Privacy Policy

Last updated: April 16, 2026

InsureGrades, LLC ("InsureGrades," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website and services (collectively, the "Service").

1. FCRA Notice — NIPR Producer Database Access

InsureGrades accesses the National Insurance Producer Registry ("NIPR") Producer Database ("PDB") to verify insurance producer licenses. This access is conducted under a permissible purpose as defined by the Fair Credit Reporting Act ("FCRA"), 15 U.S.C. § 1681 et seq. — specifically, in accordance with the written instructions of the consumer (the producer) to whom the information relates, pursuant to 15 U.S.C. § 1681b(a)(2).

NIPR PDB data is accessed solely at the producer's express request to verify their own license status. InsureGrades does not use NIPR data for employment screening, credit decisions, tenant screening, or any other purpose that would constitute a "consumer report" under the FCRA beyond the producer's own authorized lookup.

Producers have the right to dispute the accuracy of information contained in NIPR records directly with their state insurance department or with NIPR at nipr.com. InsureGrades is not a consumer reporting agency with respect to NIPR data and is not responsible for errors in underlying state licensing records.

2. Information We Collect

Information you provide directly:

  • Account registration data: name, email address, password
  • Producer profile data: National Producer Number (NPN), business name, bio, photo, states of licensure, insurance specialties, website, social media links
  • Payment information: processed and stored by Stripe — we never store raw card numbers
  • Review content submitted by consumers
  • Quote requests submitted by consumers
  • Communications with our support team

Information collected automatically:

  • Usage data: pages viewed, features used, session duration
  • Device and browser information: IP address, browser type, operating system
  • Analytics events: profile views, search queries, badge impressions (stored in our own database — no third-party analytics)
  • IP addresses used for rate limiting and fraud prevention on submission endpoints

Information from third parties:

  • NIPR: license status, expiration dates, lines of authority, regulatory actions — retrieved only at producer's request
  • Stripe: subscription status, payment method type (last 4 digits only)

3. How We Use Your Information

We use the information we collect to:

  • Create and manage your account
  • Verify your insurance licenses through NIPR at your request
  • Display your public producer profile and verified badge to consumers
  • Process subscription payments through Stripe
  • Send transactional emails (license alerts, review notifications, billing receipts) via Resend
  • Send push notifications via OneSignal if you have opted in
  • Detect and prevent fraud, abuse, and unauthorized access
  • Enforce our Terms of Service
  • Improve the Service through aggregated, anonymized analytics
  • Comply with legal obligations

We do not sell your personal information to any third party. We do not use your information for targeted advertising or share it with data brokers.

4. Legal Bases for Processing (where applicable)

Where required by applicable law (including GDPR for users in the EEA), we process your personal data under the following legal bases:

  • Contract: processing necessary to fulfill your subscription and provide the Service
  • Consent: NIPR lookups conducted at your express instruction; push notifications (opt-in)
  • Legitimate interests: fraud prevention, security, service improvement
  • Legal obligation: compliance with applicable laws

5. How We Share Your Information

We share your information only in the following circumstances:

  • Supabase: our database and authentication provider. Data is stored in U.S.-based infrastructure.
  • Stripe: payment processing. Subject to Stripe's Privacy Policy.
  • Resend: transactional email delivery. Email content and recipient addresses are shared as necessary to deliver messages.
  • OneSignal: push notification delivery. Your device token and notification preferences are stored by OneSignal.
  • NIPR: your NPN and identifying information are submitted to NIPR's PDB solely to complete the license verification you request.
  • Public profile: your name, photo, license status, specialties, review scores, and verified badge are displayed publicly on your InsureGrades profile page.
  • Legal requirements: we may disclose information if required by law, subpoena, court order, or to protect the rights, property, or safety of InsureGrades, our users, or the public.
  • Business transfers: in the event of a merger, acquisition, or sale of assets, your information may be transferred as part of the transaction. We will notify you via email prior to such a transfer.

6. Data Retention

We retain your personal information for as long as your account is active or as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements.

  • Account data is retained while your account is active and for up to 90 days after deletion to allow for dispute resolution
  • NIPR verification logs are retained for a minimum of 5 years for compliance purposes
  • Payment records are retained as required by applicable tax and financial regulations (typically 7 years)
  • Reviews may be retained in anonymized form after account deletion
  • IP addresses collected for rate limiting are retained for 90 days

To request deletion of your account and personal data, contact privacy@insuregrades.com. We will process verified deletion requests within 30 days, subject to legal retention requirements.

7. Data Security

We implement commercially reasonable technical and organizational measures to protect your information, including:

  • TLS/HTTPS encryption for all data in transit
  • Encryption at rest via Supabase (AES-256)
  • Row-level security policies limiting database access to authorized users only
  • Service role keys restricted to server-side processes only
  • No storage of raw payment card data (handled entirely by Stripe)

No security measure is 100% effective. In the event of a data breach that affects your personal information, we will notify you and applicable regulatory authorities as required by applicable law.

8. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

  • Access: request a copy of the personal information we hold about you
  • Correction: request correction of inaccurate or incomplete information
  • Deletion: request deletion of your personal information, subject to legal retention requirements
  • Portability: request your data in a structured, machine-readable format
  • Objection / Restriction: object to or request restriction of certain processing activities
  • Withdraw consent: withdraw consent for processing based on consent (e.g., push notifications) at any time

To exercise any of these rights, contact privacy@insuregrades.com. We will respond to verified requests within 30 days.

9. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act ("CCPA") and California Privacy Rights Act ("CPRA"):

  • The right to know what personal information we collect, use, disclose, and sell
  • The right to delete personal information we have collected from you
  • The right to correct inaccurate personal information
  • The right to opt out of the sale or sharing of personal information (we do not sell or share personal information for cross-context behavioral advertising)
  • The right to limit use of sensitive personal information
  • The right to non-discrimination for exercising your privacy rights

To submit a CCPA/CPRA request, contact privacy@insuregrades.com with the subject line "California Privacy Request."

10. Cookies and Tracking

We use strictly necessary cookies to maintain your authenticated session. We do not use third-party advertising cookies, tracking pixels, or behavioral advertising networks. Analytics are collected through first-party database events stored in our own infrastructure.

You may configure your browser to block or delete cookies, but doing so may prevent you from logging in or using certain features of the Service.

11. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal information, please contact us at privacy@insuregrades.com and we will delete that information promptly.

12. International Data Transfers

InsureGrades is based in the United States. If you access the Service from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those in your country. By using the Service, you consent to this transfer.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or by posting a prominent notice on the Service at least 30 days before the changes take effect. Your continued use of the Service after the effective date constitutes acceptance of the updated policy.

14. Contact Us

For privacy questions, requests, or concerns, contact our Privacy Team at:

privacy@insuregrades.com
InsureGrades, LLC