, marketing, or any purpose unrelated to assisting the agent on Medicare enrollment workflows.
  • No access to carrier portals outside the small allowlist of agent-authorized tools. The Cairie navigator agent is hard-blocked from unauthorized domains.
05

Retention

  • In-flight session data: held in memory only during a call; purged after 12 hours.
  • Encrypted local storage: persists until the agent purges via the extension's Options page.
  • Audit log: retained permanently per HIPAA §164.312(b), with all PHI redacted at write time.
06

Your rights

You can export your encrypted data, review the audit log, or delete everything from the extension's Options page. Subscription cancellation is self-serve via the ExtensionPay management portal.

07

Contact

Privacy questions: use the support form or email support@letcairie.com.

Agency / multi-seat: agency-sales@letcairie.com