Privacy Policy

Last Modified: April 20, 2026

Introduction

HealthcareGPS Inc. ("Company" or "We") respect your privacy and are committed to protecting it through our compliance with this policy.

This policy describes the types of information we may collect from you or that you may provide when you visit the website (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This policy applies to information we collect:

  • On this Website.
  • In email, text, and other electronic messages between you and this Website.
  • Through mobile and desktop applications you download from this Website, which provide dedicated non-browser-based interaction between you and this Website.
  • When you interact with our advertising and/or applications on third-party websites and services, if those applications or advertising include links to this policy.

It does not apply to information collected by:

  • Us offline or through any other means, including on any other website operated by Company or any third party; or
  • Any third party, including through any application or content (including advertising) that may link to or be accessible from or through the Website.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. We do not sell your personal information or Protected Health Information ("PHI"). We may use de-identified or aggregated data — from which all personal identifiers have been removed in accordance with applicable law, including the de-identification standards set forth at 45 CFR § 164.514 — to improve the Platform, generate industry benchmarks, and support internal research and product development. De-identified data is not personal information and is not subject to the restrictions of this Privacy Policy or any executed Business Associate Agreement. If you do not agree with our policies and practices, your choice is not to use our Website and/or services. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time. Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Children Under the Age of 13

Our Website and the MedicareCopilot Platform are intended for licensed insurance professionals and, where applicable, Medicare-eligible individuals (generally age 65 or older). The Website is not directed to children under 13 years of age. Consistent with the Children's Online Privacy Protection Act ("COPPA"), we do not knowingly collect personal information from children under 13. If you are under 13, do not use or provide any information on this Website or through any of its features. If we learn that we have collected personal information from a child under 13 without verification of parental consent, we will promptly delete that information. If you believe we may have collected information from or about a child under 13, please contact us via email at support@healthcareGPS.ai.

Information We Collect About You and How We Collect It

We collect several types of information from and about users of our Website, including information:

  • By which you may be personally identified, such as name, postal address, email address, telephone number, or any other identifier by which you may be contacted online or offline ("personal information");
  • That is about you but individually does not identify you; and/or
  • About your internet connection, the equipment you use to access our Website, and usage details.

We collect this information:

  • Directly from you when you provide it to us.
  • Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
  • From third parties, for example, our business partners.

Information You Provide to Us

The information we collect on or through our Website may include:

  • Information that you provide by filling in forms on our Website. This includes information provided at the time of registering to use our Website, subscribing to our service, or requesting further services. We may also ask you for information when you report a problem with our Website.
  • Records and copies of your correspondence (including email addresses), if you contact us.
  • Your responses to surveys that we might ask you to complete for research purposes.
  • Details of transactions you carry out through our Website and of the fulfillment of your orders. You may be required to provide financial information before placing an order through our Website.
  • Your search queries on the Website.

Information We Collect Through Automatic Data Collection Technologies

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

  • Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
  • Information about your computer and internet connection, including your IP address, operating system, and browser type.

The information we collect automatically may include personal information, or we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:

  • Estimate our audience size and usage patterns.
  • Store information about your preferences, allowing us to customize our Website according to your individual interests.
  • Speed up your searches.
  • Recognize you when you return to our Website.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website. For information about managing your privacy and security settings for cookies, see the section on Choices About How We Use and Disclose Your Information.
  • Web Beacons. Pages of our Website may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

Third-Party Use of Cookies and Other Tracking Technologies

We use a limited number of first-party and service-provider analytics and operational tools on our Website (such as site-performance monitoring, error reporting, and session analytics). HealthcareGPS does not deploy third-party advertising pixels, ad-network beacons, behavioral-advertising cookies, or similar marketing-focused tracking technologies on any page of the Website or the MedicareCopilot Platform on which Protected Health Information ("PHI") or identifiable Medicare-beneficiary information is collected, entered, displayed, or otherwise processed. Consistent with the U.S. Department of Health and Human Services Office for Civil Rights guidance on use of online tracking technologies by HIPAA-regulated entities, any analytics or operational tool used on PHI-handling pages operates solely on our behalf under a written Business Associate Agreement or equivalent contractual commitment that prohibits any advertising, marketing, or cross-context behavioral use of such data. On non-PHI, non-beneficiary-facing pages (such as our marketing website), we may use standard analytics cookies, which you can control through your browser settings and through the choices described below.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.

How We Use Your Information

We use information that we collect about you or that you provide to us, including any personal information:

  • To present our Website and its contents to you.
  • To provide you with information, products, or services that you request from us.
  • To fulfill any other purpose for which you provide it.
  • To provide you with notices about your account, including expiration and renewal notices.
  • To carry out our obligations and enforce our rights arising from any contracts entered into between you and us, including for billing and collection.
  • To notify you about changes to our Website or any products or services we offer or provide though it.
  • To allow you to participate in interactive features on our Website.
  • In any other way we may describe when you provide the information.
  • For any other purpose with your consent.

We do not use Medicare-beneficiary information obtained through the MedicareCopilot Platform to market third-party products or services to those beneficiaries. We will not send marketing communications (including calls, text messages, ringless voicemails, or emails) to Medicare beneficiaries or other consumers using information obtained through the Platform unless we have first obtained prior express written consent in the form required by the Telephone Consumer Protection Act, the CMS Medicare Communications and Marketing Guidelines, and any other applicable law. We may send our Customers (i.e., the insurance-agent and agency users who have subscribed to the Platform) transactional, account, and service-related communications and, where permitted by law, product-update communications, which Customers may opt out of through the unsubscribe link in each such email or by contacting us at the address below.

Disclosure of Your Information

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We may disclose personal information that we collect or you provide as described in this privacy policy:

  • To our subsidiaries and affiliates.
  • To contractors, service providers, and other third parties we use to support our business.
  • To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of HealthcareGPS Inc.'s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by HealthcareGPS Inc. about our Website users is among the assets transferred.
  • To fulfill the purpose for which you provide it.
  • For any other purpose disclosed by us when you provide the information.
  • With your consent.

We may also disclose your personal information:

  • To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
  • To enforce or apply agreements, including for billing and collection purposes.
  • If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of our company, customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

The categories of personal information we may disclose include:

  • Any information entered by the user; and
  • Any information collected from the user.

Choices About How We Use and Disclose Your Information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.

We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.

Your State Privacy Rights

State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. California, Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Maryland, Minnesota, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, and Virginia provide (now or in the future) their state residents with rights to:

  • Confirm whether we process their personal information.
  • Access and delete certain personal information.
  • Correct inaccuracies in their personal information, taking into account the information's nature processing purpose.
  • Data portability.
  • Opt-out of personal data processing for:
    • targeted advertising (excluding Iowa);
    • sales; or
    • profiling in furtherance of decisions that produce legal or similarly significant effects (excluding Iowa and Utah).
  • Either limit (opt-out of) or require consent to process sensitive personal data.

The exact scope of these rights may vary by state. For purposes of these state laws, the categories of personal information we collect and process may include identifiers (name, postal address, email address, telephone number, online identifier, IP address), commercial information (records of products or services purchased), internet or other electronic network activity information (browsing history, interactions with our Website), geolocation data, professional or employment-related information (for licensed-agent Customers), and, to the extent processed through the MedicareCopilot Platform, sensitive personal information consisting of information about health, health insurance, or related Medicare eligibility and coverage. We do not use or disclose sensitive personal information for any purpose other than those permitted under applicable state law without obtaining your consent. To exercise any of these rights, please submit a verifiable consumer request by: (a) emailing us at privacy@healthcareGPS.ai; (b) calling us toll-free at 1-844-MED-COPILOT; or (c) completing the web-based privacy-rights intake form available at MedicareCopilot.ai/privacy-rights. We will acknowledge receipt of your request within ten (10) business days and will respond substantively within the timeframe required by the applicable state law (generally forty-five (45) days, subject to extension as permitted by law). We will need to verify your identity before fulfilling certain requests. You may use an authorized agent to submit a request on your behalf, subject to reasonable verification. We will not discriminate against you for exercising any of these rights. If we deny a request in whole or in part, you may appeal by replying to our response or emailing privacy@healthcareGPS.ai with the subject line "Privacy Rights Appeal" within thirty (30) days of our decision, and we will respond to the appeal within the period required by applicable law.

Nevada provides its residents with a limited right to opt-out of certain personal information sales. Residents of Nevada who wish to exercise this sale opt-out rights may submit a request to this designated address: support@healthcareGPS.ai.

Notice at Collection

At or before the point of collection, we inform you of: (a) the categories of personal information we collect (see "Categories of Personal Information We Collect" below and "Information We Collect About You and How We Collect It" above); (b) the purposes for which we use that information (see "How We Use Your Information"); (c) whether we sell or share that information (we do not — see "Do Not Sell or Share My Personal Information" below); and (d) how long we retain it (see "Data Retention" below). This Privacy Policy, together with any supplemental notices presented on specific pages or forms, constitutes our Notice at Collection under the California Consumer Privacy Act of 2018, as amended by the California Privacy Rights Act of 2020 (together, the "CCPA"), and the comparable notice-at-collection requirements of other U.S. state consumer privacy laws.

Categories of Personal Information We Collect, Sources, Purposes, and Recipients

In the preceding twelve (12) months, we have collected the following categories of personal information (as those categories are defined under California Civil Code § 1798.140): (a) identifiers (such as name, postal address, email address, telephone number, online identifier, IP address, account name, and government-issued identifiers provided by licensed-agent Users); (b) categories of personal information described in Cal. Civ. Code § 1798.80(e) (such as insurance-policy number and employment information for agent Users); (c) commercial information (such as records of Subscriptions purchased and transactions carried out through the Platform); (d) internet or other electronic network activity information (such as browsing history, search history, and information regarding interaction with the Website and Platform); (e) geolocation data (at an approximate, IP-based level); (f) professional or employment-related information (for licensed-agent Customers and Users); and (g) where processed through the MedicareCopilot Platform, sensitive personal information consisting of information about health, health insurance, or Medicare eligibility and coverage. We collect this information from the following categories of sources: directly from you; automatically from your device when you interact with our Website or Platform; from our Customers (for whom we act as a business associate and service provider under HIPAA); from data partners (including Connecture, Inc.) and from public sources (including CMS plan data). We use this information for the business and commercial purposes described in "How We Use Your Information" above, and we disclose it only to the categories of recipients described in "Disclosure of Your Information" above (including our subsidiaries and affiliates; service providers and subprocessors under written confidentiality and data-protection obligations; our Customers (for agent/agency-tenant data); successors in a business transaction; and governmental authorities where legally required). We do not disclose personal information to third parties for those third parties' own direct marketing or behavioral-advertising purposes.

Data Retention

We retain personal information for only so long as reasonably necessary to fulfill the purposes for which it was collected, to comply with our legal, regulatory, tax, accounting, and contractual obligations, and to establish, exercise, or defend legal claims. The criteria we use to determine the appropriate retention period for each category of personal information include: (a) the nature and sensitivity of the information; (b) the purpose(s) for which it is processed and whether those purposes can be achieved by other means; (c) applicable legal, regulatory, and record-retention requirements (including, where Customer is a Third-Party Marketing Organization under 42 C.F.R. §§ 422.2274 and 423.2274, CMS's ten (10)-year retention requirement for Medicare marketing, sales, and enrollment records that may pass through the Platform); (d) whether an individual or Customer has an ongoing relationship with us; and (e) applicable statutes of limitations. When personal information is no longer needed for these purposes, we either securely delete it in accordance with NIST SP 800-88 or de-identify it in accordance with 45 C.F.R. § 164.514.

Your Rights Under the California Consumer Privacy Act (CCPA/CPRA)

If you are a California resident, you have the following rights under the CCPA, in addition to the rights described under "Your State Privacy Rights" above: (a) the right to know what personal information we have collected, used, disclosed, or sold about you during the preceding twelve (12) months; (b) the right to request a portable copy of that information; (c) the right to request that we delete personal information we have collected from you, subject to certain exceptions; (d) the right to request that we correct inaccurate personal information; (e) the right to opt out of the sale or sharing of your personal information (we do not engage in either); (f) the right to limit our use and disclosure of sensitive personal information to uses necessary to perform the services requested; (g) the right to non-discrimination for exercising any of these rights; and (h) the right to appeal a denial of any of these rights. To verify your identity, we will ask you to provide information that matches information we already maintain about you (such as your registered email address) and, for higher-risk requests, to confirm your identity through a one-time authentication link or a signed declaration under penalty of perjury. You may use an authorized agent to submit a request on your behalf by providing the agent with written, signed permission and by verifying your own identity directly with us (or by providing proof of a lawful power of attorney under California Probate Code §§ 4000–4465). To exercise any of these rights, contact us through any of the methods described in "Your State Privacy Rights" above.

Do Not Sell or Share My Personal Information

HealthcareGPS does not "sell" or "share" your personal information, as those terms are defined under the CCPA or any comparable state law. In the preceding twelve (12) months, we have not sold or shared the personal information of any consumer, and we have not sold or shared the personal information of any consumer we know to be under the age of sixteen (16). Because we do not engage in such sales or sharing, no opt-out mechanism is technically required; nevertheless, we treat any opt-out preference signal (including the Global Privacy Control described below) as a standing "Do Not Sell or Share" direction. If our practices ever change, we will update this Privacy Policy and publish a conspicuous "Your Privacy Choices" or "Do Not Sell or Share My Personal Information" link on our Website before doing so.

Limit the Use of My Sensitive Personal Information

California and certain other state laws give you the right to direct a business to limit its use and disclosure of "sensitive personal information" (which includes, among other things, information about health, health-insurance coverage, and Medicare eligibility) to purposes necessary to perform the services you have requested and a short list of other permitted purposes. HealthcareGPS already limits its use and disclosure of sensitive personal information to the purposes necessary to perform the MedicareCopilot Platform services and to the other purposes permitted under California Civil Code § 1798.121(a) (which include detecting security incidents, ensuring the quality and safety of the Platform, and short-term non-personalized uses). Accordingly, no separate "Limit the Use of My Sensitive Personal Information" link is required to be posted on our Website; however, if you would like us to further restrict our use or disclosure of your sensitive personal information, please email us at privacy@healthcareGPS.ai.

Global Privacy Control and Do Not Track Signals

Our Website is designed to recognize and honor opt-out preference signals communicated by your browser or device, including the Global Privacy Control ("GPC") signal, as required by California law. When we detect a valid GPC signal from a California resident's browser or device, we treat that signal as a valid request to opt out of any "sale" or "sharing" of that person's personal information (consistent with our ongoing practice of not engaging in such sales or sharing). Because different browsers implement "Do Not Track" ("DNT") headers inconsistently and there is no uniform industry standard for how DNT signals are interpreted, our Website does not separately respond to DNT headers; however, the GPC-based approach described above provides an equivalent or more protective opt-out.

California Shine the Light (Civil Code § 1798.83)

California residents who have an established business relationship with HealthcareGPS may request, once per calendar year, a notice identifying the categories of personal information (if any) we have shared with third parties for those third parties' own direct marketing purposes during the preceding calendar year, along with the names and addresses of those third parties. HealthcareGPS does not share personal information with third parties for those third parties' own direct marketing purposes. To request a Shine the Light notice, email us at privacy@healthcareGPS.ai with "Shine the Light Request" in the subject line.

Financial Incentives

HealthcareGPS does not offer financial incentives (such as price differences, service-level differences, or other compensation) in exchange for the collection, sale, sharing, retention, or deletion of personal information.

Automated Decision-Making and Profiling

The MedicareCopilot Platform uses algorithms, artificial-intelligence models, and similar automated means to assist licensed insurance agents with Medicare-plan comparison, document summarization, client-facing communication drafting, and related workflow tasks. These are decision-support features designed to assist — not replace — the independent professional judgment of a duly licensed insurance agent. HealthcareGPS does not use automated decision-making or profiling to make any legally or similarly significant decision about any individual (such as eligibility for insurance, credit, or employment) without meaningful human involvement. To the extent applicable law gives you a right to opt out of profiling in furtherance of decisions that produce legal or similarly significant effects, or a right to receive information about the logic involved in automated decision-making, you may exercise those rights by emailing privacy@healthcareGPS.ai.

Washington, Nevada, and Connecticut Consumer Health Data

Residents of Washington (under the My Health My Data Act, Wash. Rev. Code Ch. 19.373, "MHMDA"), Nevada (under Nevada Revised Statutes Ch. 603A, as amended by SB 370), and Connecticut (under Public Act No. 23-56, amending the Connecticut Data Privacy Act) have additional rights with respect to "consumer health data," which generally includes information that identifies a consumer's past, present, or future physical or mental health, health conditions, diagnoses, treatments, medications, use of health-care-related services, health-insurance coverage, and precise geolocation that could reasonably indicate an attempt to acquire or receive health services. HealthcareGPS only collects such consumer health data as is necessary to provide the MedicareCopilot Platform and related services, and processes such data either at the direction of the licensed-agent Customer providing services to the consumer or with the consumer's consent. We do not sell consumer health data. We do not share consumer health data for advertising, marketing, or cross-context behavioral advertising. Washington, Nevada, and Connecticut residents may (a) confirm whether we collect, process, share, or sell their consumer health data and access such data; (b) withdraw consent for our collection or processing of their consumer health data; (c) request deletion of their consumer health data (subject to permitted retention exceptions, including for compliance with law and CMS retention requirements); and (d) appeal a denial of any of these requests. To exercise these rights, email privacy@healthcareGPS.ai with "Consumer Health Data Request" in the subject line and identify the applicable state. HealthcareGPS maintains a separate Consumer Health Data Privacy Policy for Washington-resident consumers as required by the MHMDA, which is available at MedicareCopilot.ai/washington-health-data-privacy.

Gramm-Leach-Bliley Act

To the extent HealthcareGPS receives nonpublic personal financial information from consumers in connection with insurance-related services subject to the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801 et seq., "GLBA"), such information is processed solely to provide the MedicareCopilot Platform to Customers and their licensed-agent Users and is not disclosed to nonaffiliated third parties except as permitted by GLBA §§ 502(b)(2), 502(e), or 509(7)–(11) (for example, to service providers under confidentiality obligations, to complete a transaction authorized by the consumer, or as required by law). HealthcareGPS is not the consumer's insurance agent, and each Customer is solely responsible for providing its own GLBA privacy notice to its clients as required by applicable state insurance law.

Accessibility of this Policy

We are committed to making this Privacy Policy accessible to individuals with disabilities. If you need this Privacy Policy in an alternative format (for example, large print, audio, or a screen-reader-friendly format), please contact us at privacy@healthcareGPS.ai and we will provide one within a reasonable time and at no charge.

Data Security

We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure.

The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.

Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

If we become aware of a Breach of Unsecured Protected Health Information (as each is defined at 45 CFR § 164.402) affecting Customer data that we process on behalf of a Covered Entity, we will notify the affected Customer without unreasonable delay, and in no case later than ten (10) business days after discovery, in accordance with the Business Associate Agreement between us and that Customer. For other security incidents involving personal information that is not PHI, we will provide notice to affected individuals or customers as required by applicable federal and state breach-notification laws, and in all cases without unreasonable delay after discovery and completion of any reasonable investigation necessary to determine the scope of the incident.

Protected Health Information and HIPAA

Certain HealthcareGPS products, including the MedicareCopilot Platform, may involve the creation, receipt, maintenance, or transmission of Protected Health Information ("PHI") as defined under the Health Insurance Portability and Accountability Act of 1996 and its implementing regulations, as amended ("HIPAA"). Where HealthcareGPS acts as a business associate of a covered entity, the handling of PHI is governed by the executed Business Associate Agreement ("BAA") between HealthcareGPS and the applicable customer, and by HIPAA, rather than by this Privacy Policy. In the event of any conflict between this Privacy Policy and an executed BAA with respect to the treatment of PHI, the BAA controls.

HealthcareGPS does not sell PHI. HealthcareGPS may de-identify PHI and other personal information in accordance with 45 CFR § 164.514 and applicable law and use such de-identified data to improve the Platform, generate industry benchmarks, and support internal research and product development. Once data has been de-identified in accordance with applicable law, it is no longer personal information or PHI and is not subject to the restrictions of this Privacy Policy, HIPAA, or any executed BAA.

Changes to Our Privacy Policy

It is our policy to post any changes we make to our privacy policy on this page. If we make material changes to how we treat our users' personal information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page. You are responsible for ensuring we have an up-to-date active and deliverable email address for you, and for periodically visiting our Website and this privacy policy to check for any changes.

Contact Information

To ask questions or comment about this privacy policy and our privacy practices, contact us at support@healthcareGPS.ai.