Senior SimpleBack to home

Privacy Policy

Effective Date: May 27, 2026

Senior Simple LLC ("Senior Simple," "we," "us," or "our") is committed to protecting the privacy of the people who interact with our website, our pre-launch waitlist for ClientKeep, and the Senior Simple platform (the "Platform"). ClientKeep is our first product built on the Senior Simple platform; this policy applies to both. This Privacy Policy explains the personal information we collect, why we collect it, how we use and protect it, and the choices and rights available to you.

This policy covers three categories of activity:

  • Marketing and waitlist activity at seniorsimple.io, including the Founding Member program;
  • Use of the Senior Simple platform by independent Medicare insurance agents and the agencies that employ them; and
  • Personal information that Medicare beneficiaries provide through intake forms delivered by the Platform on behalf of an agent.

If you use the Platform as an agent, you are an account holder and a direct user of the Platform. If you submit information through a form sent to you by a Medicare agent who uses the Platform, you are a data subject whose information is processed by Senior Simple on behalf of that agent. Different sections of this policy explain how each category of information is handled.

1. Who Does What — Roles and Responsibilities

Senior Simple acts in different roles depending on the activity:

  • For waitlist and marketing activities, Senior Simple is the controller of your information and decides how it is used.
  • For agent account data (information agents provide to use the Platform), Senior Simple is the controller for the purposes of operating the Platform.
  • For beneficiary intake data (Scope of Appointment forms, Permission to Contact records, prescriptions, doctors, pharmacies, and similar information that beneficiaries submit through the Platform), Senior Simple acts as a service provider to the agent or agency. The agent or agency directs how that data is collected, used, and where it is sent. Senior Simple's role is to operate the technical platform that delivers the intake experience and routes the resulting data as the agent directs.

2. Information We Collect

2.1 Waitlist and marketing information

When you join the ClientKeep waitlist or otherwise interact with seniorsimple.io, we collect:

  • Contact information: name (if provided), business or agency name, email address, and mobile phone number (if you opt in to SMS).
  • Professional information: agency size, role, and information you provide about your current client management workflow or pain points.
  • Communication data: emails, text messages, and customer support interactions.
  • Automatically collected data: IP address, browser type and version, operating system, referring URL, pages visited, and similar information collected through cookies and similar technologies (see Section 12).

2.2 Agent account information

When you create or use a Senior Simple agent account, we collect:

  • Identity information: name, business email, business phone, business mailing address, and (where required) license number, NPN, and the states in which you are appointed.
  • Authentication data: password hash, multi-factor authentication factors, session tokens, and login events.
  • Billing information: the billing contact name, address, and (if you become a paid subscriber) payment method information processed by our payment provider. We do not store full card numbers on our own systems.
  • Configuration data: the agency or sub-account identifiers used to connect the Platform to your CRM, your preferences, and the templates you create.
  • Usage data: the actions you take on the Platform, the forms you create or send, and the records you view or modify.
  • Support records: the content of support tickets, chats, and calls you have with our team.

2.3 Beneficiary intake data

When a Medicare beneficiary submits information through a Senior Simple intake form delivered by their agent, we may receive and process:

  • Identity and contact information: name, address, phone number, email address, and date of birth.
  • Eligibility information: Medicare beneficiary identifier where the beneficiary chooses to provide it, plan effective dates, and similar enrollment details.
  • Health-related information: medications, doctors, hospitals, pharmacies, conditions, and other health-related entries the beneficiary provides as part of the intake process.
  • Consent records: signed Scope of Appointment (SOA) and Permission to Contact (PTC) submissions, including the date and time of consent and the IP address from which it was submitted.
  • Communication metadata: the date, time, and delivery status of any communications sent to the beneficiary through the Platform.

Some of this information is Protected Health Information (PHI) under the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). See Section 6 for how PHI is handled.

We do not sell any personal information.

3. How We Use Information

We use the information described above for the following purposes:

For waitlist and marketing activity:

  • Notify you when ClientKeep launches and provide early-access details.
  • Respond to inquiries and provide customer support.
  • Send account-related updates and notifications.
  • Send marketing or promotional communications by email and, where separately consented, by text message.
  • Improve our product roadmap based on the agency-size and pain-point information you provide.
  • Comply with A2P 10DLC, CAN-SPAM, and other applicable communication laws.

For agent account information:

  • Provide, maintain, and secure the Platform.
  • Authenticate users and prevent unauthorized access.
  • Bill paid subscribers and handle subscription lifecycle events.
  • Provide support and respond to product feedback.
  • Monitor for abuse, fraud, and platform integrity.
  • Generate aggregated, de-identified analytics to improve the Platform.

For beneficiary intake data:

  • Deliver intake forms on behalf of the agent who initiated the form.
  • Capture and store the beneficiary's responses and consent records.
  • Deliver those responses and consent records to the CRM or customer engagement platform that the agent has elected to connect to the Platform.
  • Maintain CMS-required records of Scope of Appointment for the period required by applicable law.
  • Support the agent in responding to data subject requests or audits.

We do not use beneficiary intake data for our own marketing, model training, advertising, or any purpose other than performing the service the agent has engaged us to perform.

4. Email and Mobile Messaging

We do not share, sell, rent, or disclose email addresses, mobile phone numbers, or SMS opt-in consent with third parties or affiliates for marketing or promotional purposes. We may share limited information with service providers who help us operate our messaging, website, and customer support systems, but only as necessary to provide our services and never for their own marketing. Carriers are not liable for delayed or undelivered messages.

If you opt in to non-marketing messages, we may send launch notifications, account-related communications, and product updates. If you separately opt in to marketing messages, we may send promotional messages and special offers related to ClientKeep.

SMS Data Sharing

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Information sharing with subcontractors providing support services, such as customer service or messaging infrastructure, is permitted. All other use case categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

5. A2P 10DLC and CAN-SPAM Compliance

We adhere to A2P 10DLC requirements when sending text messages, including:

  • Obtaining appropriate opt-in consent before sending messages.
  • Providing clear opt-out mechanisms for text message communication.
  • Honoring opt-out requests promptly.
  • Sending messages consistent with the stated purpose of the program.
  • Maintaining records of text message interactions as required for compliance purposes.

We adhere to the Controlling the Assault of Non-Solicited Pornography And Marketing (CAN-SPAM) Act for email communications, including:

  • Providing a clear and conspicuous way to opt out of marketing emails.
  • Honoring opt-out requests promptly.
  • Including our physical mailing address in marketing emails.
  • Not using deceptive subject lines or misleading header information.
  • Clearly indicating when an email contains promotional content.

You can opt out of marketing email at any time by using the "unsubscribe" link at the bottom of any marketing message, or by contacting us using the information in Section 17.

6. HIPAA and Protected Health Information

The Senior Simple platform may be used in connection with Protected Health Information ("PHI") when agents collect and process Medicare beneficiary information. The agent or agency remains solely responsible for their own legal and regulatory obligations regarding that information, including any obligations they may have under HIPAA. Senior Simple has designed the Platform with technical safeguards intended to support agents' compliance work, but the use of the Platform does not by itself satisfy any party's HIPAA or other compliance requirements.

6.1 Technical safeguards

The Platform applies the technical safeguards described in Section 7 to all data, including PHI. These include encryption in transit, encryption at rest, role-based access controls, multi-factor authentication for personnel accessing production systems, and audit logging of access to sensitive records.

6.2 Administrative safeguards

We maintain administrative safeguards including workforce training, background checks, written security policies, access reviews, and incident response procedures.

6.3 Scope of services

Senior Simple does not use PHI for its own purposes, does not sell PHI, and does not use individually identifiable PHI to train any artificial intelligence or machine learning system. Where we use de-identified or aggregated information for product analytics or improvement, we do so consistent with the HIPAA Safe Harbor de-identification standard.

As a matter of internal policy, Senior Simple uses, discloses, and requests PHI only as necessary to provide the Platform to the agent and the agent's clients, consistent with the "minimum necessary" principle under the HIPAA Privacy Rule.

6.4 Agent responsibility for the connected CRM

When an agent connects the Senior Simple platform to an external CRM or customer engagement platform, the agent is responsible for ensuring that the connected platform is configured to receive and store Protected Health Information in a HIPAA-compliant manner. This typically requires the agent to have a separate Business Associate Agreement directly with the CRM vendor and to enable any HIPAA-specific configuration the CRM vendor offers. Senior Simple does not represent, on behalf of any third-party CRM, that the CRM is HIPAA-eligible by default, and does not independently verify a connected CRM's HIPAA configuration. The agent or agency remains solely responsible for ensuring that any CRM to which they connect the Platform meets their compliance obligations.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect personal information from unauthorized access, disclosure, alteration, and destruction. Our security program includes:

  • Encryption of data in transit using TLS 1.2 or higher.
  • Encryption of data at rest using AES-256.
  • Role-based access controls, with access granted on a least-privilege basis and reviewed periodically.
  • Multi-factor authentication for all personnel with access to production systems.
  • Logging and monitoring of access to sensitive data and production systems.
  • Regular security testing of the Platform.
  • Written security policies, workforce training, and incident response procedures.

No system can be guaranteed to be completely secure. If you believe your interaction with us is no longer secure, please contact us using the information in Section 17.

8. Breach Notification

If we become aware of a security incident affecting your personal information, we will notify affected parties without undue delay and consistent with applicable law and any contractual obligations we have to the agent or agency that holds the account.

9. Data Retention

We retain personal information only as long as needed for the purposes described in this policy or as required by law.

  • Waitlist and marketing data: retained until you unsubscribe or otherwise request deletion, and for a reasonable period afterward to honor your opt-out and to maintain communication suppression lists.
  • Agent account data: retained while your account is active and for 60 days after termination, after which it is deleted or de-identified unless a longer retention period is required by law.
  • Beneficiary intake data: retained for ten (10) years from the date the data was submitted, consistent with the CMS Medicare Communications and Marketing Guidelines and applicable Medicare regulations.
  • Audit logs and security records: retained for six (6) years, consistent with the HIPAA Security Rule (45 C.F.R. §164.316(b)(2)).

When personal information is no longer needed, we delete it or de-identify it.

10. Third-Party Service Providers

We work with a limited set of trusted service providers who help us operate the Platform and our marketing activities. These providers may access personal information only as necessary to perform services on our behalf, and are contractually prohibited from using it for their own marketing or promotional purposes.

Categories of service providers we use include:

  • Third-party CRM and customer engagement platforms that agents connect to the Senior Simple platform. These platforms receive only the data the agent elects to sync.
  • Cloud hosting and infrastructure providers.
  • Email and SMS delivery providers.
  • Payment processors (for paid subscribers).
  • Customer support and ticketing tools.
  • Analytics and error-monitoring tools (configured to exclude beneficiary intake data and PHI from collection).

A current list of named subprocessors is available to qualifying account holders upon request.

We do not sell, rent, or share email addresses, mobile phone numbers, SMS opt-in data, or consent records with third parties for marketing or promotional purposes.

We may disclose information if required by law, in response to valid legal process, or to protect the rights, safety, or security of our business, customers, or others, and only to the extent legally necessary.

11. International Data Transfers

The Senior Simple platform is operated from the United States. If you access the Platform from outside the United States, your information will be transferred to, stored, and processed in the United States.

12. Cookies and Tracking Technologies

Our website uses cookies, web beacons, pixels, and similar technologies to collect information such as your IP address, the date and time of your visit, browser and operating system information, the referring website address, and how you interact with the site.

Our email campaigns may also use tracking technologies such as web beacons and pixels to collect information such as your IP address, browser type and version, and email engagement statistics.

You can manage cookie preferences through your browser settings. Disabling cookies may affect the functionality of the site.

13. Your Rights

Depending on where you live, you may have the following rights regarding your personal information. We will respond to verifiable requests in accordance with applicable law.

  • Access: request a copy of the personal information we hold about you.
  • Rectification: request that we correct inaccurate or incomplete information.
  • Erasure: request that we delete your personal information, subject to legal exceptions (including the CMS ten-year SOA retention obligation).
  • Restriction: request that we restrict the processing of your information.
  • Data portability: request a copy of your personal information in a structured, commonly used, machine-readable format.
  • Objection: object to certain processing, including direct marketing.
  • Withdraw consent: withdraw consent to processing where processing is based on consent.

To exercise any of these rights, contact us using the information in Section 17. If you are a Medicare beneficiary whose information was submitted through an agent's Senior Simple intake form, the most direct route is usually to contact the agent who provided the form. If you contact us directly, we will work with the agent to respond to your request and will not refuse a verifiable request for access to your information.

13.1 California residents (CCPA / CPRA)

If you are a California resident, the California Consumer Privacy Act and California Privacy Rights Act give you the rights described above, as well as the right to opt out of the sale or sharing of personal information (we do not sell or share personal information as those terms are defined under California law). You may also designate an authorized agent to make a request on your behalf. We will not discriminate against you for exercising these rights.

13.2 European Economic Area, United Kingdom, and Switzerland (GDPR / UK GDPR)

If you are located in the EEA, the United Kingdom, or Switzerland, you have the rights described above under the General Data Protection Regulation or its UK and Swiss equivalents. The legal bases on which we process your personal information are:

  • Consent, where you have opted in to a specific use (such as marketing communications).
  • Performance of a contract, when we process information to provide you with the Platform or services you have requested.
  • Legitimate interests, when we process information to operate, secure, and improve the Platform, where those interests are not overridden by your rights.
  • Legal obligation, when we are required to process information by applicable law.

You also have the right to lodge a complaint with your local data protection authority.

14. Children's Privacy

The Platform is intended for licensed insurance professionals and the Medicare beneficiaries they serve. We do not knowingly collect personal information from anyone under the age of eighteen. If we learn that we have collected personal information from someone under eighteen, we will delete it. If you believe we have collected such information, please contact us using the information in Section 17.

15. Age of Consent

By using the Platform or seniorsimple.io, you represent that you are at least the age of majority in your state of residence and, if you are using the Platform as an agent, that you are using it in a professional capacity related to insurance or healthcare services.

16. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in legal requirements, messaging compliance guidelines, our practices, or the Platform. We will post any changes on this page and update the Effective Date above. Material changes will be communicated by email to account holders or, where appropriate, by an in-app notice.

By continuing to use the Platform or seniorsimple.io after a change takes effect, you consent to the updated Policy.

17. How to Contact Us

For questions about this Privacy Policy or our privacy practices, or to exercise any of the rights described above, contact us at:

Senior Simple LLC
2101 Hebert Ct.
Mckinney, TX 75071
hello@seniorsimple.io
(832) 330-5172