What I collect, what I do with it, what I'd never do.

01Who this policy applies to

This Privacy Policy applies to information collected by KD Health Management LLC (doing business as The Insurance Insider) — a Florida limited liability company — when you visit our websites, contact us, or become a client. "We," "us," and "our" mean KD Health Management LLC. "You" and "your" mean you, the visitor or client.

02What we collect

You give us directly

• Name, email, phone — when you fill out a form or email us
• Company details and group census — when you request a group benefits quote
• Date of birth, dependents, basic health questionnaire — when underwriting requires it
• Payment info — only when you enroll in coverage (handled by the carrier, not by us)

We collect automatically

• IP address, browser type, device info — standard web analytics
• Pages you visit on our sites — for traffic improvement
• Referring URL — to understand where visitors come from

We receive from third parties

• Carrier responses to quote requests — health insurance carriers we shop on your behalf
• Verification data — when checking eligibility (subsidy income, employer info)

03What we do with it

• Quote and enroll you — submitting applications to carriers
• Service the relationship — claims help, plan changes, renewal reviews
• Communicate — appointment confirmations, renewal reminders, the occasional newsletter you can unsubscribe from anytime
• Comply with legal requirements — broker recordkeeping rules require we retain certain client records for 5–7 years

04Who we share with

• Insurance carriers — only the information they need for the quote or application you've asked us to submit
• Our CRM and email systems — HubSpot (CRM, with HIPAA Business Associate Agreement), Microsoft 365 (email, encrypted), Apollo (outbound sequences for prospects; not used for current clients' PHI)
• Government agencies — when legally required (subpoenas, court orders, regulatory examinations)
• Auditors and counsel — under confidentiality, when running our own business legally

What we DON'T do

• We don't sell your data
• We don't rent your contact info to lead-gen companies
• We don't share PHI with advertising platforms
• We don't use your data to train AI models

05HIPAA & PHI

Health insurance brokering touches Protected Health Information (PHI). We treat PHI under HIPAA Privacy and Security Rule standards:

• Encrypted in transit and at rest in our systems
• Access limited to staff who need it to do the job (currently: Kristian Delgado)
• BAAs (Business Associate Agreements) in place with HubSpot and Microsoft 365
• Retained per HIPAA-required minimum, then deleted

06Cookies & tracking

Our site uses minimal cookies — Google Fonts (typography), and a Facebook domain verification meta tag (no Facebook pixel tracking enabled at time of writing). We do not run third-party ad pixels or sell anonymized site data.

Your browser controls how cookies are handled. We don't require cookie acceptance to use the site.

07How long we keep it

• Active client data — for the duration of the relationship plus 7 years (broker recordkeeping requirements)
• Quote inquiries that don't become clients — 2 years, then deleted
• Website analytics — 14 months
• Email correspondence — 7 years (broker records)

08Your rights

Depending on your state, you may have specific rights regarding your data:

• Access — request a copy of what we have on you
• Correct — fix anything that's wrong
• Delete — ask us to remove (subject to broker recordkeeping retention laws)
• Opt out — of marketing emails (always)
• Portability — get a structured export of your data

To exercise any of these: email kristian@smarthealthcoverage.org with "Privacy Request" in the subject. Standard response within 30 days.

09Children

We do not knowingly collect data from anyone under 18 directly. Coverage applications for minors are submitted by their parents/guardians as part of family enrollments.

10Security incidents

If we have a data breach affecting your information, we notify you per applicable state breach-notification laws and HIPAA Breach Notification Rule timelines (typically within 60 days of discovery, sooner when required by state law).

11Changes to this policy

We may update this policy. Material changes will be flagged at the top of the page with an updated effective date. Current version date is at the top of this document.

12Contact

Privacy questions or requests:

• Email: kristian@smarthealthcoverage.org
• Phone: (954) 338-9905
• Mail: KD Health Management LLC, 4014 Palm Place, Weston, FL 33331