Last Updated: 12 June 2026

Privacy Policy

1. Information We Collect

We collect several types of information to provide our services and make them better:

  • Personal Information: Your name, contact details (email, phone number), date of birth, and any other details you share to help us match you with a Medicare Advantage plan.
  • Health and Insurance Information: Details about your prescription drugs, health needs, and insurance preferences so we can recommend the right plans for you.
  • Technical Data: Your IP address, browser type, operating system, and how you use our website, so we can keep it running well and securely.
  • Communication Preferences: Your choices about how we contact you and what messages you receive from us or licensed agents.
  • Payment Information: If you make a purchase on our website, your payment details (like your card number and billing address) are collected and processed securely by Stripe, our third-party payment processor. We do not store or see your full card details.
  • Medicare Information: If you give us permission through the Centers for Medicare & Medicaid Services (CMS) Blue Button® program, we may collect your Medicare claims, coverage, eligibility, and prescription drug information from CMS to help us recommend and compare plans for you.

2. How We Use Your Information

We use your information to:

  • Match you with Medicare plans that fit your needs.
  • Connect you with licensed insurance agents who can help you enroll.
  • Personalize your experience on our website.
  • Improve how we recommend plans.
  • Follow the law and protect against fraud.
  • Process payments, manage subscriptions, and handle billing through Stripe.

3. Sharing Your Information

We do not sell your personal information. We may share it with:

  • Licensed Insurance Agents: To help you choose and enroll in a Medicare plan.
  • Service Providers: Trusted companies that help us run our website and services, including Stripe, which handles payments. Stripe's privacy practices are described in their Privacy Policy at https://stripe.com/privacy.
  • Legal Requirements: When required by law or to protect our rights and users.

Any service provider that receives your personal or health information may only use it to provide services to us. They are required by contract to keep your information private and secure.

4. Use of AI and Machine Learning

Our website may use artificial intelligence (AI) and machine learning to analyze the information you provide and suggest plans that may be a good fit for you. While AI helps make our recommendations more accurate, it is not a substitute for advice from a licensed agent. Always confirm plan details with an agent before making a final decision.

5. Data Security

We take strong steps to protect your information from unauthorized access, changes, or disclosure. This includes encrypting all data in transit and at rest. Our platform runs on AWS, which is SOC 2 certified, meaning it meets high standards for security and reliability. We follow HIPAA-compliant data handling practices and honor your rights under the California Consumer Privacy Act (CCPA) and its update, the CPRA. All payments are processed by Stripe, which meets PCI-DSS security standards. We do not store your full payment card details.

No online platform can be 100% secure. We encourage you to protect your login credentials and keep them private.

If a security incident affects your personal or health information, we will investigate quickly and take steps to reduce any harm. Where the law requires it, we will notify affected individuals and the appropriate authorities within the required timeframe.

We may notify you by email, postal mail, phone, in-app notification, or other reasonable means depending on the situation.

6. Your Privacy Rights and Choices

You have control over your personal information, including:

  • Access and Updates: You can ask to review or update the personal information we have on file for you.
  • Communication Preferences: You can change or opt out of communications from One & Done Smart Bids or your assigned agent at any time.
  • Data Deletion: You can request that we delete your personal data, subject to legal and operational requirements.

Medicare Data Access Revocation

If you revoke our access to your Medicare information through the CMS Blue Button® program, we will no longer be able to retrieve new Medicare claims, eligibility, or other Medicare-related information from CMS on your behalf.

Revoking access does not automatically delete information we already retrieved. Information we had before you revoked access may still be kept and used to provide services you have requested, including plan analysis, recommendations, account management, and other functions described in this Privacy Policy.

Dormant and Closed Accounts

Inactive accounts may be kept so users can come back and pick up where they left off without losing previously provided information.

You may request to delete your account at any time. When an account is deleted, we will delete or anonymize your personal and health information within a reasonable time, unless we are required to keep it for legal, tax, fraud prevention, security, or other compliance reasons.

Any data kept for these purposes will be secured and held only as long as needed.

7. De-Identified and Aggregated Information

We may create anonymized or summarized data from information we collect, including Medicare data from the CMS Blue Button® program.

Before using data this way, we remove or alter any details that could be used to identify you as an individual.

We may use this anonymized data internally to improve our products, run analytics, measure how well our services work, spot trends, develop new features, and support quality improvements.

We do not sell, license, or share anonymized Medicare-derived data with third parties for their own use.

8. CMS Blue Button Information

When you authorize access through the CMS Blue Button® program, your Medicare information is sent from CMS to One & Done Smart Bids at your request.

Once your information is shared with us, it is governed by this Privacy Policy, not by CMS. CMS is not responsible for how we handle your privacy or security.

You can revoke our access to your Medicare information through CMS at any time. This will stop us from pulling new Medicare data, but will not automatically remove information we already have unless you also request account deletion as described in this Privacy Policy.

9. Data Collection Technologies

We use the following technologies to run and improve our platform:

  • First-Party Cookies (Google Analytics): We use Google Analytics to collect anonymous, summarized data about how visitors use our platform, like which pages they visit and how long they stay. This helps us improve our services. We do not use third-party advertising or cross-site tracking cookies. You can opt out of Google Analytics using the Google Analytics Opt-out Browser Add-on.
  • Session Storage: We use browser session storage to temporarily hold non-personal data to improve platform performance. This data only exists during your browser session and is automatically cleared when you close the tab.

We do not use third-party cookies, advertising trackers, or any tracking technologies that require your consent under privacy laws.

10. Third-Party Links

Our website may include links to other websites. We are not responsible for how those sites handle your privacy, so we encourage you to review their privacy policies before sharing any information.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time as our services, legal obligations, or technology change.

If we make significant changes to how we collect, use, share, keep, or protect your information, we will let you know through email, in-app notifications, website notices, or other reasonable means.

Major changes take effect on the date shown in the updated policy. If you continue using our services after that date, it means you accept the updated policy.

12. Business Transfers

If One & Done Smart Bids is involved in a merger, acquisition, sale, or similar business transaction, your personal and health information may be transferred as part of that deal, as permitted by law.

If such a transaction would significantly change how your information is handled, we will notify you and provide any rights required by law before those changes take effect.

Any organization that receives your information in such a transaction will be expected to follow the commitments in this Privacy Policy unless they provide you with an updated policy.

13. Contact Us

If you have any questions about this Privacy Policy, please contact us through our website.