Privacy Policy

Enrollment Coach Pro is an educational Medicare guidance service. We are not a licensed insurance agent or broker, do not enroll you in any Medicare plan, and are not affiliated with CMS, Medicare, or the Social Security Administration.

We are designed to collect only what we need to run your account and tools. We never ask for your Social Security number, Medicare Beneficiary Identifier (MBI), or Medicare claim number.

This policy works together with our Terms of Use. By creating an account or subscribing, you agree to both documents.

Account and profile (stored in our database):

• Email address and password — managed by Supabase Auth when you create an account. Your email must be verified before you can use the tools.
• Profile fields you choose to save — name, street address, city, state, ZIP code, and date of birth in your ecp_profiles record so tools can pre-fill forms and letters. You can update or delete these from Account settings.
• Subscription and billing status — whether you have an active membership, renewal dates, and Stripe customer identifiers. Payment card numbers are collected and stored by Stripe, not on our servers.

Health-related information you enter in the tools:

• Medication names and ZIP code — sent over encrypted HTTPS when you compare Part D drug plans or use drug autocomplete. These lookups are processed to query public CMS plan data and are not written to our application database.
• Medicare journey answers (coverage preferences, employer coverage, etc.) and Bill & Dispute Helper (BDH) intake answers — kept in your browser's sessionStorage while you use a tool. They clear when you close the tab, click "Start over," or clear browser storage. BDH answers are not saved server-side.
• AI Medicare Coach messages — processed to generate a reply and not persisted as a chat history in our database. We do not use coach conversations for advertising.

Technical and security data: IP address, browser type, request timestamps, and similar metadata may appear in hosting logs (Vercel) and security audit logs. Our audit logs are designed not to include medication names, ZIP codes, or other health details you type into tools.

We do not use advertising pixels, social media trackers, Google Analytics, or similar cross-site behavioral advertising tools.

• Authenticate you and keep your session secure.
• Pre-fill educational tools and draft letters you review and send yourself.
• Run Part D plan and pharmacy lookups against CMS public data.
• Process your $89.99/year subscription and send legally required billing notices.
• Respond to support requests and enforce our Terms of Use.
• Protect the service against abuse (rate limiting, fraud prevention).

We do not sell your personal information. We do not share health-related information with insurance carriers, agents, FMOs, or advertising platforms.

Medication names and other health-related information you enter may be considered consumer health data under laws such as Washington's My Health My Data Act (MHMDA) and sensitive personal information under California law.

Our approach: we ask for health-related inputs only when you actively use a tool that needs them (for example, comparing drug plans). By creating an account and using those features after reading this policy, you direct us to process that information solely to provide the educational service you requested.

We apply the most favorable privacy rights in our program to all members, regardless of state, including rights to access, delete, and withdraw consent prospectively.

Limit use of sensitive information (California): we use medication and health-related data only to deliver the tools you use — not for advertising or profiling. To exercise CPRA "limit" rights or ask questions, email privacy@enrollmentcoachpro.com.

We use trusted processors who handle data only on our instructions:

• Vercel — application hosting and edge delivery. May process request metadata in server logs.
• Supabase — authentication, your profile row, subscription status, and hosting of public CMS reference data (plan formularies, premiums, geography).
• Stripe — payment processing, subscription billing, and customer portal. Stripe's privacy policy governs payment data they collect.
• NIH RxNorm (National Library of Medicine) — receives drug search terms for autocomplete. We do not store your search terms on our servers for this feature.
• Anthropic (when AI Coach LLM mode is enabled) — receives your coach question after automated redaction of common identifiers. Responses are not saved as chat history in our database.

Enrollment Coach Pro is not a HIPAA Covered Entity or Business Associate. We do not offer HIPAA Business Associate Agreements by default. If you are a covered entity using this consumer tool in a regulated workflow, contact us before doing so.

• Account and profile: kept until you delete your account from Account settings.
• Subscription records: kept while you are a member and as needed for tax, chargeback, and legal compliance after cancellation.
• Browser session data: until you close the tab, reset a tool, or clear storage.
• Plan lookup requests: not persisted in our application database.
• Platform logs: retained for a limited period per our hosting providers' policies. Configure production log retention in Vercel project settings.
• Stripe billing events: webhook idempotency records may be retained for operational and audit purposes.

• Access and correction — update profile fields in Account; contact us for other access requests.
• Deletion — use "Delete account" in Account settings to remove your profile and auth user. Subscription billing with Stripe should be canceled first via Manage billing when available.
• Clear session data — use "Start over" in tools or clear browser storage.
• Marketing emails — we do not sell data or run behavioral ads. Operational emails (verification, password reset, renewal reminders) are part of the service.
• Authorized agent requests — email privacy@enrollmentcoachpro.com with verification we may reasonably require under applicable state law.

We aim to respond to privacy requests within 30 days (or the shorter period required by your state, if applicable).

We apply technical safeguards including:

• HTTPS encryption for data in transit
• Row-level security on member profile and subscription tables
• Security headers (CSP, HSTS, frame denial)
• Rate limiting on API routes
• Sanitized error messages that do not expose internal system details
• Server-only storage of privileged API keys

No method of transmission or storage is 100% secure. Report suspected issues to support@enrollmentcoachpro.com.

Enrollment Coach Pro is intended for adults navigating Medicare enrollment. It is not directed at children under 13, and we do not knowingly collect information from children. Contact us if you believe a child has provided information.

If we discover a breach of security affecting personal information that triggers notification duties under the FTC Health Breach Notification Rule or state law, we will notify affected individuals and regulators as required.

We may update this policy as the product evolves. Material changes will be reflected in the "Last updated" date at the top. Continued use after an update means you accept the revised policy.

Privacy questions and requests: privacy@enrollmentcoachpro.com
General support: support@enrollmentcoachpro.com

This service is for educational purposes only. For official Medicare help, visit medicare.gov, call 1-800-633-4227, or contact your free SHIP counselor at shiphelp.org.