Shop Plans
Sign-In
Shop Plans
Sign-In
Shop Plans
Sign-In

Privacy Policy

Privacy Policy

Your privacy matters to us. This Privacy Policy explains what information Optimyl Benefits collects when you visit our website, how we use it, who we share it with, and your rights regarding that information. We do not sell your personal information.

1. Who We Are 

Optimyl Benefits (“Optimyl,” “we,” “us,” or “our”) is a health benefits company focused on providing affordable, high-quality health insurance plans for small businesses. Our website is located at www.optimyl.com. 

For questions about this Privacy Policy or your personal information, contact us at: 

Email: contactus@optimyl.com  |  Phone: 800-621-0748 

 

2. Scope of This Policy 

This Privacy Policy applies to information collected through: 

  • The Optimyl Benefits website at www.optimyl.com 
  • The Employer Portal, Member Portal, and Broker Portal 
  • Email, phone, or other communications with Optimyl Benefits 
  • Online forms and plan shopping tools on the website 

 

This Privacy Policy does not govern the data practices of Allied Benefit Systems (alliedbenefit.com) or other third-party platforms linked from our website. Those platforms have their own privacy policies that apply to your use of their services. 

This Policy also does not cover Protected Health Information (PHI) collected in the course of providing health insurance coverage, which is governed by our HIPAA Notice of Privacy Practices. 

 

3. Information We Collect 

3.1 Information You Provide Directly 

We collect personal information you voluntarily provide, including when you: 

  • Fill out contact forms, request quotes, or shop for plans 
  • Register for or log into a portal account 
  • Communicate with us by email, phone, or chat 
  • Apply for coverage or submit enrollment information 

 

This information may include your name, employer name, email address, mailing address, phone number, date of birth, employee counts, and other details necessary to provide Services. 

 

3.2 Information Collected Automatically 

When you visit our website, we and our service providers automatically collect certain technical information, including: 

  • IP address, browser type and version, operating system 
  • Pages visited, links clicked, time spent on pages, and referring URLs 
  • Device identifiers and session data 
  • Cookies and similar tracking technologies (see Section 5) 

 

3.3 Information from Third Parties 

We may receive information about you from: 

  • Brokers or agents who submit information on your behalf 
  • Employers who enroll employees in Optimyl plans 
  • Stop loss insurance underwriters (The North River Insurance Company or Gerber Life Insurance Company) 
  • Analytics and technology service providers 

 

4. How We Use Your Information 

We use the information we collect for the following purposes: 

4.1 Service Delivery 

  • To process plan inquiries, quotes, and enrollments 
  • To administer employer, member, and broker portal accounts 
  • To communicate with you about your coverage, claims, or account 
  • To provide customer and member support 

 

4.2 Website Operations 

  • To maintain and improve website functionality and security 
  • To monitor for unauthorized access or fraudulent activity 
  • To analyze how users interact with the website 

 

4.3 Communications 

  • To send service-related notifications and updates 
  • To respond to your inquiries and requests 
  • To send marketing communications about our plans and services (where you have not opted out) 

 

4.4 Legal & Compliance 

  • To comply with applicable federal and state insurance regulations 
  • To respond to legal process, government requests, or regulatory inquiries 
  • To protect the rights and safety of Optimyl Benefits, its users, and the public 

 

5. Cookies & Tracking Technologies 

Our website uses cookies and similar technologies to improve your experience. Types of cookies we use include: 

  • Strictly Necessary Cookies: Required for basic website functions such as portal login and navigation. 
  • Performance/Analytics Cookies: Help us understand how visitors interact with the website (e.g., Google Analytics). 
  • Functional Cookies: Enable enhanced features and personalization. 
  • Advertising Cookies: Used by advertising partners to display relevant ads on other platforms. 

 

You may control cookie preferences through your browser settings. Disabling certain cookies may affect website functionality. We honor browser-based opt-out signals where technically feasible. 

 

6. How We Share Your Information 

We do not sell your personal information. We share your information only in the following circumstances: 

6.1 Service Providers 

We engage trusted third-party vendors to support our operations, including web hosting, IT services, analytics, and customer communications. These vendors are contractually required to use your information only as directed by Optimyl Benefits and to maintain appropriate security measures. 

 

6.2 Insurance & Stop Loss Partners 

To administer health plans, we share necessary information with stop loss insurance underwriters (currently The North River Insurance Company and Gerber Life Insurance Company), third-party administrators, and network providers as required for coverage administration. 

 

6.3 Business Partners 

We work with licensed insurance brokers who may submit or access information on behalf of employer groups. Brokers are subject to their own legal and ethical obligations regarding your data. 

 

6.4 Legal Requirements 

We may disclose information when required by law, subpoena, regulation, or governmental request, or when we believe disclosure is necessary to protect rights, property, or safety. 

 

6.5 Business Transfers 

In the event of a merger, acquisition, sale of assets, or similar transaction, your information may be transferred to the successor entity, subject to substantially the same privacy protections. 

 

7. Detailed Information on the Processing of Your Personal Data 

Service Providers have access to your Personal Data only to perform their tasks on our behalf and are contractually obligated not to disclose or use it for any other purpose. 

 

7.1 Analytics 

We may use third-party Service Providers to monitor and analyze the use of our website. This helps us understand how visitors interact with our content and improve the user experience. 

 

7.2 Google Analytics 

Google Analytics is a web analytics service offered by Google that tracks and reports website traffic. Google uses the data collected to track and monitor the use of our website. This data is shared with other Google services. Google may use the collected data to contextualize and personalize the ads of its own advertising network. 

 

You can opt out of having your activity on the website made available to Google Analytics by installing the Google Analytics opt-out browser add-on. The add-on prevents the Google Analytics JavaScript (ga.js, analytics.js, and dc.js) from sharing information with Google Analytics about your visit activity. 

 

For more information on the privacy practices of Google, please visit Google’s Privacy & Terms page: https://policies.google.com/privacy 

 

By using our website, you acknowledge that analytics data may be collected and processed by Google Analytics as described above. You may opt out at any time using the browser add-on linked above or by adjusting your browser cookie settings. 

 

8. Data Retention 

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary based on data type: 

  • Website visitor data: typically 14 months for analytics cookies. 
  • Account and portal information: retained for the duration of the relationship plus applicable regulatory retention periods. 
  • Insurance-related data: retained in accordance with applicable state and federal insurance regulations. 

 

9. Data Security 

We implement industry-standard technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction. These measures include: 

  • Encryption of data in transit using TLS/SSL protocols. 
  • Secure, access-controlled servers and systems. 
  • Role-based access controls limiting employee access to personal data. 
  • Regular security assessments and vendor due diligence. 

 

No method of data transmission or storage is 100% secure. While we take reasonable precautions, we cannot guarantee absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law. 

 

10. Your Privacy Rights 

Depending on your state of residence, you may have rights regarding your personal information. These may include: 

  • Right to Know: Request disclosure of the categories and specific pieces of personal information we have collected about you. 
  • Right to Access: Obtain a copy of your personal information. 
  • Right to Correction: Request that we correct inaccurate information. 
  • Right to Deletion: Request deletion of your personal information, subject to legal retention requirements. 
  • Right to Opt Out of Marketing: Unsubscribe from marketing emails at any time via the unsubscribe link or by contacting us directly. 
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights. 

 

California residents may have additional rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Texas residents may have rights under the Texas Data Privacy and Security Act (TDPSA). 

To exercise your rights or submit a privacy request, contact us at contactus@optimyl.com or call 800-621-0748. We will respond within 45 days of receiving your request. 

 

11. Children’s Privacy 

Our website is not directed to individuals under the age of 18, and we do not knowingly collect personal information from minors. If we become aware that we have inadvertently collected information from a child under 13, we will delete it promptly. If you believe we have collected such information, please contact us immediately. 

 

12. Links to Third-Party Websites 

Our website contains links to third-party sites, including the Allied Benefit Systems portal. We are not responsible for the privacy practices or content of these external sites. We encourage you to review the privacy policies of any third-party sites you visit. 

 

13. HIPAA Notice 

Health plan coverage involves Protected Health Information (PHI) governed by the Health Insurance Portability and Accountability Act (HIPAA). Our use and disclosure of PHI is governed separately by our HIPAA Notice of Privacy Practices, which is provided to members upon enrollment and is available upon request. This Privacy Policy governs website and marketing data, not PHI. 

 

14. Changes to This Privacy Policy 

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, or legal requirements. We will post the revised Policy on this page with an updated effective date. For significant changes, we may provide additional notice via email or portal notification. Your continued use of the website after changes take effect constitutes acceptance of the revised Policy. 

 

15. Contact Us 

If you have questions, concerns, or requests regarding this Privacy Policy or your personal information, please contact us: 

 

Optimyl Benefits 

Phone: 800-621-0748 

Email: contactus@optimyl.com 

Website: optimyl.com 

 

For HIPAA-related privacy requests regarding your health plan coverage, please contact Allied Benefit Systems directly or refer to your plan documents for the appropriate contact. 

 

Optimyl Benefits is committed to protecting your privacy and handling your information with care and transparency. We welcome questions and feedback on our privacy practices. 

 

16. Supplemental Privacy Notice for California Residents 

This Supplemental Notice applies solely to visitors, users, and others who reside in the State of California (“California Residents”). It supplements the information in the main Privacy Policy above and is provided to comply with the California Consumer Privacy Act of 2018 (“CCPA”) as amended by the California Privacy Rights Act (“CPRA”) and the updated regulations effective January 1, 2026. Any terms defined in the CCPA/CPRA have the same meaning when used in this section. 

 

HIPAA Carve-Out: The CCPA and CPRA exempt Protected Health Information (PHI) regulated under HIPAA and information collected in the course of providing or administering a health benefit plan. This California Notice applies to personal information collected through our website and marketing activities — not to PHI or enrollment data governed by HIPAA and applicable plan documents. 

 

16.1 Categories of Personal Information We Collect 

In the preceding 12 months, we have collected the following categories of personal information from California Residents visiting or using our website: 

 

  • Identifiers: Name, email address, postal address, phone number, IP address, account username, and similar identifiers. 
  • Personal Information under Cal. Civ. Code § 1798.80: Name, address, telephone number, and employment-related information submitted through plan inquiry or employer portal forms. 
  • Internet or Other Electronic Network Activity: Browsing history on our website, pages viewed, links clicked, search queries, and interactions with web features. 
  • Geolocation Data: General location derived from IP address (not precise geolocation). 
  • Professional or Employment-Related Information: Employer name, group size, and industry, when provided in connection with a plan inquiry or employer account. 
  • Inferences: Profiles drawn from the above to understand preferences or interests for purposes of improving our website and communications. 

 

We do not knowingly collect Sensitive Personal Information as defined under the CCPA (such as Social Security numbers, financial account credentials, precise geolocation, health information, genetic data, or biometric identifiers) through this website. Health-related data provided in the context of plan enrollment is governed by HIPAA and is excluded from this Notice. 

 

16.2 Sources of Personal Information 

We collect personal information from the following categories of sources: 

  • Directly from you, when you fill out forms, contact us, or create a portal account. 
  • Automatically through cookies, web analytics tools (including Google Analytics), and similar technologies as you interact with our website. 
  • From brokers or employers who submit information on your behalf in connection with plan enrollment or administration. 
  • From third-party service providers such as web hosting and analytics vendors. 

 

16.3 Business and Commercial Purposes for Collection 

We collect personal information for the following business and commercial purposes: 

  • Responding to plan inquiries, processing enrollments, and administering employer, member, and broker portal accounts. 
  • Communicating with you about our Services, your account, or your coverage. 
  • Operating, securing, and improving our website and Services. 
  • Marketing our plans and Services to employers, brokers, and prospective members. 
  • Analyzing website usage through Google Analytics and similar tools to improve content and user experience. 
  • Complying with applicable federal and state insurance regulations, legal obligations, and government requests. 

 

16.4 Disclosure of Personal Information 

In the preceding 12 months, we have disclosed the following categories of personal information to the categories of third parties listed, for the business purposes described: 

 

  • Identifiers → Web analytics providers (Google Analytics), IT/hosting service providers, and marketing vendors, for website operations and communications. 
  • Internet Activity → Google Analytics, for website traffic analysis and performance measurement. 
  • Professional/Employment Information → Stop loss insurance underwriters (The North River Insurance Company, Gerber Life Insurance Company) and licensed brokers, for plan administration. 

 

All service providers and contractors receiving personal information are contractually restricted to using it only for the specific business purpose for which it was disclosed, consistent with the January 1, 2026 CCPA regulatory requirements for service provider and contractor disclosures. 

 

16.5 Sale or Sharing of Personal Information 

We do not sell your personal information for monetary consideration. We do not share your personal information for cross-context behavioral advertising purposes. Accordingly, we do not offer a “Do Not Sell or Share My Personal Information” opt-out because we do not engage in these activities. 

If our practices change, we will update this Notice and provide the required opt-out mechanism before any such activity begins. 

 

16.6 Sensitive Personal Information 

We do not use or disclose Sensitive Personal Information (as defined under the CCPA/CPRA) collected through this website for purposes beyond what is necessary to provide our website services. We do not collect neural data, precise geolocation, biometric identifiers, or genetic data through our website. Health-related data exchanged for HIPAA-covered plan administration is excluded from this Notice. 

 

16.7 Retention of Personal Information 

We retain each category of personal information only as long as reasonably necessary for the purposes described in this Policy, or as required by law. Retention periods by category are: 

  • Website visitor and analytics data (identifiers, internet activity): up to 13 months. 
  • Employer and broker portal account data: duration of the business relationship plus 5 years, or as required by applicable insurance regulations. 
  • Marketing and communications data: until opt-out or 3 years after last interaction. 
  • Legally mandated records: as required by federal or state insurance, tax, or employment laws. 

 

16.8 Your California Privacy Rights 

As a California Resident, you have the following rights under the CCPA/CPRA, as amended effective January 1, 2026: 

 

  • Right to Know (Categories): Request that we disclose the categories of personal information we have collected about you, the categories of sources, the business purposes, and the categories of third parties with whom we share it. 
  • Right to Know (Specific Pieces): Request that we disclose the specific pieces of personal information we have collected about you, including data collected prior to the past 12 months (back to January 1, 2022, per 2026 regulations). 
  • Right to Delete: Request deletion of personal information we have collected about you, subject to legal exceptions (such as completing a transaction, complying with a legal obligation, or detecting fraud). 
  • Right to Correct: Request correction of inaccurate personal information we maintain about you. 
  • Right to Opt Out of Sale/Sharing: Direct us not to sell or share your personal information. (We do not currently sell or share personal information for these purposes.) 
  • Right to Limit Use of Sensitive Personal Information: Direct us to limit use of your Sensitive Personal Information to what is necessary to provide our Services. (We do not currently use Sensitive Personal Information beyond necessary business purposes.) 
  • Right to Non-Discrimination: We will not discriminate against you for exercising any of these rights. We will not deny goods or services, charge different prices, or provide a lower quality of service as a result of your exercising your privacy rights. 

 

16.9 How to Submit a California Privacy Request 

To exercise your California privacy rights, you or your authorized agent may contact us through any of the following methods: 

  • Email: contactus@optimyl.com (include “California Privacy Request” in the subject line) 
  • Phone: 800-621-0748 

 

We will acknowledge receipt of your request within 10 business days and respond within 45 calendar days of receipt. If we require additional time (up to 90 days total), we will notify you of the extension and the reason. We do not charge a fee for processing your request unless it is excessive, repetitive, or manifestly unfounded. 

We will verify your identity before processing your request. Verification may require you to provide information sufficient to match our records. You may designate an authorized agent to submit requests on your behalf, provided the agent submits written authorization signed by you. 

 

16.10 Do Not Track (DNT) Signals and Third-Party Tracking — CalOPPA Disclosure 

Our Website does not currently respond to or alter its data collection practices based on browser-transmitted Do Not Track signals. There is no uniform technical standard for how DNT signals should be interpreted or honored, and no industry consensus has been reached. Accordingly, like many websites, we do not modify data collection in response to DNT browser settings at this time. 

 

Third-Party Collection of Personally Identifiable Information 

Yes — third parties may collect personally identifiable information about your online activities over time and across different websites when you use our Website. Specifically: 

  • Google Analytics: Google collects browsing activity, IP address, device information, and pages visited on our Website. Google may use this data across other websites and services within its advertising network. You can opt out via the Google Analytics opt-out browser add-on at tools.google.com/dlpage/gaoptout or by adjusting your cookie settings. 
  • Advertising Cookies: If advertising cookies are active, third-party advertising partners may collect data about your visits to our Website to show you relevant ads on other sites. You can opt out of interest-based advertising at optout.networkadvertising.org (Network Advertising Initiative) or optout.aboutads.info (Digital Advertising Alliance). 
  • Embedded Third-Party Services: Our Website links to and may embed content from Allied Benefit Systems (alliedbenefit.com) and other third-party portals. Those services operate under their own privacy policies and may independently collect data about you. 

 

You can limit third-party data collection by adjusting your browser’s cookie settings, enabling the Global Privacy Control signal, installing the Google Analytics opt-out add-on, or opting out through the NAI or DAA opt-out tools linked above. 

 

16.11 Global Privacy Control (GPC) and Opt-Out Signals 

Effective January 1, 2026, the CCPA requires businesses to honor browser-level opt-out preference signals, including the Global Privacy Control (GPC). If your browser or device transmits a GPC signal when you visit our website, we will treat it as a valid request to opt out of any sale or sharing of your personal information. We will display a confirmation that your opt-out signal has been processed. 

You can enable Global Privacy Control through supported browsers or browser extensions. For more information, visit globalprivacycontrol.org. 

 

16.12 Automated Decision-Making Technology (ADMT) 

As of the effective date of this Policy, Optimyl Benefits does not use Automated Decision-Making Technology (ADMT) as defined under the 2026 CCPA regulations to make significant decisions about California Residents, such as decisions affecting access to insurance products or services. If we implement ADMT in the future for such purposes, we will provide the required pre-use notice and opt-out rights before doing so. 

 

16.13 Changes to This California Notice 

We will update this Supplemental California Notice at least annually, and whenever there are material changes to our data practices. The effective date at the top of the main Privacy Policy reflects the most recent update. We encourage California Residents to review this Notice periodically. 

 

Questions specific to your California privacy rights? Contact us at contactus@optimyl.com or 800-621-0748. We are committed to honoring your rights and responding promptly to all privacy requests. 

17. Supplemental Privacy Notice for Texas Residents 

This Supplemental Notice applies to residents of the State of Texas and supplements the information in the main Privacy Policy above. It is provided in compliance with the Texas Data Privacy and Security Act (TDPSA), Texas Business and Commerce Code Chapter 541. 

 

HIPAA and Insurance Data Carve-Out: The TDPSA expressly exempts covered entities and business associates governed by HIPAA, and separately exempts data classified as insurance data under applicable regulations. This Texas Notice therefore applies to personal data collected through our Website and marketing activities — not to Protected Health Information (PHI), enrollment data, or insurance records governed by HIPAA or Texas insurance regulations. 

 

Small Business Note: Optimyl Benefits qualifies as a small business. The TDPSA exempts entities that qualify as “small businesses” under the U.S. Small Business Administration (SBA) definition, unless the business sells sensitive personal data.  

 

17.1 Personal Data We Collect 

We collect the following categories of personal data from Texas residents through our Website and communications: 

  • Identifiers: Name, email address, mailing address, phone number, and IP address. 
  • Internet Activity: Pages visited, links clicked, and browsing behavior on our Website, collected via cookies and Google Analytics. 
  • Professional/Employment Information: Employer name, group size, and industry, when submitted in connection with plan inquiries or employer portal accounts. 
  • Geolocation Data: General location derived from IP address (non-precise). 

 

We do not collect sensitive data (as defined by the TDPSA, including precise geolocation, racial or ethnic origin, religious beliefs, health conditions, immigration status, genetic data, or biometric data) through our Website. Health-related data exchanged in the context of plan enrollment is governed by HIPAA and is excluded from this Notice. 

 

17.2 Purposes for Processing 

We process personal data of Texas residents for the following purposes: 

  • To respond to plan inquiries, provide quotes, and administer employer, member, and broker portal accounts. 
  • To communicate with you about our Services and your account. 
  • To operate, secure, and improve our Website using analytics tools including Google Analytics. 
  • To send marketing communications about our plans and services, where you have not opted out. 
  • To comply with applicable Texas and federal insurance laws and regulations. 

 

17.3 Sale of Personal Data 

We do not sell your personal data to third parties for monetary consideration. We do not engage in the sale of sensitive personal data. Accordingly, we do not offer a separate opt-out for the sale of personal data, as we do not engage in that activity. 

 

17.4 How to Submit a Texas Privacy Request 

To exercise your rights under the TDPSA, contact us at: 

  • Email: contactus@optimyl.com (include “Texas Privacy Request” in the subject line) 
  • Phone: 800-621-0748 

 

We will respond to authenticated requests within 45 days. If additional time is needed (up to 45 additional days), we will notify you of the extension and the reason. We will not discriminate against you for exercising your rights.