Privacy Policy
QuoteSweep Inc.
Effective Date: April 25, 2026
1. Introduction
QuoteSweep Inc. ("QuoteSweep," "we," "our," or "us") operates a commercial insurance multi-carrier quoting platform (the "Service") that enables independent insurance agents and agencies to obtain comparative insurance quotes from multiple carriers through a single submission. This Privacy Policy describes how we collect, use, disclose, and protect information when you access or use our website at www.quotesweep.com (the "Site"), our web application, and any related services.
By accessing or using the Service, you acknowledge that you have read, understood, and agree to be bound by this Privacy Policy. If you do not agree, please do not use the Service.
2. Definitions
- "Agency"
- means the insurance agency entity that registers for the Service.
- "Agency User"
- means any individual authorized by an Agency to access the Service, including agency owners, agents, commercial lines managers, customer service representatives, and account managers.
- "Carrier"
- means an insurance company whose quoting portal the Service accesses to obtain premium quotes.
- "Carrier Credentials"
- means the login credentials (usernames, passwords, MFA tokens, and security question answers) that an Agency provides to enable the Service to access authenticated Carrier portals on the Agency's behalf.
- "Client Data"
- means information about an Agency's insurance clients, including business names, addresses, NAICS codes, payroll figures, revenue, employee counts, loss history, and other underwriting data submitted through the Service.
- "Personal Information"
- means any information that identifies, relates to, or could reasonably be linked to a natural person or household.
3. Information We Collect
3.1 Information You Provide Directly
3.1.1 Account Registration Information
When you register for the Service, we collect:
- Agency name, address, phone number, and email address
- Agency User names, email addresses, and roles
- Billing and payment information (processed by our third-party payment processor)
3.1.2 Carrier Credentials
To access authenticated Carrier portals on your behalf, you may provide us with your Carrier portal login credentials, including usernames, passwords, multi-factor authentication configurations, and security question answers. These are encrypted at rest using AES-256 encryption and are never stored in plaintext.
3.1.3 Client Data / Insurance Submission Data
When you use the Service to generate quotes, you provide Client Data, which may include:
- Business legal name, DBA, and entity type
- Business address and state(s) of operation
- Federal Employer Identification Number (FEIN)
- NAICS code and industry classification
- Annual revenue and payroll figures
- Number of employees and workers' compensation class codes
- Loss history and claims data (number of claims, amounts, open/litigated status)
- Prior insurance carrier information and policy expiration dates
- Coverage preferences (limits, deductibles, endorsements)
- Contact information for the insured party (name, email, phone)
3.1.4 Support and Communications
If you contact us for customer support or send us communications, we collect the content of those messages, your contact details, and any attachments you provide.
3.2 Information Collected Automatically
When you use the Service, we automatically collect:
- Device and browser information (browser type, operating system, device identifiers)
- IP address and approximate geographic location
- Usage data (pages visited, features used, quote submissions initiated, timestamps)
- Log data (server logs, error reports, performance metrics)
- Cookies and similar tracking technologies (see Section 8 below)
3.3 Information from Third Parties
We may receive information from:
- Insurance Carriers, including quote results, premium amounts, quote reference numbers, coverage details, and declination reasons returned by Carrier portals during the quoting process
- Agency Management System (AMS) integrations, if you authorize us to import client data from platforms such as HawkSoft, NowCerts, or similar systems
- ACORD form imports, if you upload or transmit ACORD-format data files to pre-fill submission forms
- Third-party analytics and advertising partners
4. How We Use Your Information
We use the information we collect for the following purposes:
4.1 Providing and Operating the Service
- Authenticating Agency Users and managing accounts
- Accessing Carrier portals using your Carrier Credentials to submit insurance applications and retrieve quotes on your behalf via AI web agents
- Populating Carrier portal form fields with Client Data you have submitted
- Displaying, comparing, and exporting quote results
- Generating proposals and comparison documents for your clients
- Tracking quote status, binding workflows, and policy renewals
- Importing data from AMS integrations and ACORD forms
4.2 Improving and Developing the Service
- Analyzing usage patterns to improve product features and user experience
- Monitoring Carrier portal field mapping accuracy and success rates
- Debugging errors and maintaining system performance
- Developing new features and lines of business
4.3 Communications
- Sending transactional messages (quote confirmations, error notifications, renewal reminders)
- Providing customer support
- Sending product updates, newsletters, and marketing communications (with opt-out options)
4.4 Legal and Compliance
- Complying with applicable laws, regulations, and legal processes
- Enforcing our Terms of Service and other agreements
- Protecting the rights, property, and safety of QuoteSweep, our users, and the public
- Detecting and preventing fraud, abuse, and security incidents
5. How We Share Your Information
We do not sell your Personal Information for monetary consideration.
We may, however, "share" certain online identifiers with advertising and visitor-identification partners as that term is defined under the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collectively, the "CCPA"), and similar state privacy laws. See Sections 8 and 10 for details on how to opt out, including via our "Do Not Sell or Share My Personal Information" link.
We share information only in the following circumstances:
5.1 With Insurance Carriers
When you initiate a quote, the Service transmits your Client Data to the Carrier portals you have selected. This is the core function of the Service and occurs only at your direction. Each Carrier's use of the data it receives through its own portal is governed by that Carrier's privacy policy.
5.2 With Service Providers
We engage third-party service providers to perform functions on our behalf, including:
- Cloud infrastructure and hosting providers
- AI web agent infrastructure (including TinyFish, Inc., which provides the AI web agent technology that powers multi-carrier quoting)
- Payment processors
- Analytics providers
- Customer support tools
- Email delivery services
These service providers are contractually obligated to use your information only to perform services on our behalf and in accordance with this Privacy Policy.
5.3 With Your Agency
If you are an Agency User, information about your account activity and usage of the Service may be visible to your Agency's administrators (owners and admins).
5.4 For Legal Reasons
We may disclose information if we believe in good faith that disclosure is necessary to comply with applicable law, regulation, or legal process; respond to lawful requests from governmental authorities; enforce our agreements and policies; protect the rights, property, or safety of QuoteSweep, our users, or others; or detect, prevent, or address fraud, security, or technical issues.
5.5 Business Transfers
In connection with a merger, acquisition, reorganization, sale of assets, or bankruptcy, your information may be transferred to the acquiring entity. We will provide notice before your information becomes subject to a different privacy policy.
6. Data Security
We take the security of your information seriously and implement industry-standard measures to protect it:
- Carrier Credentials are encrypted at rest using AES-256 encryption. Passwords are never stored in plaintext and are never visible to QuoteSweep personnel.
- All data in transit is protected using TLS 1.2 or higher.
- Access to production systems is restricted to authorized personnel on a need-to-know basis and protected by multi-factor authentication.
- We conduct regular security assessments and vulnerability testing.
- AI web agents sessions are ephemeral; Carrier portal sessions are terminated after each quoting operation.
- Client Data is logically isolated between Agencies to prevent cross-tenant data access.
No method of transmission over the internet or electronic storage is completely secure. While we strive to protect your information, we cannot guarantee absolute security.
6.1 Information Security Program
We maintain a written information security program with administrative, technical, and physical safeguards designed to meet the requirements of the Gramm-Leach-Bliley Act Safeguards Rule (16 C.F.R. Part 314) for non-public personal information we process on behalf of licensed insurance agencies. Our safeguards are commensurate with the size and complexity of our operations and the sensitivity of the information we handle, and are reviewed on at least an annual basis.
6.2 Security Incident Notification
We will notify the affected Agency's Account Owner without undue delay, and in any event within seventy-two (72) hours, after confirming a security incident that involves unauthorized access to, acquisition of, disclosure of, or destruction of Client Data or Carrier Credentials. Our notice will describe (to the extent then known) the nature of the incident, the categories of data affected, the steps we are taking to mitigate harm, and a point of contact for further information. We will also comply with our notification obligations under applicable federal and state law, including 16 C.F.R. Part 314.4(j) and applicable state breach notification statutes.
7. Data Retention
We retain your information for as long as your account is active or as needed to provide the Service. Specific retention periods include:
- Account Information: Retained for the duration of the account relationship and for 3 years after account closure for legal and compliance purposes.
- Client Data and Quote Results: Retained for as long as the Agency account is active. Agencies may delete individual client records and quote history at any time through the Service.
- Carrier Credentials: Retained only while the credential is active. Agencies may remove credentials at any time via the Carrier Panel settings. Upon removal, credentials are permanently deleted from our systems within 30 days.
- Usage and Log Data: Retained for 12 months for analytics and debugging, then aggregated or deleted.
- Support Communications: Retained for 2 years after resolution.
8. Cookies and Tracking Technologies
We use cookies and similar technologies for the following purposes:
| Cookie Type | Purpose | Duration |
|---|---|---|
| Strictly Necessary | Authentication, session management, security | Session or up to 30 days |
| Functional | Remember user preferences, carrier panel settings | Up to 1 year |
| Analytics | Usage patterns, feature engagement, error tracking | Up to 1 year |
8.1 Online Data Partners and Visitor Identification
When you visit or log in to our website, cookies and similar technologies may be used by our online data partners or vendors to associate these activities with other personal information they or others have about you, including by association with your email. We (or service providers on our behalf) may then send communications and marketing to these email addresses. You may opt out of receiving this advertising by visiting https://app.retention.com/optout. You also have the option to opt out of the collection of your personal data in compliance with GDPR by visiting https://www.rb2b.com/rb2b-gdpr-opt-out.
You may control cookies through your browser settings. Disabling strictly necessary cookies may impair the functionality of the Service.
8.2 Global Privacy Control
We honor the Global Privacy Control ("GPC") browser signal as a valid request to opt out of the "sale" or "sharing" of Personal Information under the CCPA and other state privacy laws that recognize GPC. When we detect a GPC signal from your browser, we will treat the browser session as opted out of cross-context behavioral advertising and visitor-identification activity associated with that browser. Learn more at globalprivacycontrol.org.
8.3 Analytics, Advertising, and Booking Partners
We use the following third-party services to operate, measure, and promote our marketing website. These partners process website- visitor and lead information only and do not have access to Client Data.
- Cal.com, Inc. – meeting scheduling for prospects who book a demo or setup call
- Leadsy – lead scoring and visitor qualification
- RB2B, Inc. – B2B visitor identification (covered by "sharing" under the CCPA – see Section 10.1 for opt-out)
- Retention.com, Inc. – visitor identification and email-based marketing (covered by "sharing" under the CCPA – see Section 10.1 for opt-out)
- Vercel Inc. – cloud hosting and edge delivery for our marketing website and legal pages (privacy policy, terms of service)
Web analytics on the marketing site is provided by Google LLC (Google Analytics and Google Tag Manager); Google LLC also handles our company email communications via Google Workspace. Google LLC and the other providers that process Client Data or Account Information are listed on our Subprocessors page.
9. Your Rights and Choices
9.1 Access and Portability
You may request a copy of the Personal Information we hold about you. Agency administrators can export Client Data and quote history through the Service at any time.
9.2 Correction
You may update your account information directly through the Service or by contacting us. You may update or correct Client Data at any time through the quote form or client management interface.
9.3 Deletion
You may request deletion of your account and associated data by contacting us at privacy@quotesweep.com. Agencies may delete individual Carrier Credentials, client records, and quote history at any time through the Service. Upon account deletion, we will remove or de-identify your data within 90 days, except as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).
9.4 Opt-Out of Marketing
You may opt out of marketing communications by clicking the "unsubscribe" link in any marketing email or by contacting us. Opting out of marketing will not affect transactional or service-related communications.
9.5 Carrier Credential Removal
You may remove any Carrier Credential at any time through the Carrier Panel settings page. Removal permanently deletes the encrypted credential from our systems.
10. State-Specific Privacy Rights
10.1 California (CCPA/CPRA)
If you are a California resident, you have the following rights under the CCPA, as amended by the CPRA:
- The right to know what Personal Information we collect, use, disclose, and share, and the categories of sources and recipients
- The right to delete Personal Information we have collected from you, subject to statutory exceptions
- The right to correct inaccurate Personal Information
- The right to opt out of the sale or sharing of Personal Information. We do not sell Personal Information for monetary consideration; however, we may "share" certain online identifiers for cross-context behavioral advertising as defined under the CPRA. You may opt out by (a) clicking our "Do Not Sell or Share My Personal Information" link in the website footer, (b) emailing us at privacy@quotesweep.com, or (c) enabling a Global Privacy Control signal in your browser (see Section 8.2)
- The right to limit the use and disclosure of Sensitive Personal Information (which may include financial account numbers such as Federal Employer Identification Numbers when associated with an individual)
- The right to non-discrimination for exercising your privacy rights
You may also designate an authorized agent to submit requests on your behalf. To exercise any of these rights, contact us at privacy@quotesweep.com. We will verify your request before responding, typically by confirming information already on file.
10.2 Other U.S. State Privacy Rights
If you are a resident of a U.S. state that has enacted a comprehensive consumer privacy law, you may have rights similar to those described in Section 10.1 above – including rights to access, correct, delete, and port your Personal Information, as well as to opt out of targeted advertising, the sale of Personal Information, and certain types of profiling. To exercise these rights, contact us at privacy@quotesweep.com. If we decline your request, you may appeal our decision by replying to our response with the subject line "Privacy Appeal." The specific rights available to you depend on your state of residence and applicable law.
10.3 Our Role Under State Privacy Laws
Different categories of information we process carry different roles under the CCPA and similar state laws:
- Account Information (information about Agency Users and Account Owners) – we act as a business (controller). Rights requests should be directed to us at privacy@quotesweep.com.
- Client Data (information about an Agency's insured clients, including business owners and named insureds) – we act as a service provider (processor) on behalf of the Agency. We process Client Data only to provide the Service to the Agency and do not retain, use, or disclose it for any other commercial purpose. Insureds wishing to exercise privacy rights with respect to Client Data should contact the Agency that submitted the data; we will reasonably cooperate with the Agency's response.
- Carrier Credentials – we act as a custodian for the Agency. Credentials are encrypted at rest, used solely to authenticate to Carrier portals at the Agency's direction, and removed at the Agency's request.
10.4 Insurance-Specific Privacy Obligations (GLBA / NAIC)
Much of the Client Data we process on behalf of an Agency constitutes non-public personal information (NPI) under the Gramm-Leach-Bliley Act (15 U.S.C. §§ 6801– 6809). Licensed insurance agencies are "financial institutions" subject to GLBA, and we operate as a service provider to those Agencies. We acknowledge our obligations under the GLBA Safeguards Rule (16 C.F.R. Part 314) and under state insurance information privacy laws modeled on the NAIC Insurance Information and Privacy Protection Model Act, including requirements to maintain administrative, technical, and physical safeguards for NPI. A standalone Data Processing Addendum (DPA) reflecting these obligations is available to qualifying Agencies on request to privacy@quotesweep.com.
11. AI Web Agents and Carrier Portal Access
The Service uses AI web agents (powered by TinyFish, Inc.) to interact with Carrier portals on your behalf. This section explains how that technology works in relation to your data:
- Agency Direction: AI web agent sessions are initiated only when an Agency User submits a quote request. The Service acts at your direction and on your behalf.
- Credential Use: Your Carrier Credentials are decrypted in memory solely for the purpose of authenticating to Carrier portals during a quoting session. Credentials are never logged, cached outside of the encrypted vault, or shared with any party other than the Carrier portal for which they are intended.
- Session Isolation: Each AI web agent session is isolated and ephemeral. Sessions are terminated and their runtime environments destroyed after the quoting operation completes.
- Data Flow: Client Data flows from QuoteSweep to the Carrier portal form fields. Quote results (premiums, coverage details, reference numbers) flow from the Carrier portal back to QuoteSweep. No Client Data is stored or retained by the AI web agent infrastructure beyond the duration of the session.
- Carrier Terms: Your use of Carrier portals through the Service remains subject to each Carrier's terms of use and privacy policies. You represent that your use of the Service with each Carrier is authorized under your agency appointment and carrier agreements.
12. Third-Party Links and Services
The Service may contain links to third-party websites, including Carrier portals, AMS platforms, and payment processors. This Privacy Policy does not apply to those third-party services. We encourage you to review the privacy policies of any third-party services you access.
13. Children's Privacy
The Service is designed for licensed insurance professionals and is not directed at minors. Consistent with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect Personal Information from children under 13. The Service is also not intended for use by individuals under 18, and Account registration is restricted to users 18 years of age or older. If we learn that we have collected Personal Information from a child under 13, we will delete it promptly. If you believe a child has provided us with Personal Information, please contact us at privacy@quotesweep.com.
14. International Data Transfers
The Service is operated in the United States and is offered solely to insurance agencies organized and licensed in the United States. We do not knowingly market the Service to, or solicit users in, the European Union, the United Kingdom, or other jurisdictions outside the United States. If you access the Service from outside the United States, you do so on your own initiative, and your information will be transferred to, stored, and processed in the United States. We will continue to handle your information in accordance with this Privacy Policy regardless of where it is accessed from.
15. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will notify you of material changes by posting the updated policy on our Site with a new effective date and, where appropriate, notifying you by email. Your continued use of the Service after such changes constitutes acceptance of the updated Privacy Policy.
16. Contact Us
If you have questions or concerns about this Privacy Policy or our data practices, please contact us:
Subprocessors
For a complete and current list of all third-party service providers and subprocessors we use, please see our Subprocessors page. We will provide at least thirty (30) days' notice of new subprocessors that materially affect the processing of Client Data.
Last updated: April 25, 2026