Skip to main content

Privacy Policy

Last updated May 13, 2026

In plain English

  • We collect only what we need to help you find health coverage — name, contact info, ZIP, household size, date of birth, and any plan preferences you share.
  • We never sell your information. We share it only with the parties needed to get you quoted and enrolled (e.g., the quoting platform and the carrier you choose).
  • We use privacy-respecting analytics (Plausible) — no Google Analytics, no Meta Pixel, no advertising trackers.
  • You can ask us at any time to see, correct, or delete the information we hold about you. Email compliance@bindlyhealth.com.

1. Who we are

Bindly Health is an independent licensed health insurance agency. We help individuals, families, and employers find and enroll in health-insurance plans. Our agency licensing information, including state of licensure and license number, appears in the footer of every page on this site and on the Licensing page.

2. Information we collect

We collect information in three ways:

  • What you give us directly. When you fill out a quote form or talk to an agent, you share information like your name, email, phone, ZIP, date of birth, household size, tobacco use, estimated income, and the health-coverage situation that brought you to us.
  • What your browser sends automatically. Your IP address, browser type, device characteristics, and the pages you view. We use Cloudflare for hosting and DDoS protection, and Plausible for aggregated analytics.
  • What carriers and quoting platforms send back. When you request a quote, the carrier or platform we route to (HealthSherpa One for individual ACA, the carrier directly for ancillary lines) sends back plan options, and once you enroll, your policy details. We store enough of this to manage your policy in your account.

3. How we use your information

  • To get you accurate health-coverage quotes and to help you enroll.
  • To service your policy after you enroll — renewals, claims advocacy, billing questions, document delivery, and Special Enrollment Period (SEP) support.
  • To communicate with you about your quote or policy. We send service-related emails by default; we send marketing emails or SMS only if you opt in (see TCPA section below).
  • To meet our legal, regulatory, and licensing obligations.
  • To detect and prevent fraud, abuse, and security incidents.

4. HIPAA — Notice of Privacy Practices

Bindly Health operates as a business associate to HIPAA-covered entities (carriers, health plans) for some workflows. For Protected Health Information (PHI) that we handle on a covered entity's behalf, we operate under a Business Associate Agreement and apply the HIPAA Privacy and Security Rules.

We do not store medical records, claims, diagnosis codes, or prescription information in our systems. PHI of that kind remains at the carrier and at the quoting platform. The customer portal on bindlyhealth.com retrieves such information live from those sources only when you ask to view it, and only after authentication.

You have the rights described in the HHS Notice of Privacy Practices model. To exercise any of those rights, email compliance@bindlyhealth.com or write to the address in our footer.

5. SMS messages and phone calls (TCPA)

We only send SMS messages or place automated calls to a phone number you provided and for which you explicitly checked the SMS-consent box on a Bindly Health form. Consent is not a condition of getting a quote or enrolling. Standard message and data rates apply. Reply STOP at any time to unsubscribe; reply HELP for help.

Live calls from a licensed Bindly Health agent to discuss your quote are placed only during normal business hours unless you've asked us otherwise.

6. Cookies and analytics

We use a small set of essential cookies (for sign-in sessions and attribution between the lead form and our agent network) and one privacy-respecting analytics service — Plausible — which does not use cookies and does not identify individual visitors.

We do not use Google Analytics, Meta Pixel, or any other advertising tracker on bindlyhealth.com. We do not run remarketing or behavioral-advertising programs.

7. Service providers we share information with

To provide the service, we share information with the following service providers under contractual data-protection terms (and Business Associate Agreements where applicable):

  • Cloudflare — hosting, content delivery, DDoS protection, database (D1), and storage (R2).
  • HealthSherpa One — individual ACA health-plan quoting and enrollment platform.
  • Clerk — sign-in and identity for the customer portal.
  • Paubox — HIPAA-compliant transactional email delivery.
  • Plausible — privacy-respecting aggregated analytics.
  • Sentry — error monitoring (with PII scrubbing applied).
  • Carriers — the specific insurance carrier whose plan you select (e.g., Blue Cross Blue Shield, Aetna, UnitedHealthcare, etc.).
  • Anthropic — large-language-model provider for the benefits chat feature. We sanitize input before sending and never send Protected Health Information.

8. Your privacy rights

Depending on where you live, you have one or more of the following rights. For privacy questions or requests under CCPA/state privacy laws, contact us at compliance@bindlyhealth.com.

  • Right to access — get a copy of the information we hold about you.
  • Right to correction — fix anything we have wrong.
  • Right to deletion — ask us to delete your information, subject to legal retention requirements (insurance regulators require us to keep policy records for several years).
  • Right to opt out of sales / sharing — we do not sell or share your information for cross-context behavioral advertising. This setting is permanently on by default.
  • Right to limit use of sensitive information — health information we handle is used only to provide the service.
  • Right to non-discrimination — we will not retaliate against you for exercising these rights.

California residents may also designate an authorized agent to make requests on their behalf. We respond to verifiable requests within 45 days.

9. Children

bindlyhealth.com is not directed at children under 13, and we do not knowingly collect information from children under 13. If a parent or guardian has questions about information that a dependent child's policy includes, please contact us.

10. Security

We protect information in transit with TLS and at rest with encryption. We use role-based access controls and audit logging for staff access to customer data. We require multi-factor authentication for staff accounts that touch customer data.

No system is perfectly secure. If we ever experience a breach affecting your information, we will notify you and the appropriate regulators in accordance with applicable law.

11. Data retention

We retain quote and lead information for up to 7 years to comply with state insurance recordkeeping requirements. Policy records are retained for at least 7 years after policy termination. Marketing-preference choices are retained for as long as the preference is in effect. Audit logs are retained for 7 years.

12. Changes to this policy

We may update this policy from time to time. When we make material changes, we will notify you by email (if we have one on file) and post a notice on this page. The "Last updated" date at the top reflects the most recent change.

13. Contact us

For privacy questions or requests under CCPA/state privacy laws, contact us at compliance@bindlyhealth.com. For general inquiries, use the Contact page.

To file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights regarding HIPAA, see hhs.gov/hipaa/filing-a-complaint.

Related: Terms of Service · Accessibility · Licensing