Cookie & Tracking Technologies Notice
Effective date: June 22, 2026
The short version. When you visit shophealthcare.com, we and a few service providers use cookies, pixels, and tags to make the site work, to see how it's used, and to measure our advertising. We use Google Tag Manager, Google Analytics 4, and the Meta (Facebook/Instagram) Pixel plus the Meta Conversions API. We don't sell your personal information for money, but our use of advertising tools like the Meta Pixel may count as a "sale" or "share" under some state privacy laws — and you can opt out. You can also turn cookies off in your browser and use a Global Privacy Control signal, which we honor where required.
About this notice
This Cookie & Tracking Technologies Notice explains the cookies and similar technologies used on shophealthcare.com (the "Site"), operated by Core Value Insurance Associates, LLC (NPN #19482230), 1 Century Lane, Miami Beach, FL 33139 ("ShopHealthcare," "we," "us"). ShopHealthcare is a licensed, independent, off-exchange health insurance brokerage. It is not an insurance carrier, not the ACA Marketplace or HealthCare.gov, and not a government agency.
This notice works together with our Privacy Policy, our Health Data Practices notice, our Communications notice, and our Terms of Service. Where this notice and the Privacy Policy describe the same practice, read them together; the Privacy Policy controls your overall privacy rights.
What cookies and similar technologies are
"Cookies" are small text files a website stores on your device. "Similar technologies" include pixels (also called tags or beacons), software development kits (SDKs), and local storage. They can be:
- First-party — set by ShopHealthcare; or third-party — set by a service provider such as Google or Meta.
- Session — deleted when you close your browser; or persistent — kept until they expire or you delete them.
Pixels are not stored on your device the way cookies are; they are small bits of code on a page that fire when the page loads or you take an action, and they can send information (and read or set cookies) for the company that provided them.
The categories we use
We group the technologies on our Site into three categories.
Strictly necessary
These are required for the Site to function — for example, to load pages, keep your enrollment session together as you move through it with our AI assistant Nora, remember your progress, and provide basic security. The Site will not work properly without them, so they are always on and are not used for advertising. This includes the container/loader function of Google Tag Manager (described below) and first-party session and local-storage entries.
Analytics
These help us understand how visitors find and use the Site — which pages are viewed, how long the quote/enrollment flow takes, and where people drop off — so we can improve it. We use Google Analytics 4 for this.
Advertising
These help us measure and improve our advertising and, in some cases, reach people with relevant ads on other platforms. We use the Meta Pixel and the Meta Conversions API for this. As explained below, this category is the one most likely to be treated as a "sale" or "share" under state privacy laws.
The specific tools on our Site
Google Tag Manager (GTM)
GTM is a tag-management container from Google that loads and controls the other tags on the Site (such as GA4 and the Meta Pixel). The container itself does not, by default, collect personal information about you for its own purposes; it is the delivery mechanism for the tags described here. Because it is what makes the Site's measurement work, we treat the GTM container as strictly necessary, while the tags it loads fall into their own categories. Google acts as our service provider for GTM. See Google's terms at marketingplatform.google.com/about/tag-manager.
Google Analytics 4 (GA4)
Category: Analytics. GA4 measures Site usage. It typically sends to Google information such as your IP address (which Google uses to derive coarse, city/region-level location and then discards in this form), device and browser type, pages viewed, referring website, the actions you take on the Site, and a randomly generated analytics identifier stored in a cookie. We have configured GA4 for advertising and analytics measurement of our own Site. We do not use GA4 to send Google your name, email, phone number, date of birth, health answers, or insurance card information. Google processes this data as described at policies.google.com/privacy; you can opt out of Google Analytics across sites using Google's browser add-on at tools.google.com/dlpage/gaoptout.
Meta Pixel
Category: Advertising. The Meta Pixel is code from Meta Platforms, Inc. (Facebook/Instagram) that fires when you view pages or complete key steps (for example, starting a quote or submitting a lead). It can send to Meta information such as your IP address, browser/device data, the page URL, the event you took, and a Meta browser cookie identifier, which Meta may match to a Facebook or Instagram account. We use it to measure ad performance and to build and reach audiences. We have configured our events so that we do not intentionally transmit sensitive details such as your specific health conditions, date of birth, or insurance card data to Meta. Meta processes this data as a business partner; see facebook.com/privacy/policy.
Meta Conversions API (CAPI)
Category: Advertising. CAPI is a server-side companion to the Pixel. Instead of sending data only from your browser, our server sends conversion events (such as "lead submitted") directly to Meta, sometimes including hashed (scrambled) identifiers like a hashed email or phone number so Meta can match the event to an ad. This improves measurement accuracy when browser-based tracking is blocked or limited. We limit CAPI to advertising-measurement events and do not send your health answers or insurance card data through it.
A note on what we do not track here
The sensitive information you provide during enrollment — your basic health and eligibility answers and any insurance card scan you upload — is handled separately and is not shared with our analytics or advertising tools. How that information is collected, used, and retained is described in our Health Data Practices notice. We do not collect your Social Security number on the Site, and payment for any coverage you choose is handled by the insurance carrier at enrollment, not by these tracking tools.
Cookie categories at a glance
| Category | What it does | Tools | Data it can send | Can you turn it off? |
|---|---|---|---|---|
| Strictly necessary | Makes the Site work — sessions, enrollment progress, security, tag loading | First-party session/local storage; Google Tag Manager container | Session identifiers, basic device/security data | No — required for the Site to function |
| Analytics | Measures how the Site is used so we can improve it | Google Analytics 4 | IP address, device/browser, pages viewed, on-site actions, analytics cookie ID | Yes — browser controls and the GA opt-out add-on |
| Advertising | Measures and improves our ads; may build/reach audiences | Meta Pixel, Meta Conversions API | IP address, device/browser, page and event data, Meta cookie ID, and (via CAPI) hashed email/phone | Yes — Do Not Sell/Share, Global Privacy Control, browser and Meta ad controls |
"Sale" and "share" under state privacy laws, and how to opt out
We do not sell your personal information for money. We also state plainly across our Site that we never sell your data. However, several U.S. state privacy laws (such as California's CCPA/CPRA) define "sale" and "share" broadly — broadly enough that using advertising technologies like the Meta Pixel and Conversions API to disclose online identifiers for cross-context behavioral advertising can be treated as a "sale" or "share" even when no money changes hands. To be transparent, we treat our advertising category as potentially involving a "sale" or "share" under those laws.
You can opt out of this in the following ways:
- Do Not Sell or Share My Personal Information. Use the "Do Not Sell or Share My Personal Information" link in our Site footer, or email us at the address below. This signals us to stop disclosing your information for cross-context behavioral advertising.
- Global Privacy Control (GPC). If your browser or an extension sends a Global Privacy Control signal, we honor it as a valid opt-out of "sale"/"share" for that browser where required by law. Because GPC is browser- and device-specific, you may need to set it on each browser and device you use. Learn more at globalprivacycontrol.org.
- Platform-level ad controls. You can adjust ad personalization in your Facebook/Instagram ad settings and your Google ad settings.
Opting out of advertising does not stop the strictly necessary or, unless you also disable them, the analytics technologies, and it does not delete data already collected. For your other privacy rights (access, deletion, correction), see our Privacy Policy.
Managing cookies in your browser
Most browsers let you see what cookies are stored, block or delete them, and block third-party cookies. Doing so may break parts of the Site (for example, your enrollment session may not be remembered). Instructions for common browsers:
- Google Chrome: Settings > Privacy and security > Third-party cookies / Clear browsing data.
- Apple Safari: Settings > Privacy.
- Mozilla Firefox: Settings > Privacy & Security > Cookies and Site Data.
- Microsoft Edge: Settings > Cookies and site permissions.
You can also use industry opt-out pages for many advertising partners at the Digital Advertising Alliance (optout.aboutads.info) and the Network Advertising Initiative (optout.networkadvertising.org). Mobile devices offer their own ad-tracking controls in iOS and Android settings.
Consent and our cookie banner
Our Site does not currently display a cookie consent or preference banner. We recommend, and intend, to add one so you can accept or reject the analytics and advertising categories before they load (and we will treat that banner as the primary way to manage these technologies once it is live). Until that banner is in place, you can control these technologies using the browser settings and opt-out methods described above, including Global Privacy Control. We will update this notice when a banner is added.
Do Not Track
Some browsers offer a "Do Not Track" (DNT) setting. There is no common industry standard for how to respond to DNT, so our Site does not currently respond to DNT signals. We do, however, honor Global Privacy Control as described above.
Changes to this notice
We may update this notice as our Site, tools, or the law change. When we do, we will revise the effective date at the top. Material changes will be described on the Site.
Contact us
Questions about this notice or your choices?
Core Value Insurance Associates, LLC
1 Century Lane, Miami Beach, FL 33139
Email: privacy@shophealthcare.com
This notice is governed by the laws of the State of Florida, where our company is headquartered, without regard to its conflict-of-laws rules, except where another state's privacy law applies to you and grants you greater rights.