SATTORI GROUP – PRIVACY POLICY

Last updated: May 6, 2025

Sattori Group (“Sattori,” “we,” “our,” or “us”) values your privacy. This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you access or use our websites, applications, call centers, and application‑to‑person (A2P) messaging programs focused on Affordable Care Act (ACA) services (collectively, the “Services”).

By using the Services or providing information to us, you consent to the practices described in this Policy.

1. Information We Collect

1.1 Information You Provide

• Contact Information – Name, address, email, phone number.

• Application Data – Demographic details, household income, Social Security numbers (SSN), dependent information, and other data required for ACA enrollment.

• Health‑Related Information – Limited medical information (e.g., pre‑existing conditions) solely to assist with plan selection; Sattori is not a covered entity under HIPAA but treats such data with heightened safeguards.

• Payment Information – Bank account or card details when you authorize premium payments.

1.2 Information We Collect Automatically

• Device identifiers, IP addresses, browser type, referring pages, and usage logs via cookies and similar technologies.

• SMS interaction data: delivery confirmation, opt‑in status, opt‑out requests, message timestamps.

1.3 Information from Third Parties

• Federal or state ACA exchanges, carriers, verification vendors, and lead providers may send eligibility results or application status updates.

2. How We Use Information

• Process ACA applications, renewals, and plan comparisons.

• Send transactional and promotional A2P SMS/email communications (e.g., eligibility notices, enrollment reminders, marketing offers up to 8 msgs/mo).

• Improve Services, analytics, fraud prevention, and security.

• Comply with legal obligations and carrier policies.

• With your consent, share limited data with trusted partners for ancillary products (dental, vision, supplemental health).

3. Legal Bases (GDPR‑Aligned for EU Visitors)

• Contractual necessity – Processing enrollment requests.

• Consent – Marketing messages, sharing with partners.

• Legal obligation – Regulatory reporting.

• Legitimate interests – Service enhancement, security.

4. Disclosure of Information

We never sell your personal data. We may share information:

1. Service Providers – Cloud hosting, CRM, SMS/voice carriers, payment processors, all bound by confidentiality.

2. Government Exchanges & Insurers – To fulfill ACA enrollment.

3. Legal & Compliance – When required by law, court order, or to protect rights.

4. Business Transfers – In merger or acquisition events with notice to you.

5. A2P Messaging Compliance

• Opt‑In – You must explicitly consent to receive automated texts/calls.

• Opt‑Out – Reply STOP to cancel; we honor requests within 24 hours.

• Help – Reply HELP or contact us via the channels below.

• Recordkeeping – We store opt‑in logs and opt‑out logs for at least four years as required by CTIA and TCPA.

• Frequency – Message frequency varies (1–8 msgs/mo). Message & data rates may apply.

6. Cookies & Tracking

We use first‑party and third‑party cookies for session management, analytics (e.g., Google Analytics), and advertising. You may control cookies through browser settings, but core functionality may be affected.

7. Data Security

We implement industry‑standard safeguards:

• TLS 1.2+ encryption in transit, AES‑256 at rest.

• Principle of least privilege access controls.

• Annual penetration testing and vendor security reviews.

• Incident response plan meeting HIPAA/HITECH timelines (where applicable).

No method of transmission or storage is 100% secure; we cannot guarantee absolute security.

8. Data Retention

We retain data as long as necessary to fulfill the purposes outlined, satisfy legal obligations (e.g., ACA documentation retention for 10 years), or until you request deletion, whichever is longer.

9. Your Choices & Rights

• Access / Correction – Request a copy or correction of your data.

• Deletion – Request deletion where permitted by law.

• Marketing Opt‑Out – Unsubscribe from emails or reply STOP to SMS.

• Do Not Track – We honor browser DNT signals where technically feasible.

• California Residents (CCPA) – You have the right to know, delete, and opt‑out of “sale” (we do not sell data).

Submit requests via the contact information below. We will verify your identity before processing.

10. Children’s Privacy

Our Services are not directed to children under 13. We do not knowingly collect information from children. If you believe we have, please contact us for deletion.

11. International Transfers

If you are outside the United States, your information may be processed in the U.S. where privacy laws may differ. By using the Services, you consent to such transfer.

12. Changes to This Privacy Policy

We may update this Policy periodically. Material changes will be posted with a new “Last updated” date. Continued use of the Services after changes signifies acceptance.

13. Contact Us

For privacy questions, data requests, or A2P concerns:

Email: info@sattorigroup.com
Phone: (888) 845‑4126
Mail: Sattori Group, 6320 SW 8th St, West Miami, FL 33144

By using our Services, you acknowledge that you have read and understood this Privacy Policy.