1. Introduction
This Privacy Policy explains how FindMyHealthQuote ("FindMyHealthQuote," "we," "us," or "our") collects, uses, discloses, retains, and protects information when you visit our website, request insurance information, submit a quote request, call a number displayed on our website, click a referral link, or otherwise interact with our services.
What we are. FindMyHealthQuote is an independent insurance information, quote-referral, and lead-generation website. We are not an insurance company, broker, or agent. We do not underwrite, issue, administer, approve, deny, or guarantee insurance policies. We do not directly process final Marketplace applications unless expressly stated. Final eligibility review, application submission, enrollment assistance, and post-enrollment servicing may be handled by authorized quoting, enrollment, carrier, agency, or licensed insurance partners.
What we are not. We are not HealthCare.gov, Medicare.gov, the Centers for Medicare & Medicaid Services (CMS), the federal Medicare program, Medicaid, any federal agency, any state Marketplace, any state insurance department, or an insurance company. We are not endorsed by, sponsored by, or affiliated with the U.S. government, the federal Medicare program, or any state or federal Marketplace.
HIPAA status. We are not a "covered entity" or "business associate" under the Health Insurance Portability and Accountability Act (HIPAA) and the HIPAA Privacy and Security Rules (45 CFR Parts 160 and 164). The information you submit through our website is protected by our security practices and applicable state privacy laws, not by HIPAA.
This is a solicitation of insurance. By using our website, submitting information, or otherwise interacting with us, you acknowledge that you have read this Privacy Policy. If you do not agree, do not use our website or submit information.
2. Information we collect
We may collect information that you provide directly to us, information collected automatically when you use our website, and information from partners or service providers. Some of the information we collect is sensitive, including health-related information, financial information, and household information used to estimate potential eligibility for insurance options, ACA subsidies, or other coverage-related programs.
A. Information you provide directly
When you submit a form, request a quote, complete our wizard, contact us, or otherwise interact with us, we may collect:
- Identifiers: full name, email address, phone number, mailing address, ZIP code, county, state.
- Demographic information: age or date of birth, gender, household size, marital status, tobacco use, language preference.
- Eligibility-relevant information: pregnancy, blindness or disability, Native American / Alaska Native status, citizenship or lawful-presence status, eligibility for employer-sponsored coverage, Medicaid or CHIP status.
- Financial information: estimated annual household income (used only to estimate potential ACA subsidy or cost-sharing-reduction eligibility), employment status.
- Health-related information: preferred healthcare providers (doctors, hospitals), prescription medications, general health-condition indicators, healthcare usage patterns. We treat this information as sensitive personal information under state privacy laws and as "consumer health data" under Washington's My Health My Data Act (where applicable).
- Coverage preferences: insurance needs, plan preferences, metal-tier preferences, network preferences, prescription formulary preferences.
- Communications and consent records: opt-ins, opt-outs, consent and revocation timestamps, IP address, user agent, the exact language of disclosures shown, call recordings (where permitted by law and with notice).
- Provider-profile claim review: if you request access to manage a provider profile, we collect your account email, name, relationship to the provider or practice, authorization attestation, submission time, a securely uploaded government-issued photo ID image or PDF (driver license preferred), administrator decision, and review notes. The identity document is used only to review management authority, is stored in encrypted private storage, and is available only to authorized administrators. We do not request a selfie or biometric information. An administrator may also independently contact the provider or practice through publicly available business contact information.
B. Information collected automatically
When you visit our website, we and our service providers may automatically collect:
- IP address, browser type and version, device type, operating system, screen resolution, referring and exit pages, pages viewed, time spent on pages, click patterns, and other usage data.
- Approximate geographic location derived from IP address.
- Cookie identifiers, pixels, tags, web beacons, local storage, and similar online identifiers.
C. Information from third parties
We may receive information about you from third parties, including licensed insurance agents, brokers, agencies, carriers, quoting or enrollment partners, marketing partners, analytics providers, anti-fraud vendors, and other service providers, to operate our website, process referrals, maintain records, prevent fraud, honor opt-out requests, measure performance, and comply with legal or regulatory obligations.
D. Information we do not intentionally collect
We do not intentionally collect, store, or transmit through our general public-facing quote and contact forms your full Social Security number (SSN), your Medicare Beneficiary Identifier (MBI), full date of birth, full payment or banking information, detailed medical records, or government identification. The separate authenticated provider-claim workflow may collect a government-issued photo ID solely for the administrator review described above. If you choose to provide other sensitive information to a licensed insurance professional by phone, that information is handled by the licensed agency, not by FindMyHealthQuote. We do not intentionally transmit Social Security numbers, MBI numbers, full date of birth, or provider-claim identity documents to advertising platforms, analytics providers, or third-party tracking services.
3. How we use information
We may use the information we collect to:
- Operate, maintain, secure, and improve our website and services.
- Respond to quote requests, contact requests, and other insurance-related inquiries.
- Use your ZIP code and state to determine whether we or an authorized partner may be able to serve your location.
- Connect you with licensed insurance agents, brokers, agencies, carriers, quoting platforms, or other authorized enrollment partners who may review eligibility, subsidy availability, plan availability, and enrollment options.
- Provide insurance education, plan-comparison support, referral services, and related customer support.
- Communicate with you about your inquiry or requested insurance options, subject to applicable consent requirements.
- Maintain consent, authorization, revocation, opt-out, and compliance records as required by CMS, state insurance regulators, the Federal Trade Commission, and other authorities.
- Prevent, detect, investigate, and address fraud, unauthorized activity, security incidents, or misuse of our website.
- Comply with applicable legal, regulatory, licensing, carrier, Marketplace, audit, recordkeeping, and contractual obligations.
- Analyze website performance, referral performance, marketing effectiveness, and user experience.
- Enforce our Terms of Service and other policies.
- Review a provider-profile claimant's identity and claimed authority, prevent impersonation, and control access to profile-management tools.
What we do not do with your information. We do not use your health-related information for automated decision-making, profiling, or model training that produces legal or similarly significant effects. We do not make final Marketplace eligibility determinations, final subsidy determinations, underwriting decisions, or enrollment approvals. Eligibility, premiums, subsidies, benefits, provider networks, formularies, and coverage availability are determined by insurance carriers, government Marketplace rules, and applicable law.
6. Data security
We use reasonable administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, use, disclosure, alteration, or destruction. These safeguards include encryption in transit (TLS 1.2 or higher), role-based access controls, encrypted private storage for provider-claim identity documents, secure development practices, vendor security reviews, monitoring, and employee training on data protection practices.
No method of transmission over the Internet or method of electronic storage, however, is completely secure. We cannot guarantee absolute security. If you have reason to believe your interaction with us is no longer secure, please contact us immediately using the information in Section 14.
Security claims used on the site. Trust indicators such as "Encrypted" and "Secure" refer to the encryption we use in transit and to the access controls described above. They are not absolute warranties of security. Please review the on-page language carefully; if you see a claim that conflicts with this section, this Privacy Policy controls.
7. Data retention
We retain personal information for as long as reasonably necessary to fulfill the purposes described in this Privacy Policy, including to respond to inquiries, process referrals, provide services, maintain consent and compliance records, comply with legal or regulatory obligations, resolve disputes, prevent fraud, and enforce agreements.
Specific retention periods. We apply the following minimum retention periods:
- Medicare marketing records (including marketing materials, scripts, call recordings, consent records, Scope of Appointment records, and lead records): at least 10 years from the date of last activity, as required by 42 CFR § 422.2274 and 42 CFR § 423.2274.
- ACA Marketplace marketing records (including lead records, consent, opt-in/opt-out logs, and the marketing materials delivered): at least 10 years, consistent with CMS Marketing SOP and CMS web-broker entity standards under 45 CFR § 155.220.
- TCPA consent and call records (including prior express written consent, recording disclosures, opt-outs, and dialer logs): at least 5 years, as required by 47 CFR § 64.1200(c)(3).
- General consumer records: as long as needed to provide the requested service and as required by applicable law, typically 3–7 years after the last interaction.
- Provider-profile claim records (including the claimant's relationship, authorization attestation, identity-document record, administrator decision, and review notes): retained only as reasonably necessary to review the claim, resolve an ownership dispute, prevent fraud, maintain an access-control record, or comply with law. Administrative decision and audit records may be retained for 3–7 years; sensitive identity-document files may be deleted sooner when they are no longer reasonably necessary.
- Tax and financial records: at least 7 years, as required by the Internal Revenue Code and applicable state tax laws.
When personal information is no longer needed for the purposes described above, we will delete, de-identify, aggregate, or securely dispose of it according to our retention practices and applicable law.
8. Your rights & state privacy law
Depending on your state of residence and applicable law, you may have rights regarding your personal information. We honor the rights described below for residents of all U.S. states, and we honor the additional rights described for residents of states with comprehensive privacy laws.
A. Rights we honor for all U.S. residents
- The right to request access to the personal information we maintain about you.
- The right to request correction of inaccurate personal information.
- The right to request deletion of personal information we maintain about you, subject to the retention periods in Section 7.
- The right to revoke any consent you have provided, including consent to be contacted by phone, email, or SMS.
- The right to opt out of marketing communications.
B. Rights for residents of states with comprehensive privacy laws
If you are a resident of California, Colorado, Connecticut, Delaware, Indiana, Iowa, Kentucky, Maryland, Minnesota, Montana, Nebraska, Nevada, New Hampshire, New Jersey, Oregon, Rhode Island, Tennessee, Texas, Utah, Virginia, or another state with a comprehensive consumer privacy law, you may also have the following rights:
- The right to know what categories of personal information we collect, the sources, the business purposes, and the categories of third parties with whom we share information (Cal. Civ. Code § 1798.100(b), § 1798.130(a)(5)).
- The right to a copy of the specific personal information we have collected about you (data portability).
- The right to opt out of the sale or sharing of your personal information.
- The right to limit the use and disclosure of sensitive personal information (including precise geolocation, racial or ethnic origin, religious or philosophical beliefs, union membership, mail, email, and text contents, genetic data, biometric data, health information, sex life, sexual orientation, and Social Security, driver's license, state ID, or passport numbers). California residents have a "Right to Limit Use of My Sensitive Personal Information" under CCPA regulations.
- The right to non-discrimination for exercising your privacy rights.
- The right to appeal a denial of a verifiable consumer request where required by state law (e.g., Colorado CPA § 6-1-1306(3)).
C. Categories of personal information we collect (CCPA/CPRA disclosure)
- Identifiers (name, email, phone, ZIP, IP).
- Personal information categories listed in Cal. Civ. Code § 1798.80(e) (address, phone, age, gender, household size, income, and driver-license information when submitted for a provider-profile claim).
- Protected classification characteristics (tobacco use, age, pregnancy, disability, Native American status, citizenship / lawful-presence status — used only for ACA eligibility and special-program purposes).
- Commercial information (insurance coverage interests, plan preferences, enrollment history).
- Internet or network activity (browsing, page interactions, click patterns).
- Geolocation data (approximate, derived from IP).
- Professional or employment-related information (employment status, employer-coverage eligibility).
- Non-public education information is not collected.
- Biometric information is not collected.
- Sensitive personal information (health information including prescription history, provider preferences, and general health-condition indicators; driver-license information when submitted for a provider-profile claim; precise geolocation is not intentionally collected).
- Inferences drawn from the above (eligibility-relevant inferences, plan-matching inferences) — we do not use these for automated decision-making that produces legal or similarly significant effects.
D. How to exercise your rights
To submit a privacy, access, correction, deletion, opt-out, or appeal request, contact us at the email address in Section 14 or use our Do Not Sell or Share page. We may need to verify your identity before processing certain requests. We will respond within the timeframes required by applicable law (typically 45 days under CCPA, with a 45-day extension where permitted).
If your request concerns information shared with a licensed insurance professional, carrier, agency, broker, quoting platform, enrollment provider, or another partner, you may also need to contact that party directly to exercise your rights under that party's policies.
Authorized agents. California residents may designate an authorized agent to submit a request on their behalf, subject to verification under 11 CCR § 7063.
9. Consumer health data (Washington My Health My Data Act)
Washington's My Health My Data Act ("MHMDA," RCW 19.373) classifies certain information as "consumer health data" and provides Washington residents and consumers whose data is collected while they are in Washington with specific rights with respect to that data. Consumer health data includes information that identifies your attempts to obtain health care services, and information about your health status, mental or physical health conditions, diagnoses, treatments, pregnancy, disability, prescriptions, providers, and bodily functions.
Information we collect that may qualify as consumer health data includes the health-related information listed in Section 2 (prescriptions, providers, general health-condition indicators, pregnancy, disability, Native American status, healthcare usage patterns).
How we collect consumer health data. We collect consumer health data only when you voluntarily provide it through our website forms, and only for the purpose of routing you to authorized quoting or enrollment services or licensed insurance professionals to evaluate insurance plan options.
Consent. Before we collect certain categories of consumer health data from you, we request your affirmative consent through a dedicated health-data consent checkbox in our wizard. You may withdraw that consent at any time by contacting us using the methods in Section 14.
Your MHMDA rights. Subject to MHMDA, you have the right to (a) confirm whether we collect consumer health data about you; (b) access a list of categories of consumer health data we have collected; (c) withdraw consent; (d) request deletion of consumer health data; and (e) request that we stop selling or sharing consumer health data. To exercise these rights, contact us at the email address in Section 14 or use our Consumer Health Data Notice page.
10. Communications consent (TCPA, FTSA, TSR)
When you submit a form on our website, provide a phone number, or call a number displayed on our website, FindMyHealthQuote and/or authorized licensed insurance partners may contact you about your insurance inquiry by phone, text message (SMS/MMS), or email, subject to the consent and disclosure requirements described below.
A. Prior express written consent for marketing calls and texts (TCPA)
Before we initiate or arrange automated marketing calls, prerecorded voice calls, or marketing text messages to the phone number you provide, we obtain your prior express written consent as required by the Telephone Consumer Protection Act (47 CFR § 64.1200) and applicable state telemarketing laws. The consent disclosure is presented above the phone field in our wizard, includes the required language, and is acknowledged by a separate, required checkbox.
Consent to receive marketing calls or text messages is not required as a condition of purchasing insurance. Message and data rates may apply. You may opt out of marketing text messages at any time by replying STOP. You may revoke consent or request no further contact at any time by using the contact methods in Section 14 or by following the unsubscribe instructions in any message we send.
B. Do-Not-Call compliance
We scrub outbound contact numbers against the National Do-Not-Call Registry, applicable state DNC lists, and our internal DNC list before initiating contact. We honor all prior revocation requests.
C. Call recording
Calls to our phone numbers may be recorded or monitored for quality assurance, training, and compliance purposes. In states that require all-party consent (including California, Florida, Illinois, Maryland, Massachusetts, New Hampshire, Pennsylvania, Washington, and Montana), the call recording notice is provided at the start of the call and your continued participation constitutes consent to recording.
D. Email and CAN-SPAM
Commercial emails we send include a clear identification of the sender, a valid physical postal address, a clear opt-out mechanism, and an opt-out honored within 10 business days as required by CAN-SPAM (15 U.S.C. § 7701 et seq.).
11. Compensation disclosure
FindMyHealthQuote may receive compensation when consumers request information, use a referral link, call a referral number, submit a quote request, are referred to a partner, or enroll in coverage through an authorized partner. Compensation may include referral fees, marketing fees, commissions, flat fees, performance-based compensation, or other forms of compensation. Compensation may vary by carrier, product, state, enrollment type, referral arrangement, partner relationship, or other factors.
Compensation does not determine your eligibility, premium, subsidy amount, plan availability, coverage approval, or whether a plan is suitable for you. We do not prioritize, rank, or recommend plans based on the compensation we may receive.
This compensation disclosure is provided consistent with industry guidance, including the Centers for Medicare & Medicaid Services Medicare Marketing Guidelines and the Affordable Care Act broker-compensation rules (45 CFR § 156.340).
12. Children's privacy
Our website and services are intended for adults age 18 and older. We do not knowingly collect personal information from children under 13 (as required by the Children's Online Privacy Protection Act, 15 U.S.C. §§ 6501–6506) or from any individual under 18. If you believe a child has provided personal information to us through our website, please contact us using the information in Section 14, and we will take reasonable steps to delete the information.
13. Changes to this policy
We may update this Privacy Policy from time to time to reflect changes in our practices, our service providers, or applicable law. The "Last updated" date at the top of this page reflects the most recent revision. If we make material changes, we will post the updated Privacy Policy with a new "Last updated" date and, where required by law, provide additional notice (for example, by email or by a prominent notice on the website before the change takes effect).
Your continued use of the website after an updated Privacy Policy is posted means you acknowledge the updated Privacy Policy. If you do not agree, please stop using the website and contact us to exercise your privacy rights.
14. Contact us
For privacy questions, data requests, opt-out requests, consent revocation, or any other matter related to this Privacy Policy, contact us at:
Submit the privacy request form for privacy, data, opt-out, or consent-revocation requests.
Please include your full name, the email address or phone number associated with your inquiry, your state of residence, and enough detail for us to identify and process your request. We may need to verify your identity before processing certain privacy, deletion, correction, opt-out, or consent-revocation requests.
See also our Contact Us page, our Licensing Information page, and our Do Not Sell or Share page.
