Effective Date: June 1, 2024
Last Updated: March 18, 2025

1. Introduction

Gradly ("we," "us," or "our") is committed to safeguarding your privacy. This Privacy Policy explains how we collect, use, disclose, and protect the personal information of users visiting insurance.gradly.us and using our insurance services.

By using our website and services, you agree to the data practices outlined in this policy.

2. Information We Collect

We collect and process personal data necessary to provide insurance services and ensure regulatory compliance.

A. Information You Provide Directly

When you enroll in an insurance plan or interact with us, we collect:

  • Personal Details: First name, last name, middle name (if applicable), date of birth, gender, nationality, student ID.
  • Contact Information: Email address, mobile number, mailing address.
  • Insurance Details: Selected insurance plan, coverage start and end dates.
  • Academic Information: University name, student status (full-time/part-time).
  • Payment Details: Billing address and payment status. (We do not store payment information; transactions are processed securely by Stripe.)
  • Referral Information: If referred, we collect details of the referring entity.

B. Automatically Collected Information

  • Device & Usage Data: IP address, browser type, operating system, and pages visited.
  • Cookies & Tracking Technologies: We use cookies to enhance website performance and analyze usage patterns.

C. Information from Third Parties

We may receive verification details from third parties to confirm identity and prevent fraud.

3. How We Use Your Information

Your information is used to:

  • Process Insurance Applications: Underwrite policies, verify eligibility, and manage claims.
  • Communicate with You: Send updates about policies, account information, and customer support.
  • Ensure Compliance & Security: Prevent fraud and comply with legal obligations.
  • Enhance User Experience: Improve website navigation and customer interactions.
  • Marketing & Promotions (With Consent): Send promotional materials related to Gradly services.

4. How We Share Your Information

We do not sell or rent personal data. However, we may share data with:

A. Third-Party Service Providers

To operate our business efficiently, we may share relevant data with:

  • Payment Processing: Stripe handles transactions securely; Gradly does not store payment details.
  • Insurance Administration & Claims Processing: Our insurance underwriting and claims processing partners, including Cigna (PPO network) and USRx (pharmacy network), may receive relevant information.
  • Customer Communication:
    • Twilio: For SMS communications, including A2P messaging.
    • Intercom: For real-time chat and customer support.
    • Email Services: For policy updates and service-related communication.
  • Website Analytics & Security: We use industry-standard tools to analyze traffic and enhance security.

Each of these third parties adheres to strict data protection policies and processes information only as necessary to provide their services.

B. Legal & Regulatory Compliance

We may disclose personal data if required by law, regulation, or governmental request to:

  • Comply with legal requirements.
  • Enforce policies and prevent fraud.
  • Respond to court orders or legal proceedings.

5. SMS & A2P Compliance

Gradly follows A2P 10DLC regulations and industry best practices for SMS communication.

  • User Consent: We obtain explicit consent via a checkbox at the time of registration before sending SMS communications.
  • Types of SMS Sent: Messages may include policy updates, account notifications, payment reminders, and customer support communications.
  • Opt-Out Option: Users can opt out at any time by replying "STOP" to any message received from us.
  • Data Protection: We securely handle mobile numbers and do not share them with unauthorized third parties.

6. Your Rights & Choices

You have the right to:

  • Access & Correct Data: Request corrections to inaccurate personal information.
  • Opt-Out of Marketing: Unsubscribe from promotional emails/SMS at any time.
  • Request Data Deletion: Subject to compliance with legal retention requirements.
  • Modify Cookie Preferences: Adjust settings through your browser or our cookie policy page.

7. Data Security, HIPAA, & PHI Compliance

Gradly is committed to protecting personal and health-related information in accordance with applicable industry standards, including the Health Insurance Portability and Accountability Act (HIPAA), where required.

  • Handling of Protected Health Information (PHI):
    Certain insurance-related data we process may qualify as Protected Health Information (PHI) under HIPAA regulations. When required, we implement safeguards to protect PHI in compliance with HIPAA and other applicable privacy laws.
  • Electronic Data Interchange (EDI 834) Transfers:
    Gradly securely exchanges insurance enrollment data with third parties using EDI 834 standards, ensuring that data transmission is compliant with relevant security protocols.
  • Third-Party Compliance:
    Any third-party service providers or partners handling PHI on our behalf are required to adhere to HIPAA security and confidentiality standards, ensuring the protection of sensitive health-related data.

Important Note: While we take reasonable measures to comply with HIPAA where applicable, Gradly is not a Covered Entity under HIPAA but may work with Business Associates who are required to follow HIPAA regulations.

8. Data Retention

We retain personal data only for as long as necessary to:

  • Fulfill the services for which it was collected.
  • Comply with legal and regulatory requirements.
  • Resolve disputes and enforce policies.

Once no longer needed, data is securely deleted or anonymized.

9. Children's Privacy

We do not knowingly collect data from individuals under 18 years of age. If we discover such information, we will take immediate steps to delete it.

10. Changes to This Privacy Policy

Gradly reserves the right to update this Privacy Policy. Changes will be posted on this page with the updated Effective Date. We encourage users to review this policy periodically.

11. Contact Us

If you have questions or concerns about this Privacy Policy, please contact us:

📧 Email: contact@gradly.us
📍 Mailing Address: 386 Brook St, Providence RI 02906 (USA)
📞 Phone: +1 628 207 0254