Privacy Policy for Insurance Gripes LLC

Effective Date: November 1, 2025

1. INTRODUCTION

Insurance Gripes LLC ("we," "us," or "our"), an Ohio limited liability company with a mailing address of P.O. Box 5415, 2711 W. Market St., Fairlawn, Ohio, 44333 operates the website insurancegripes.com and related services (the "Service"). This Privacy Policy describes how we collect, use, disclose, and protect personal information when you use the Service, including submitting insurance complaints ("Gripes"), ratings, anonymized PDF reports, and aggregated scores.

IMPORTANT NOTICE: By using the Service, you consent to our practices, including our ownership of anonymized data for commercial purposes. We are not a healthcare provider or financial institution but handle potentially sensitive insurance data responsibly. This Policy aligns with our Terms of Service and complies with applicable U.S. laws, including Ohio Revised Code § 1349, CCPA, and GLBA where applicable.

2. INFORMATION WE COLLECT

2.1 Information You Provide Directly

Account Information: Basic registration details required to create and maintain your account, including contact information and authentication credentials.

Insurance Complaint Data ("Gripes"): Information about your insurance experiences, including ratings, complaint details, incident information, and impact assessments you choose to share.

Optional Enhancement Data: Additional demographic, policy, coverage, provider, and treatment information you may voluntarily provide to enhance your complaint reports.

Communication Data: Messages, feedback, and correspondence when you contact our support team or participate in surveys.

2.2 Information We Collect Automatically

Usage and Analytics Data: Information about how you interact with our Service, including page views, navigation patterns, feature usage, and behavioral analytics collected through our tracking system.

Technical Data: Device and browser information, network data, error logs, and performance metrics necessary for Service operation and improvement.

2.3 Information from Third Parties

Service Provider Data: Information from our email service providers, monitoring tools, and other third-party services that help us operate and improve the platform.

We do not collect sensitive data without consent and anonymize Gripes (removing PII) before public display or aggregation.

3. HOW WE USE YOUR INFORMATION

3.1 Primary Service Operations

• Platform Functionality: Manage accounts, process Gripes, generate anonymized PDFs and regulatory links for state filings
• Content Display: Show aggregated insurance company ratings and anonymized user experiences
• Communication: Send account notifications and support responses
• Customer Support: Respond to inquiries and provide technical assistance

3.2 Analytics and Improvement

• Service Enhancement: Analyze usage patterns via Ahoy metrics to improve platform functionality
• Performance Optimization: Monitor system performance and user experience
• Feature Development: Identify popular features and areas for improvement
• Quality Assurance: Detect and prevent fraudulent or spam content using automated systems

3.3 Commercial Data Use and Ownership

We own and may sell anonymized aggregated data for commercial purposes, including:

• Market Research: Generate insurance industry reports and trend analyses
• Data Products: Sell anonymized, aggregated datasets to insurance companies, regulators, researchers, and industry analysts
• Business Intelligence: Provide consulting services based on anonymized consumer feedback data
• API Access: License access to anonymized data through commercial APIs

Important: No individual personally identifiable information (PII) is sold. All commercial data sharing uses industry-standard anonymization techniques.

3.4 Legal and Regulatory Compliance

• Fraud Prevention: Detect and prevent fraudulent complaints using automated validation
• Legal Obligations: Comply with applicable laws, including Ohio insurance regulations
• Safety and Security: Protect user rights and platform integrity
• Regulatory Reporting: Provide anonymized data to insurance regulators when required by law

4. HOW WE DISCLOSE YOUR INFORMATION

4.1 Service Providers

We may share data with third-party service providers under data protection agreements for cloud hosting, email delivery, analytics, and monitoring services.

4.2 Commercial Data Sharing (Anonymized Only)

We may sell or license anonymized aggregated data to:

• Insurance Companies: Consumer feedback and satisfaction trends
• Industry Analysts: Market research datasets and trend analysis
• Regulatory Bodies: Anonymized consumer complaint patterns (when requested)
• Academic Researchers: Anonymized datasets for consumer protection studies
• Business Intelligence Firms: Processed data for industry analysis

Opt-Out Rights: You may opt-out of data sales/sharing by contacting privacy@insurancegripe.com.

4.3 Legal and Safety Disclosures

We may disclose information when required by law:

• Legal Process: Court orders, subpoenas, and regulatory investigations
• Law Enforcement: Criminal investigations and public safety matters
• Regulatory Compliance: Ohio Department of Insurance investigations and compliance audits
• Safety Protection: Preventing fraud, abuse, or harm to users or our business

4.4 Business Transfers

In connection with business transactions: mergers, acquisitions, sales of company assets, bankruptcy, or corporate restructuring.

5. YOUR PRIVACY RIGHTS

5.1 General Rights

Under applicable laws (including CCPA and Ohio law), you may:

• Access: View personal data associated with your account
• Correct: Update account information (email, username, password)
• Delete: Request deletion of personal data (45-day response time)
• Opt-Out: Opt-out of sales/sharing of personal information

5.2 Account Deletion Process

When you request account deletion, we will:

• Delete Personal Data: Remove email, username, and personal identifiers within 45 days
• Anonymize Content: Remove personal identifiers from complaint data while retaining anonymized content
• Verify Completion: Confirm personal data deletion completion
• Retain Anonymized Data: Continue using anonymized complaint content for commercial purposes

5.3 Data Request Process

Submit requests to: privacy@insurancegripe.com

• Identity Verification: Required for all data requests
• Response Time: 45 days maximum
• Exclusions: Commercial aggregates and anonymized data excluded from deletion

5.4 State-Specific Rights

• Ohio Residents: Contact Ohio Department of Insurance for privacy complaints
• California Residents (CCPA): Additional rights to know, delete, and opt-out of sales
• Other States: We comply with applicable state privacy laws while maintaining commercial data rights

6. CHILDREN'S PRIVACY

• Age Restrictions: Service is for users 18+ only; no knowing collection from children under 13 (COPPA-compliant)
• Parental Rights: Parents who believe we collected information from a child under 13 should notify us at contact@insurancegripe.com immediately
• Data Removal: We will promptly delete any data collected from children under 13

7. DATA SECURITY

7.1 Security Measures

We implement reasonable safeguards per GLBA and Ohio Rev. Code § 1349:

• Encryption: SSL/TLS for data transmission, encrypted database storage
• Access Controls: Multi-factor authentication, role-based access via Docker/AWS
• Infrastructure Security: AWS Lightsail with automated backups and disaster recovery
• Monitoring: Continuous monitoring for unauthorized access and security breaches
• Non-disclosure of HIPAA protected information

7.2 Data Breach Response

We conduct regular risk assessments and will:

• Report Breaches: As required by law (e.g., 60 days to Ohio Superintendent)
• User Notification: Within 72 hours of discovery when legally required
• Remediation: Immediate steps to prevent further unauthorized access

8. DATA RETENTION

8.1 Retention Periods

Personal Identifiable Information:

• Account Data: Deleted upon account deletion request (email, username, password)
• Contact Information: Deleted upon request within 45 days
• Personal Identifiers: Removed from complaint data upon account deletion

Anonymized Business Data:

• Complaint Content: Retained indefinitely after anonymization for commercial use
• Rating Data: Retained indefinitely in anonymized, aggregated form
• Usage Patterns: Retained indefinitely after removing personal identifiers

Analytics and Technical Data:

• Visit Analytics: Retained for up to 7 years for trend analysis
• Performance Data: Retained for up to 3 years for system optimization
• Communication Records: Retained for 3 years for customer service; deleted on request for marketing

Legal Holds: Data subject to legal proceedings may be retained beyond normal periods.

9. INTERNATIONAL TRANSFERS

• Data Processing Location: Primary data storage and processing occurs in United States (AWS data centers)
• International Users: Data transferred to and processed in the U.S. under U.S. privacy laws
• EU/UK Transfers: Standard contractual clauses used if applicable (GDPR consideration)
• Commercial Partners: May include international data buyers with appropriate safeguards

10. COOKIES AND TRACKING TECHNOLOGIES

10.1 Cookies We Use

• Essential Cookies: Session management, security (CSRF protection), user preferences
• Analytics Cookies: Ahoy tracking for visit analysis, performance monitoring, A/B testing
• Third-Party Cookies: SendGrid email tracking, monitoring service cookies

10.2 Cookie Management

• Browser Controls: You can disable cookies through browser settings (may limit functionality)
• Opt-Out Limitations: Some tracking necessary for platform operation and fraud prevention

11. CHANGES TO THIS POLICY

• Updates: We may update this Policy to reflect changes in practices, features, or legal requirements
• Notification: 30 days' notice for material changes via email and website posting
• Acceptance: Continued use after changes constitutes acceptance
• Material Changes: Include new data collection categories, significant changes to commercial use, or modifications to user rights

12. CONTACT US

• Privacy Officer: privacy@insurancegripe.com
• General Support: contact@insurancegripe.com
• Business Address: P.O. Box 5415, 2711 W Market St, Fairlawn, Ohio, 44333
• CCPA Requests: privacy@insurancegripe.com (opt-outs and data requests)
• Ohio Residents: Ohio Department of Insurance for privacy complaints
• Response Time: 45 days maximum for privacy requests
• Identity Verification: Required for all data subject requests