Privacy Policy

1. Introduction and Contact Information

We ("we," "us," "our," or "Company") operate the website MyAnnuityBoost.com (the "Site"). This Privacy Policy explains how we collect, use, disclose, store, protect, and process your personal information when you visit our Site, submit information through our forms, engage with our services, or otherwise interact with us.

This Privacy Policy applies to all personal information collected through this Site, through communications with us, and through our provision of annuity income analysis services.

Your Consent: By using our Site, submitting information through our forms, or engaging with our services in any manner, you expressly consent to the collection, use, disclosure, and processing of your personal information as described in this Privacy Policy. If you do not consent to these practices, you must not use our Site or services.

Binding Agreement: This Privacy Policy is incorporated into and made part of our Terms of Service, creating a binding agreement between you and us.

Regulatory Compliance: As licensed insurance professionals, we comply with applicable data protection and privacy laws including but not limited to the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), Virginia Consumer Data Protection Act (VCDPA), Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Utah Consumer Privacy Act (UCPA), and state insurance data security and privacy regulations.

2. Information We Collect

2.1 Information You Provide Directly

When you submit forms on our Site, request annuity income analysis, or contact us, we collect:

Contact Information:

• Full name (first name, last name)
• Email address
• Primary telephone number
• Mailing address (street address, city, state, ZIP code)
• State of residence

Annuity and Financial Information:

• Existing annuity ownership status
• Approximate date or year of annuity purchase
• Current annuity income amounts
• Annuity contract details
• Insurance carrier information
• Type of existing annuity
• General financial resources and asset levels
• Income needs and retirement income goals
• Health status (for medically underwritten annuity products)
• Estate planning objectives

Preferences and Situation Information:

• Preferred timeline for analysis
• Communication preferences
• Best times to contact you
• Specific questions or concerns
• Information about why you are seeking annuity income analysis

Communication Content:

• Content of emails you send to us
• Messages sent through contact forms
• Telephone conversation records (where legally permitted and with notice)
• Questions, feedback, or testimonials you provide

2.2 Information Collected Automatically

When you visit our Site, certain information is collected automatically through cookies and tracking technologies:

Device and Browser Information:

• Internet Protocol (IP) address
• Device type (desktop, laptop, tablet, smartphone)
• Operating system and version
• Browser type and version
• Screen resolution
• Device identifiers

Connection Information:

• Internet Service Provider (ISP)
• Geographic location data derived from IP address (country, state, city, postal code)
• Time zone settings

Usage and Navigation Information:

• Pages you visit on our Site
• Sequence and timing of page visits
• Time spent on each page
• Links you click
• Forms you view or complete
• Buttons you click
• Referring website or source that directed you to our Site
• Date and time stamps for all activities

2.3 Information From Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect information:

Essential Cookies (Required):

Necessary for Site functionality:

• Session management
• Security functions
• Preference settings

Meta/Facebook Cookies:

We use Meta (Facebook) tracking technologies on our Site:

• _fbp (Facebook Browser ID, persists 90 days)
• _fbc (Facebook Click ID, persists 90 days)
• fr (Facebook advertising cookie, persists 90 days)

2.4 Information From Third-Party Sources

We may receive information about you from external sources:

Insurance Carriers:

• Confirmation of existing annuity ownership
• Policy values and premium amounts
• Contract features and riders
• Underwriting information
• Application status updates

2.5 Sensitive Personal Information

Under certain state privacy laws (particularly California), some information qualifies as "sensitive personal information":

Potentially Sensitive Information We Collect:

• Social Security Numbers (SSN) when required for insurance applications
• Driver's license numbers or government-issued identification numbers when required for identity verification
• Financial account numbers if provided for payment
• Health information you disclose during medical underwriting
• Precise geolocation data (if you enable location services)

Processing Limitations: For sensitive personal information, we limit processing to purposes necessary and proportionate to providing services you requested or as otherwise permitted by law.

3. How We Use Your Information

We use collected information for the following business and commercial purposes:

3.1 Service Delivery and Operations

Primary Services:

• Conducting annuity income analysis
• Calculating potential income increases
• Generating customized analysis reports
• Researching and identifying annuity products from insurance carriers
• Preparing product illustrations and rate quotes
• Providing recommendations about annuity exchanges

Communication and Support:

• Responding to your inquiries and support requests
• Contacting you by telephone, email, or text message about your analysis
• Scheduling consultations with licensed insurance professionals
• Providing updates on analysis progress and recommendations
• Following up to answer questions
• Confirming appointments and sending reminders

3.2 Marketing and Advertising

Direct Marketing:

• Sending promotional emails about annuity products and services
• Contacting you with information about insurance products
• Providing educational content about retirement planning and annuities
• Delivering newsletters and industry updates
• Announcing new services or product offerings

Digital Advertising:

• Displaying online advertisements on Facebook and Instagram
• Creating custom audiences and lookalike audiences for advertising targeting
• Measuring advertising effectiveness and return on investment
• Optimizing ad campaigns based on conversion data
• Retargeting Site visitors with relevant advertisements
• Tracking advertising attribution

3.3 Legal, Compliance, and Security

Legal Obligations:

• Complying with insurance regulations and licensing requirements
• Responding to subpoenas, court orders, and legal process
• Satisfying anti-money laundering (AML) requirements under USA PATRIOT Act
• Meeting data retention requirements under insurance and privacy laws
• Reporting regulatory information to state insurance departments

Security and Fraud Prevention:

• Detecting and preventing fraud, identity theft, and financial crimes
• Verifying your identity to prevent unauthorized access
• Monitoring for suspicious activity or security threats
• Protecting against hacking, phishing, and cyberattacks
• Investigating security incidents and data breaches

4. How We Share Your Information

4.1 Insurance Companies and Licensed Professionals

We share your information with insurance companies for purposes of:

• Generating accurate annuity rate quotes
• Preparing product illustrations
• Completing underwriting for annuity applications
• Issuing annuity contracts
• Processing premium payments and 1035 exchanges
• Servicing annuity policies after issuance

4.2 Service Providers and Technology Vendors

EngageBay (CRM, Email, and Scheduling): Stores and processes your contact information, communication preferences, interaction history, and all information collected through forms. Used for email delivery, contact management, marketing automation, sales pipeline tracking, and appointment scheduling. Privacy policy available at engagebay.com/privacy-policy

Meta Platforms, Inc. (Facebook): Receives hashed personal information and behavioral data through Meta Pixel and Conversions API. Used for advertising optimization, measurement, custom audience creation, and lookalike targeting. Meta's privacy policy: facebook.com/privacy

4.3 Meta/Facebook (Detailed Disclosure)

We implement extensive data sharing with Meta Platforms, Inc. through Meta Pixel and Meta Conversions API (CAPI).

Categories of Information Shared:

Personal Identifiers (Hashed):

• Email addresses: Hashed using SHA-256 before transmission
• Phone numbers: Formatted with country code, hashed using SHA-256
• First names: Normalized (lowercase, trimmed), hashed using SHA-256
• Last names: Normalized (lowercase, trimmed), hashed using SHA-256

Device and Connection Information:

• IP addresses: Full IPv4 or IPv6 addresses transmitted unhashed
• User agent strings: Full browser and device identification strings
• Device identifiers: Mobile advertising IDs if available
• Facebook Browser ID (fbp): Cookie value from _fbp cookie
• Facebook Click ID (fbc): Parameter value from fbclid URL parameter

4.4 Legal Requirements and Protection of Rights

We disclose personal information when required by law, regulation, legal process, or governmental request:

• Responding to valid subpoenas, court orders, warrants, or other legal process
• Providing information to state insurance departments, federal regulators, or other government agencies
• Cooperating with law enforcement investigations
• Disclosing information relevant to litigation, arbitration, or administrative proceedings

5. Your Privacy Rights and Choices

5.1 General Rights for All Users

Access to Your Information: You may request confirmation of what personal information we hold about you and request copies of such information.

Correction of Inaccurate Information: You may request correction of inaccurate or incomplete personal information we maintain about you.

Deletion Requests: You may request deletion of your personal information subject to certain exceptions:

• We must retain information to complete transactions or provide requested services
• We must retain information to comply with legal obligations
• We may retain information for legitimate internal uses (preventing fraud, protecting security)
• We may retain information as required by insurance regulatory record retention requirements (typically 5-7 years)

Opt-Out of Communications: You may opt out of marketing communications at any time:

• Email: Click "Unsubscribe" links in marketing emails
• Text Messages: Reply "STOP" to any text message
• Phone: Request to be placed on our Do Not Call list during any call
• All Channels: Email mark@myannuityboost.com with opt-out request

5.2 California Residents - CCPA/CPRA Rights

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA):

Right to Know: You have the right to request disclosure of:

• Categories of personal information we collect about you
• Specific pieces of information we have collected about you
• Sources from which we collected information
• Business or commercial purposes for collecting, using, or selling personal information
• Categories of personal information disclosed to third parties and categories of recipients

Right to Delete: You have the right to request deletion of personal information we collected from you, subject to exceptions listed in Section 5.1.

Right to Opt-Out of Sale or Sharing: Under CCPA/CPRA:

• We do NOT sell personal information in the traditional commercial sense
• We DO share personal information with Meta/Facebook through Pixel and Conversions API for targeted advertising purposes, which may constitute "sharing" under CCPA/CPRA

Right to Limit Use and Disclosure of Sensitive Personal Information: For sensitive personal information (Social Security Numbers, financial account numbers, precise geolocation, health information), you have the right to direct us to limit use and disclosure to necessary purposes.

Non-Discrimination: We will not discriminate against you for exercising any CCPA/CPRA rights.

5.3 Virginia, Colorado, Connecticut, Utah Residents

If you reside in Virginia, Colorado, Connecticut, or Utah, you have rights under comprehensive state privacy laws:

• Right to Access: Confirm whether we process your personal information and access such information
• Right to Correct: Request correction of inaccuracies in your personal information
• Right to Delete: Request deletion of personal information we maintain about you
• Right to Data Portability: Obtain copy of personal information in portable, readily usable format
• Right to Opt-Out: Opt out of targeted advertising and sale of personal information

5.6 How to Exercise Your Rights

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, and enforce our agreements.

Active Relationship Data: While you are actively engaged with our services, we retain all information necessary to provide services and communicate with you.

Post-Deletion Retention: Even after you request deletion, we may retain certain information:

• As required by insurance regulatory record retention requirements (typically 5-7 years)
• As necessary to comply with legal obligations (tax records, regulatory reports)
• To resolve disputes or enforce agreements
• For legitimate business purposes (fraud prevention, security)

7. Data Security

We implement reasonable administrative, technical, and physical security measures to protect personal information from unauthorized access, alteration, disclosure, or destruction:

Technical Safeguards:

• Encryption: Data transmitted over internet is encrypted using SSL/TLS protocols (minimum TLS 1.2)
• Secure Storage: Personal information stored in databases protected by encryption at rest
• Access Controls: Multi-factor authentication, password policies, role-based access restrictions
• Network Security: Firewalls, intrusion detection/prevention systems, network segmentation
• Monitoring: Security event logging, monitoring, and alerting systems

Administrative Safeguards:

• Employee Training: Regular privacy and security training for employees and contractors
• Background Checks: Background screening for employees with access to personal information
• Confidentiality Agreements: Contractual obligations requiring confidentiality
• Least Privilege: Access to personal information limited to employees with business need

8. Children's Privacy

Our Site and services are not directed to, intended for, or designed to attract individuals under eighteen (18) years of age. We do not knowingly collect, use, or disclose personal information from minors under age eighteen.

Parental Consent Required: If we become aware that personal information has been collected from individuals under eighteen without verified parental consent, we will take steps to delete such information promptly.

For children under thirteen (13), we comply with Children's Online Privacy Protection Act (COPPA). We do not knowingly collect personal information from children under thirteen without verifiable parental consent as required by COPPA.

9. International Data Transfers

Our Site and services are operated from and intended for users located in the United States. Our servers, databases, and service providers are primarily located in the United States.

Cross-Border Transfers: If you access our Site from outside the United States, your information will be transferred to, stored, and processed in the United States. United States privacy laws may differ from privacy laws in your country.

Consent to Transfer: By using our Site and services, you consent to transfer of your personal information to the United States and processing in accordance with this Privacy Policy and United States law.

10. Third-Party Websites and Services

Our Site may contain links to third-party websites including:

• Insurance company websites
• Rating agency websites (A.M. Best, Standard & Poor's, Moody's)
• State insurance department websites
• Educational resources and financial information sites
• Social media platforms (Facebook, Instagram)

No Control or Responsibility: We do not control and are not responsible for privacy practices, content, terms of use, security, or actions of third-party websites.

Your Responsibility: You should review privacy policies and terms of use of any third-party websites before providing personal information or engaging in transactions.

11. Cookie Policy

Cookies are small text files stored on your device by websites you visit. Cookies contain information that websites can retrieve when you return.

Cookies We Use:

Essential Cookies (Required): Necessary for Site functionality - session management, security, preferences.

Meta/Facebook Cookies:

• _fbp (Facebook Browser ID): Identifies browser for advertising purposes (expires after 90 days)
• _fbc (Facebook Click ID): Stores identifier from Facebook ad clicks (expires after 90 days)
• fr: Facebook advertising cookie for ad delivery and measurement (expires after 90 days)

How to Manage Cookies:

All major browsers allow cookie management through settings. Blocking or deleting cookies may prevent certain Site features from functioning properly.

Third-Party Opt-Out Tools:

• Facebook Ad Preferences: facebook.com/ads/preferences
• Digital Advertising Alliance (DAA): optout.aboutads.info
• Network Advertising Initiative (NAI): optout.networkadvertising.org

12. Updates to This Privacy Policy

We reserve the right to modify, amend, or update this Privacy Policy at any time to reflect changes in our business practices, legal requirements, technological developments, or industry best practices.

Notice of Changes: When we modify this Privacy Policy:

• We will update the "Last Updated" date at the top
• We will post the revised Privacy Policy on this Site
• For material changes significantly affecting privacy rights, we will provide prominent notice on our Site homepage or send email notification

Acceptance of Changes: Your continued use of Site or services after Privacy Policy modifications are posted constitutes your acknowledgment and acceptance of revised Privacy Policy.

13. Contact Information for Privacy Matters

Privacy Rights Requests: To exercise privacy rights (access, deletion, correction, opt-out), use the contact methods above with subject line: "Privacy Rights Request - [Your State] - [Request Type]"

Data Security Incidents: If you become aware of potential security incident, contact us immediately at mark@myannuityboost.com.

14. Effective Date and Acknowledgment

Effective Date: This Privacy Policy is effective as of October 28, 2025 and applies to all personal information collected on or after such date.

Binding Agreement: By using our Site, submitting forms, or engaging with our services, you acknowledge that you have read, understood, and agree to this Privacy Policy and consent to the collection, use, disclosure, and processing of your personal information as described herein.