Legal

Privacy Policy

How InPass and PurpleMESH Solutions collect, use, and protect your information.

Last updated: March 2026

1. Overview

InPass is a product of PurpleMESH Solutions ("we", "us", "our"). This Privacy Policy explains how we collect, use, disclose, and safeguard information when insurance carriers ("Carriers") and their policyholders ("End Users") use the InPass platform.

By using InPass, you agree to the terms of this Privacy Policy. If you do not agree, please discontinue use of the platform.

2. Information We Collect

From Carriers (B2B customers): When a carrier integrates InPass, we collect:

  • Business contact details (name, email, company, role)
  • API credentials and integration configuration data
  • Policy data transmitted via the InPass API (policy numbers, coverage details, holder names — as configured by the carrier)
  • Usage and analytics data (pass delivery rates, wallet add events, API call logs)

From End Users (policyholders): InPass operates as a pass delivery mechanism on behalf of carriers. We collect minimal end-user data:

  • Device type (Apple or Google) for pass delivery routing
  • Pass add/remove events (anonymized)
  • We do not store full policyholder PII beyond what is required to render and deliver the wallet pass

3. How We Use Your Information

  • To generate, deliver, and update wallet passes on behalf of carriers
  • To provide carrier analytics and adoption reporting
  • To operate, maintain, and improve the InPass platform
  • To respond to support requests and communicate product updates
  • To comply with applicable legal obligations

4. Data Sharing

We do not sell your data. We do not share personal information with third parties for marketing purposes. We may share data with:

  • Service providers: Cloud infrastructure, analytics, and security vendors operating under data processing agreements
  • Apple and Google: Pass delivery requires transmission to Apple PassKit and Google Wallet APIs — governed by their respective privacy policies
  • Legal requirements: Where required by applicable law, court order, or governmental authority

5. Data Retention

Carrier account data is retained for the duration of the contract plus 90 days. Pass delivery logs are retained for 12 months for analytics purposes. End-user pass data is retained only as long as the pass is active. Carriers may request deletion of their data at any time by contacting hello@purplemesh.in.

6. Security

InPass implements industry-standard security measures including:

  • All passes are cryptographically signed using Apple PassKit certificates and Google Wallet signing keys
  • Data in transit is encrypted using TLS 1.2+
  • Data at rest is encrypted using AES-256
  • Access controls, audit logging, and periodic security reviews are in place
  • We are working toward SOC 2 Type II certification

7. Your Rights

Depending on your jurisdiction, you may have rights including access, correction, deletion, and portability of your personal data. To exercise these rights, contact us at hello@purplemesh.in. We will respond within 30 days.

8. Children's Privacy

InPass is a B2B platform not directed at individuals under the age of 18. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy periodically. We will notify carriers of material changes via email or platform notification. Continued use of InPass after changes constitutes acceptance of the updated policy.

10. Contact Us

For privacy-related questions or requests, please contact: