Privacy Policy

Last Modified: February 20, 2026

1. Introduction

QuoteDeck ("QuoteDeck", "we", "us", or "our") is committed to protecting your privacy and safeguarding your personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect your information when you use our website, software application, and related services (collectively, the "Platform").

Data Infrastructure: We use AWS RDS with AES-256 encryption and TLS 1.3 to secure your data at rest and in transit.

Data Roles:

  • Data Controller: QuoteDeck acts as a data controller with respect to your account, billing, and usage information.
  • Data Processor & Business Associate: QuoteDeck acts as a data processor and a Business Associate (as defined by HIPAA) with respect to client information and Protected Health Information (PHI) submitted by users.

2. Information We Collect

2.1 Information You Provide to Us

  • Account & Subscription: Name, email, phone, business address, license information, and billing details.
  • Platform Content: Client PII, medical intake form responses, quote data, and branding assets.
  • Communication: Content provided when contacting support.

2.2 Information Automatically Collected

  • Device & Usage: IP address, browser type, and general geographic location.
  • Log Data: Access times, error logs, and immutable audit trails (satisfying 2026 security standards).

2.3 Information from Third Parties

  • Infrastructure Partners: Payment confirmations (Stripe) and authentication verification (Supabase).
  • Insurance Data Providers: Carrier rates and plan data.

3. How We Use Your Information

3.1 Service Delivery & Compliance

  • Provide and maintain the Platform, generate insurance quotes, and manage intake forms.
  • HIPAA Compliance: Process Protected Health Information (PHI) according to the technical and administrative safeguards required by the 2026 HIPAA Security Rule.

3.6 User Responsibility for Consent (Crucial)

Important: Users are solely responsible for obtaining all required notices, consents, and authorizations (including HIPAA Authorizations and TCPA consents for SMS) from their clients before submitting data. QuoteDeck is a secure processor; the user is the primary gatekeeper for client consent.

4. How We Share Your Information

We do not sell your Personal Information.

  • Service Providers: We share data with AWS (Hosting) and communication providers. All infrastructure partners are contractually bound by Business Associate Agreements (BAAs).
  • Legal Requirements: We disclose information only when required by law, court order, or for 2026 Breach Notification compliance.

5. Data Security

We implement rigorous safeguards, including:

  • Encryption: AES-256 at rest (AWS RDS) and TLS 1.3 in transit.
  • MFA: Mandatory Multi-Factor Authentication for all administrative and agent access.
  • Monitoring: 24/7 automated threat detection via AWS GuardDuty.
  • Resilience: 7-day Point-in-Time Recovery and a 72-hour restoration objective.

6. Data Retention

  • Active Accounts: Data is retained for the duration of your subscription.
  • Compliance Archiving: In accordance with 2026 regulatory standards, system access logs and audit trails are retained for six (6) years to ensure a permanent record of data access.
  • Deletion: Upon valid request, production data is deleted or anonymized within 30 days.

7. Cookies and Tracking Technologies

We use essential cookies for authentication and session security. We honor Global Privacy Control (GPC) signals.

8. Your Rights and Choices

8.5 California (CCPA/CPRA)

Right to know, delete, and opt-out of data sales (which we do not perform).

8.6 European (GDPR)

Right to access, rectification, erasure, and data portability.

8.7 HIPAA Rights Support

QuoteDeck provides the technical tools (Audit Logs and Data Export) necessary for our users to satisfy their clients' rights to an "Accounting of Disclosures" under HIPAA.

9. Children's Privacy

The Platform is not intended for individuals under the age of 18.

10. International Data Transfers

Data is processed in the United States under our secure BAA framework.

11. Contact Us

For privacy inquiries or to reach our Designated Security & Privacy Officer:

Email: support@quotedeck.app
Website: quotedeck.app