Privacy Policy
Effective date: June 22, 2026
The short version. ShopHealthcare is operated by Core Value Insurance Associates, LLC, a licensed independent health insurance brokerage. We collect what we need to find and enroll you in private, off-exchange health coverage: your name, contact details, date of birth, location, household, basic health and eligibility answers, and an optional photo scan of your insurance card. We use that information to quote, recommend, and enroll coverage with insurance carriers, and we share it only with the partners who help us do that (our quoting tool, our email provider, our advertising platforms, and the carrier you enroll with). We do not sell your personal information, and we don't ask for your Social Security number on this site. Depending on where you live, you have rights to see, correct, delete, and limit how we use your data, plus a right to tell us not to "share" it for cross-context advertising. Health and insurance-card information get extra protection under our Health Data Practices Notice, and tracking is explained in our Cookie Notice.
1. Who We Are and What This Policy Covers
This Privacy Policy explains how Core Value Insurance Associates, LLC ("Core Value," "we," "us," or "our"), doing business as ShopHealthcare, collects, uses, shares, and protects personal information when you visit shophealthcare.com (the "Site"), interact with our AI enrollment assistant ("Nora"), speak with our licensed agents, or otherwise use our services (together, the "Services").
Core Value is a licensed, independent, off-exchange health insurance brokerage (National Producer Number 19482230). We help consumers shop for and enroll in private health coverage offered by participating insurance carriers, including a fixed-indemnity/supplemental product marketed as "Health ProtectorGuard" and related supplemental add-ons such as accident coverage. We are not an insurance carrier, not the ACA Health Insurance Marketplace or HealthCare.gov, and not a government agency. We do not offer every plan available in your area; we offer plans from carriers we work with, and we never sell ACA Marketplace plans, Medicare, Medicaid, or government subsidies.
This policy applies to personal information we handle as a business in our own right. When we help enroll you with an insurance carrier, the carrier handles your information under its own privacy notice once you become its applicant or policyholder. Please read the carrier's notice as well.
This policy works together with our Health Data Practices Notice (how we treat health and insurance-card information), our Cookie Notice (tracking technologies), our Communications and Consent Policy (email, calls, and future text messages), and our Terms of Service.
2. Information We Collect
2.1 Information You Give Us
When you use the Site, chat with Nora, or work with one of our licensed agents to get a quote or enroll, we collect:
- Identifiers and contact details — your name, email address, phone number, and mailing or residential ZIP code and state.
- Date of birth and age — used to determine eligibility and to price coverage.
- Household and family composition — for example, whether you are quoting for yourself, a spouse or partner, and dependents, and their ages.
- Health and eligibility answers — basic questions about your situation (for example, tobacco use or simple eligibility questions) needed to match you to coverage. We treat this as sensitive personal information.
- Insurance-card scan — if you choose to use the camera/upload feature, an image of your current insurance card, which we process with optical character recognition (OCR) to read its text and speed up your quote. Providing a card scan is optional. We treat insurance-card information as sensitive personal information.
- Communications — the contents of your chats with Nora, your messages and calls with our agents, and any support requests.
We do not ask for or collect your Social Security number on the Site. A carrier may request it directly from you later as part of binding a policy; that collection is governed by the carrier's privacy notice. We do not collect payment information on the Site. Payment for any coverage you buy is handled by the insurance carrier at enrollment.
2.2 Information We Collect Automatically
When you visit the Site, we and our analytics and advertising partners automatically collect:
- Device and connection information — IP address, browser type, operating system, device identifiers, and general location inferred from your IP address.
- Usage information — pages and screens viewed, links and buttons clicked, the steps you complete in the quote flow, referring/exit pages, and timestamps.
- Cookies, pixels, tags, and similar technologies — set through Google Tag Manager, Google Analytics 4, the Meta Pixel, and related tools. See Section 6 and our Cookie Notice.
2.3 Information From Third Parties
We may receive information about you from our service providers and advertising partners — for example, eligibility or quoting results from our quoting partner, deliverability and engagement data from our email provider, and advertising and conversion measurement data from Meta and Google. If you reach us through an advertisement or referral, we may receive limited information about how you arrived.
3. Sensitive Personal Information
Some of what we collect is "sensitive" under U.S. state privacy laws. This includes your health and eligibility answers and the contents of your insurance-card scan (which can reveal health-coverage and, indirectly, health information). We collect this information only to provide the Services you ask for — quoting, comparing, recommending, and enrolling in coverage. We do not use or disclose sensitive personal information to infer characteristics about you, and we do not use it for targeted advertising. For more detail on how we handle health and insurance-card information, including the OCR scan, see our Health Data Practices Notice.
A note on HIPAA. Core Value is an insurance brokerage and is not a HIPAA Covered Entity in its role operating this Site. That means HIPAA generally does not govern the information you give us here. We nevertheless treat your health and insurance-card information as sensitive and protect it as described in this policy and our Health Data Practices Notice. Once you enroll with a carrier, the carrier and its health plan partners may be subject to HIPAA, and their privacy notices will apply to information they hold.
4. How We Use Your Information
We use your information to:
- Provide quotes and recommendations — determine eligibility, generate and compare plan options, and (through Nora and our licensed agents) recommend coverage that fits your situation.
- Enroll you in coverage — prepare and submit your application to the insurance carrier you choose. Nora does not bind coverage and is not a licensed agent; every enrollment is reviewed and executed by a licensed human agent at Core Value Insurance Associates, LLC.
- Read your insurance card — process the optional card scan with OCR to pre-fill information and speed up your quote.
- Communicate with you — send transactional and follow-up emails, call you about your quote or enrollment, respond to your questions, and (in the future, and only with your express written consent) send text messages. See our Communications and Consent Policy.
- Operate, secure, and improve the Services — run and maintain the Site, prevent fraud and abuse, debug, and understand how the Site is used so we can improve it.
- Advertise and measure — promote our Services and measure the performance of our advertising using analytics and conversion tools from Google and Meta. We do not use your health or insurance-card information for advertising.
- Comply with law — meet insurance, recordkeeping, and other legal obligations, and respond to lawful requests.
5. How We Share Your Information
We share personal information only as described below. We do not sell your personal information for money.
5.1 Service Providers and Partners
| Recipient | What they do | What we share |
|---|---|---|
| Quotit | Quoting and eligibility engine | Eligibility and quoting inputs such as ZIP/state, date of birth, household composition, and basic eligibility answers |
| Klaviyo | Email delivery and engagement | Name, email address, and engagement data to send and measure transactional and marketing email |
| Meta | Advertising and conversion measurement (Meta Pixel and Conversions API) | Online identifiers, event and conversion data, and limited contact data used in hashed form for ad measurement and audiences |
| Analytics and tag management (Google Analytics 4, Google Tag Manager) | Online identifiers and usage/event data for analytics and measurement | |
| Insurance carriers | Issue and administer the coverage you choose | The application information needed to enroll you, which the carrier then handles under its own privacy notice |
We do not share your health or insurance-card information with our advertising partners (Meta and Google). We share that information only with the parties needed to quote and enroll your coverage (such as Quotit and the carrier you choose).
5.2 Legal, Safety, and Business Transfers
We may disclose information to comply with law, regulation, legal process, or a government request; to enforce our agreements; to protect the rights, property, or safety of Core Value, our users, or others; and in connection with a merger, acquisition, financing, or sale of assets, in which case we will require the recipient to honor this policy or notify you of any material change.
5.3 "Selling" and "Sharing" Under State Law
We do not sell your personal information. However, when our advertising and analytics partners (Meta and Google) set cookies and similar technologies on the Site, those disclosures may be considered a "sale" or "share" (for cross-context behavioral advertising) under some U.S. state privacy laws, even though no money changes hands. We give you a way to opt out — see Sections 7 and 8 and the Cookie Notice. We do not knowingly sell or share the personal information of consumers we know to be under 16.
6. Cookies and Tracking Technologies
We use Google Tag Manager and Google Analytics 4 to understand how the Site is used, and the Meta Pixel together with the Meta Conversions API to measure and optimize our advertising. The Conversions API can send conversion events to Meta from our server in addition to (or instead of) the browser pixel.
We currently do not display a cookie-consent banner or preference center on the Site. Today you can control most tracking through your browser settings, device-level ad controls, and the opt-out mechanisms described in Sections 7 and 8 (including Global Privacy Control). We are working to add an on-site consent and preference tool. Full details, including the categories of cookies and how to opt out, are in our Cookie Notice.
7. Your Privacy Rights (All U.S. Residents)
Regardless of where you live, you can:
- Opt out of marketing email — use the unsubscribe link in any marketing message or contact us. Transactional messages about your quote or enrollment may still be sent.
- Ask us not to call you — tell our agent or contact us, and we will honor your request and applicable do-not-call rules.
- Access, correct, or delete — ask for a copy of the personal information we hold about you, correct it, or ask us to delete it, subject to legal and recordkeeping exceptions described below.
- Opt out of "sale"/"sharing" and targeted advertising — see Section 8 and our Cookie Notice.
To exercise any right, contact us using Section 14. We will verify your request (and you may use an authorized agent where the law allows). We will not discriminate against you for exercising your rights.
8. Your California Privacy Rights (CCPA/CPRA)
If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, gives you the rights described here. Note: information we handle that is regulated by the Gramm-Leach-Bliley Act (see Section 10) is exempt from the CCPA; the rights below apply to personal information not covered by that exemption.
8.1 Notice at Collection
We collect the categories of personal information listed below for the business and commercial purposes described in Section 4. We disclose these categories to the service providers and partners listed in Section 5. We do not sell personal information for money; certain advertising cookie disclosures may be a "sale" or "share" as described in Section 5.3. We retain personal information as described in Section 11.
8.2 Categories of Personal Information
| CCPA category | Examples we collect | Disclosed for a business purpose to |
|---|---|---|
| Identifiers | Name, email, phone, IP address, ZIP/state, online identifiers | Quotit, Klaviyo, Meta, Google, carriers |
| Customer records | Contact details provided during quoting/enrollment | Quotit, Klaviyo, carriers |
| Protected classification characteristics | Age/date of birth | Quotit, carriers |
| Commercial information | Coverage you considered or selected | Quotit, carriers |
| Internet/network activity | Browsing and interaction with the Site and ads | Google, Meta |
| Geolocation data | General location from IP address; ZIP/state you provide | Quotit, Google, Meta, carriers |
| Sensitive personal information | Health/eligibility answers; insurance-card scan contents | Quotit, carriers (not disclosed to Meta or Google) |
| Inferences | Plan-fit and eligibility conclusions drawn to recommend coverage | Quotit, carriers |
We have not collected the personal information of California consumers for the purpose of selling it for money in the preceding 12 months.
8.3 Your California Rights
- Right to know / access — request the categories and specific pieces of personal information we collected, the sources, the purposes, and the categories of recipients.
- Right to delete — request deletion of personal information we collected, subject to exceptions (for example, to complete a transaction you requested or to comply with insurance recordkeeping laws).
- Right to correct — request correction of inaccurate personal information.
- Right to opt out of sale/sharing — direct us not to "sell" or "share" your personal information (see below).
- Right to limit use of sensitive personal information — because we use sensitive personal information only for permitted purposes (to provide the Services you request), no separate limitation request is required, but you may still contact us.
- Right to non-discrimination — we will not deny you services, charge different prices, or provide a different quality of service for exercising your rights.
8.4 Do Not Sell or Share My Personal Information
To opt out of the "sale" or "sharing" of your personal information for cross-context behavioral advertising, you can: (1) use the "Do Not Sell or Share My Personal Information" control we provide (and the controls described in our Cookie Notice); (2) email us at privacy@shophealthcare.com with "Do Not Sell or Share" in the subject line; or (3) enable a recognized opt-out preference signal such as Global Privacy Control (GPC) in your browser — we treat a valid GPC signal as a request to opt out of sale/sharing for that browser or device.
9. Other U.S. State Privacy Rights (Virginia, Colorado, Connecticut, and Similar)
If you are a resident of a state with a comprehensive privacy law — including Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and others as they take effect — you may have the rights to: confirm whether we process your personal data and access it; correct inaccuracies; delete personal data; obtain a portable copy; and opt out of (a) targeted advertising, (b) the sale of personal data, and (c) certain profiling that produces legal or similarly significant effects. We do not engage in such profiling.
Because we process sensitive data (health/eligibility answers and insurance-card information), we obtain your consent or rely on it being reasonably necessary to provide the product you request, consistent with applicable law. To exercise these rights, contact us using Section 14. Where the law provides an appeal process, if we decline your request you may appeal by replying to our decision; we will respond within the time the law allows, and you may also contact your state Attorney General.
10. Financial Privacy Notice (Gramm-Leach-Bliley Act)
As an insurance brokerage, Core Value is a "financial institution" under the federal Gramm-Leach-Bliley Act (GLBA) and applicable state insurance privacy regulations. This section is our GLBA privacy notice.
- What we collect: nonpublic personal information such as your name, contact details, date of birth, household information, and the eligibility and coverage information described in Section 2.
- What we disclose and to whom: we disclose nonpublic personal information to nonaffiliated third parties only as permitted by law — for example, to insurance carriers and our service providers (Section 5) to process your request, service your coverage, and as otherwise permitted under GLBA exceptions.
- We do not sell your nonpublic personal information.
- Your opt-out right: we limit sharing of your nonpublic personal information to what is permitted under GLBA. If we ever propose to share it with nonaffiliated third parties in a way that requires an opt-out, we will notify you and give you a reasonable opportunity to opt out before doing so. To opt out, or to ask questions about our financial-privacy practices, contact us using Section 14.
- How we protect it: we maintain administrative, technical, and physical safeguards designed to protect your nonpublic personal information, consistent with the GLBA Safeguards Rule (see Section 12).
11. Data Retention
We keep personal information only as long as needed for the purposes described in this policy, then delete or de-identify it. Our default practices, which we will confirm and finalize in writing, are:
- Quote and enrollment records — retained while you are an active lead or customer and afterward for as long as required by insurance recordkeeping and other legal obligations (generally several years), then deleted or de-identified.
- Insurance-card scans — the Site presents the card scan as a tool to read your card and pre-fill your quote, and our intent is not to retain the card image after the relevant text has been extracted. We are confirming the exact retention period for the extracted text and any temporary copies; see our Health Data Practices Notice for the current, specific commitment.
- Marketing and email data — retained until you unsubscribe or become inactive, plus a short period for suppression and compliance.
- Analytics and advertising data — retained according to the retention settings of Google Analytics 4 and Meta and our configured limits.
12. How We Protect Your Information
We use reasonable administrative, technical, and physical safeguards designed to protect personal information, including encryption of data in transit, access controls limiting who can view sensitive information, and vendor diligence for the partners listed in Section 5. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we experience a data breach affecting your personal information, we will notify you and regulators as required by law.
13. Children's Privacy
The Services are intended for adults shopping for health coverage and are not directed to children. We do not knowingly collect personal information from children under 13, and we do not knowingly sell or share the personal information of consumers under 16. We may collect limited information about minor dependents (such as age) that an adult provides to obtain family coverage; that information is provided by and on behalf of the adult applicant. If you believe a child has provided us personal information, contact us using Section 14 and we will delete it.
14. How to Contact Us and Exercise Your Rights
To ask a privacy question or submit a rights request:
- Email: privacy@shophealthcare.com
- Mail: Core Value Insurance Associates, LLC, Attn: Privacy, 1 Century Lane, Miami Beach, FL 33139
We will acknowledge and respond within the timeframes required by applicable law (generally within 45 days, with an extension where permitted). We may need to verify your identity before fulfilling certain requests, and we may decline parts of a request where the law allows (for example, to comply with insurance recordkeeping obligations).
15. Other Important Information
15.1 Licensing
Core Value is licensed to sell insurance only in the states where it holds an active license. Our licensed footprint and agency license numbers are listed on our Licensing page. We can only quote and enroll coverage for residents of states where we are licensed.
15.2 Third-Party Links
The Site may link to third-party websites (including carriers). We are not responsible for their privacy practices; review their notices before providing information.
15.3 Governing Law
Unless otherwise required by the law of your state of residence, this policy is governed by the laws of the State of Florida, where Core Value is headquartered, without regard to conflict-of-laws principles.
15.4 Accessibility
If you need this policy in an alternative format, see our Accessibility Statement or contact us.
16. Changes to This Policy
We may update this Privacy Policy from time to time. We will post the updated version with a new effective date and, for material changes, provide additional notice (such as by email or a notice on the Site) before the change takes effect, consistent with applicable law. Your continued use of the Services after the effective date means you accept the updated policy.
Effective date: June 22, 2026.