Privacy Policy

1. Information We Collect

• Application & Inquiry Information: Information you submit through application forms (e.g. agent or agency owner application) and contact forms on this website — including your name, contact details, licensure information (NPN, license numbers), agency details, and any narrative responses you choose to provide.
• Nonpublic Personal Information (NPI): Names, contact details, Social Security numbers, financial information, policy details, and other data provided for insurance purposes through the Platform.
• Usage Data: Logins, IP addresses, device information, browser/user-agent strings, and how you interact with our Services.
• Client Data You Upload: Information about your insured clients (applicable to contracted agents using the Platform).
• Acceptance Records: Records of your acceptance of these policies (timestamp, version, user agent) — including click-wrap acceptances on application forms.

We collect only what is reasonably necessary (data minimization).

2. Cookies and Session Storage

We use session cookies and browser local storage (managed by our authentication provider, Supabase) to keep you signed in to the Platform and to preserve your session state. On the public website, we use minimal functional cookies only. These are functional only — we do not use third-party advertising cookies, cross-site tracking pixels, or behavioral targeting. You can clear cookies at any time through your browser settings, though doing so will sign you out of the Platform.

3. How We Use Information

We use the information to:

• Review applications submitted through our public website and respond to applicants.
• Provide, maintain, and improve the Services.
• Process quotes, applications, and client management within the Platform.
• Ensure security, detect fraud, and investigate misuse.
• Comply with legal, regulatory, and recordkeeping obligations (including TDI 7-year retention requirements).
• Communicate with you about our Services and your application.

We do not sell personal data.

4. Sharing Your Information

We may share information:

• With service providers who help us operate the Services (under strict confidentiality and security contracts).
• With insurance carriers and FMOs as needed for quotes, applications, and policy administration.
• When required by law, regulation, court order, or to protect rights, property, or safety.
• In the event of a merger, acquisition, or business transfer (subject to confidentiality protections).

We do not share Nonpublic Personal Information with non-affiliated third parties for their marketing purposes without providing opt-out rights as required by GLBA.

5. Data Location and Storage

Information is stored on infrastructure operated by Supabase and hosted within the United States. If we ever transfer data internationally, we will provide appropriate notice and put in place reasonable safeguards consistent with applicable law.

6. Your Rights and Choices

Depending on applicable law (including TDPSA), you or your clients may have rights to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of personal data (subject to legal retention requirements).
• Opt out of certain processing.
• Receive a copy of your data in a portable format.

How to submit a request: Email cami@familylegacyplus.com with the subject "Data Subject Request." We will respond within 45 days of receipt, with a possible 45-day extension for complex requests (as permitted by TDPSA §541.057). If we deny your request, we will explain why and how to appeal.

7. Security

We use reasonable administrative, technical, and physical safeguards to protect information, consistent with the GLBA Safeguards Rule (16 C.F.R. Part 314) and TDPSA security requirements. These include encryption in transit and at rest, role-based access controls, multi-factor authentication for administrative accounts, and audit logging.

No system is completely secure. We will notify affected parties of data breaches as required by applicable law — generally within 60 days under TDPSA, and consistent with GLBA and TDI breach notification requirements.

8. Data Retention and Deletion

We retain information for as long as needed for business purposes or to comply with legal obligations. Insurance-related records are retained for a minimum of seven (7) years following the end of the policy term or last activity, in accordance with Texas Department of Insurance recordkeeping requirements (TDI Rule 28 TAC §3.408 and applicable state law).

Application data submitted through our public website that does not result in a contracted relationship is retained for a reasonable period for legitimate business and security purposes, and is then archived or deleted in accordance with our internal data retention schedule.

Upon written request or termination, and subject to retention rules, we can export or delete data where legally permissible.

9. Children's Data

Our Services are intended for adults aged 18 and older. We do not knowingly collect personal information directly from individuals under 18. Insurance-related data about minor dependents may appear in client records uploaded by agents in the ordinary course of insurance business; that data is handled according to the same security and privacy controls described above.

10. Changes to This Policy

We may update this Privacy Policy and will post the new effective date and version number at the top. Material changes will trigger a re-acceptance prompt the next time you sign in to the Platform. Continued use of the Services constitutes acceptance of the updated policy.

11. Contact Us

If you have questions or requests:

For privacy concerns or to file a complaint, you may also contact:

• Texas Attorney General — Consumer Protection Division: (800) 621-0508 · oag.state.tx.us
• Texas Department of Insurance: (800) 252-3439 · tdi.texas.gov