Privacy Policy

Agent HQ Pro provides software services to insurance organizations. Depending on implementation, we may act as a service provider or processor on behalf of customer organizations.

Customer organizations are responsible for determining lawful bases for processing and for meeting insurer, producer, and state regulatory notice requirements.

We may process account data, agency and producer profile details, licensing and appointment data, commission/payment records, and communication logs used for platform operations.

Where provided by customers, data may include consumer contact details, policy-related records, and other insurance workflow information.

Where customer workflows involve nonpublic personal information (NPI), data handling must align with applicable Gramm-Leach-Bliley Act (GLBA) privacy and safeguarding obligations.

Information is used to provide platform features including reconciliation, contracting workflows, compliance tracking, reporting, and customer support.

We may also use limited operational data to secure services, prevent misuse, troubleshoot issues, and improve platform reliability.

Customer organizations must ensure their use of the platform aligns with applicable federal and state insurance requirements, including producer conduct, recordkeeping, and disclosure obligations.

For ACA and Marketplace workflows, customers remain responsible for CMS and Marketplace compliance requirements including consent and enrollment controls where applicable.

Where adopted by applicable states, customers should also account for requirements reflected in the NAIC Insurance Information and Privacy Protection Model Act framework.

If customer workflows involve protected health information, parties must assess HIPAA applicability and execute required contractual safeguards (such as a business associate agreement) when legally required.

Customers are responsible for configuring access controls and limiting sensitive data collection to what is necessary for legitimate operations.

We do not sell personal information. We may share data with infrastructure and service providers that support hosting, analytics, support, communications, and security functions.

We require service providers to process data under contractual controls and only for authorized business purposes.

Agent HQ Pro maintains administrative, technical, and organizational safeguards intended to protect data against unauthorized access, alteration, disclosure, or destruction.

For covered financial information workflows, safeguards are designed to support customer compliance efforts with the FTC Safeguards Rule under 16 CFR Part 314.

No system is perfectly secure. Customers must also maintain strong internal controls, user access governance, and secure endpoint practices.

Data retention periods depend on contractual terms, legal obligations, and legitimate business needs such as auditability and dispute resolution.

Customers are responsible for retaining records for periods required by insurance, tax, and other applicable laws in their jurisdictions.

Where required by law, individuals may have rights such as access, correction, deletion, portability, appeal, and opt-out rights.

For California residents under CCPA/CPRA, this may include the Right to Know, Right to Delete, Right to Correct, Right to Opt-Out of Sale or Sharing, Right to Limit Use and Disclosure of Sensitive Personal Information, and the Right to Non-Discrimination.

Customer organizations are primarily responsible for responding to regulated rights requests for data they control, and Agent HQ Pro will provide reasonable support under applicable agreements.

Customers operating across multiple U.S. states are responsible for ensuring state-specific compliance, including privacy notices, breach notifications, and insurance disclosure obligations.

If Agent HQ Pro confirms a breach affecting customer data, we will notify impacted customers within a commercially reasonable timeframe, consistent with applicable law and contractual obligations.

If data transfers or external access occur across jurisdictions, customers must ensure those flows are legally authorized and contractually governed.

We may update this Privacy Policy to reflect legal, regulatory, contractual, or operational changes.

Material updates will be posted with a revised effective date.