Privacy Policy

Last updated: April 22, 2026

Who We Are

Icarus is a product of Rego AI, Inc. ("Rego," "we," "us"). We provide ICHRA (Individual Coverage Health Reimbursement Arrangement) administration services to employers and their employees.

Information We Collect

We collect information necessary to administer health benefits:

• Account information: Name, email, phone number, employer affiliation
• Employee data: Date of birth, address, employment type, dependents (provided by employer or employee)
• Health profile data: Prescriptions, conditions, and preferences (provided voluntarily by employees for plan matching only)
• Claims data: Claim amounts, service dates, receipts, and documentation
• Coverage data: Insurance carrier, plan details, coverage attestations
• Payment data: Bank account information for reimbursement (processed by our banking partner)

How We Use Your Information

• Administer ICHRA benefits on behalf of your employer
• Process claims and reimbursements
• Match employees to suitable health plans (AI-assisted, with employee consent)
• Generate required compliance notices and reports
• Communicate about benefits, claims status, and enrollment
• Improve our platform and services

What We Never Do

• We never sell your personal or health information
• We never share health profile data with your employer
• We never share your data with insurance carriers without your consent
• We never use health data for advertising or marketing

Data Security

We use industry-standard security measures including encryption at rest and in transit, role-based access controls, and secure cloud infrastructure (AWS) with a signed Business Associate Agreement (BAA) in place.

Data Retention

We retain data for as long as needed to provide services and comply with legal obligations (typically 7 years for tax-related records). Employees can request deletion of voluntary health profile data at any time.

Third-Party Services

We use the following third-party services that may process your data:

• AWS: Cloud infrastructure (hosting, storage, database)
• Unit.co: Banking and payment processing
• Healthcare.gov (CMS): Marketplace plan data
• AWS Cognito: Authentication
• AWS SES: Email delivery

Your Rights

You have the right to access, correct, or delete your personal data. Contact us at support@rego.ai with any privacy-related requests.

Changes

We may update this policy from time to time. Material changes will be communicated via email or in-app notification.

Contact

For privacy questions or concerns: support@rego.ai