Privacy Policy

1. Introduction

CoverGuard, Inc. (“CoverGuard,” “we,” “us,” or “our”) respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform (“Platform”). We process personal data in accordance with applicable privacy laws, including the California Consumer Privacy Act (CCPA), the California Privacy Rights Act (CPRA), and other applicable U.S. state privacy statutes.

2. Information We Collect

We limit the collection of personal information to what is necessary to provide, operate, and improve the Platform (“data minimization”). We collect the following categories of information:

3. How We Use Your Information

We process your personal information only for specific, documented purposes (“purpose limitation”). We use the information we collect to:

• Provide, maintain, and improve the Platform
• Create and manage your account
• Process quote requests and connect you with insurance carriers
• Send transactional emails (account confirmation, quote updates)
• Analyze usage patterns to improve our service
• Detect, prevent, and address fraud, unauthorized access, or security incidents
• Maintain audit logs for security monitoring and incident investigation
• Comply with legal and regulatory obligations

We do not sell, rent, or trade your personal information to third parties for monetary or other valuable consideration.

4. Information Sharing & Subprocessors

We may share your information with the following categories of recipients:

• Insurance carriers — only when you explicitly request a quote, and only the minimum information necessary to fulfill that request
• Service providers (subprocessors) — vetted third-party vendors who assist in operating the Platform (e.g., database hosting, authentication, cloud infrastructure). All subprocessors are bound by written data processing agreements that require them to protect your data with security measures at least as stringent as our own and to process data solely on our documented instructions
• Legal authorities — when required by law, court order, subpoena, or governmental authority, or to protect the rights, property, or safety of CoverGuard, our users, or the public
• Business transfers — in connection with a merger, acquisition, or sale of assets, with appropriate prior notice to users. Any successor entity will be bound by this Privacy Policy with respect to your previously collected data

5. Data Security

We maintain a comprehensive information security program designed to protect the confidentiality, integrity, and availability of your personal information. Our security measures include:

• Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
• Secure authentication with support for multi-factor authentication (MFA)
• Role-based access controls enforcing least-privilege principles across all systems
• Continuous monitoring, intrusion detection, and automated alerting
• Regular penetration testing, vulnerability assessments, and independent security audits
• Documented incident response procedures with defined escalation paths
• Employee security awareness training conducted at onboarding and annually thereafter
• Formal change management processes for all production systems

No method of electronic transmission or storage is 100% secure. While we maintain rigorous safeguards, we cannot guarantee absolute security. We continuously evaluate and enhance our security posture to address emerging threats.

6. Breach Notification

In the event of a confirmed security breach that compromises your personal information, we will notify affected users without unreasonable delay and in accordance with applicable law. Notification will include a description of the incident, the categories of data involved, the measures taken to address the breach, and steps you can take to protect yourself. We will also notify relevant regulatory authorities as required by applicable law.

7. Cookies and Tracking

We use strictly necessary cookies to maintain your session and authenticate your identity. We do not use third-party advertising or behavioral tracking cookies. You can control cookies through your browser settings, but disabling essential cookies may affect Platform functionality.

8. Data Retention & Disposal

We retain your personal information only for as long as necessary to fulfill the purposes described in this Policy, or as required by law. Specific retention periods are as follows:

• Account data — retained while your account is active and for 30 days following account deletion to allow recovery
• Search history and usage logs — retained for up to 24 months, then automatically purged or anonymized
• Quote request records — retained for up to 7 years to comply with insurance and financial record-keeping requirements
• Security and audit logs — retained for a minimum of 12 months for security monitoring and incident investigation

When data reaches the end of its retention period, it is securely deleted or irreversibly anonymized using industry-standard disposal methods.

9. Your Rights

Depending on your jurisdiction, you have the following rights regarding your personal information:

• Access — request a copy of the personal information we hold about you
• Correction — request correction of inaccurate or incomplete data
• Deletion — request deletion of your personal information, subject to legal retention obligations
• Restriction — object to or restrict certain processing of your data
• Portability — receive your data in a structured, commonly used, machine-readable format
• Withdrawal of consent — withdraw consent at any time where processing is based on consent
• Non-discrimination — you will not be discriminated against for exercising any of these rights

To exercise these rights, contact us at privacy@coverguard.com. We will respond to verified requests within 30 days. If we need additional time, we will notify you of the reason and extension period (not to exceed an additional 60 days).

10. California Privacy Rights (CCPA/CPRA)

California residents have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

• The right to know what personal information we collect, use, disclose, and sell
• The right to delete personal information we have collected
• The right to correct inaccurate personal information
• The right to opt-out of the sale or sharing of personal information
• The right to limit use of sensitive personal information
• The right to non-discrimination for exercising your rights

We do not sell or share personal information as defined under the CCPA/CPRA. For CCPA requests, contact privacy@coverguard.com.

11. Children's Privacy

The Platform is not intended for users under the age of 18. We do not knowingly collect personal information from children. If we learn that we have inadvertently collected such information, we will delete it promptly and notify any relevant authorities as required by law.

12. Third-Party Links

The Platform may contain links to third-party websites or services. We are not responsible for the privacy practices of those websites and encourage you to review their privacy policies before providing any personal information.

13. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by updating the “Last updated” date, sending an email to the address associated with your account, and, where required by law, obtaining your renewed consent. Your continued use of the Platform after the effective date of any changes constitutes acceptance of the updated policy.

14. Contact Us

For privacy-related questions, to exercise your data rights, or to report a concern, contact our Privacy Team at privacy@coverguard.com or write to: CoverGuard, Inc., Privacy Team, Wilmington, DE 19801.