Privacy Policy

Updated 10.10.2025
PlanStan, LLC ("PlanStan," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, https://theplanstan.com, and our related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using our Services, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

We collect information in several ways to provide and improve our Services. Important Note: We are not a HIPAA-covered entity, and HIPAA regulations do not apply to our Services. Your health information is protected by our security measures and contractual obligations.

A. Information You Provide Directly to Us

  • Personal Information: When you register for an account, we collect personally identifiable information ("PII") such as your name and email address.
  • User Content ("Plan Data"): To provide the core functionality of the Services, we collect the health insurance plan documents you upload and any financial or usage assumptions you input.

B. Information We Collect Automatically

  • Usage and Log Data: Our servers automatically collect information when you access the Services, such as your IP address, browser type, operating system, access times, and the pages you have viewed.

C. Health Information

When you use our Services, you may provide health-related information including:

  • Age (year and month of birth)
  • Gender
  • General medical conditions
  • Expected healthcare utilization
  • Pregnancy status and family health planning
  • Other health profile information

If you provide information about dependents or other family members, you represent that you are authorized to do so and will inform them of this Privacy Policy.

This health information is particularly sensitive. We handle it with additional safeguards as described in Section 6.

2. How We Use Your Information

We use the information we collect for various purposes, including:

A. To Provide and Maintain Our Service: To create and manage your account, process your uploaded Plan Data, perform cost-analysis calculations, and provide customer support.

B. To Improve Our Services: To understand how users interact with our platform, to improve our models and algorithms, and to develop new features. This includes the use of anonymized and aggregated Plan Data.

C. To Communicate With You:

  • Transactional Communications: To send you critical service-related updates, security alerts, and administrative messages. You cannot opt out of these communications unless you delete your account.
  • Marketing Communications: We will only send marketing communications if you are an existing customer or if you explicitly opt-in during registration. You may opt out of receiving these communications at any time. We will never share your email with third parties for their marketing purposes.

D. To Enforce Our Terms and Comply with Law: To protect the rights and safety of our users and third parties, as well as our own.

E. Data Minimization and Purpose Limitation: We only collect information necessary for the purposes stated in this policy. We do not use your health information for advertising, nor do we sell or share it with data brokers.

F. Artificial Intelligence and Machine Learning: We use AI services to extract information from your insurance documents. We contractually prohibit our AI providers from using your content to train their models or for any purpose other than providing services to PlanStan. Providers may retain limited, access-controlled logs for abuse prevention and debugging for short periods consistent with their policies; we minimize the data we send and do not include more personal information than necessary. Your de-identified data may be used to improve our own models' accuracy, and we will not attempt to re-identify such data.

3. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to track the activity on our Service and hold certain information.

  • Essential cookies: Required for login sessions and security.
  • Analytics cookies: To understand usage patterns and improve the service (via Vercel Analytics).
  • Preference cookies: To remember your settings and preferences.

You can control cookies through your browser settings, though disabling them may limit the functionality of the Services. Our Services do not currently respond to "Do Not Track" signals.

4. Disclosure of Your Information

We do not sell or share your personal information as those terms are defined by applicable U.S. state privacy laws, and we do not use your information for targeted advertising or cross-context behavioral advertising. We may share information we have collected about you in certain situations described below.

A. With Third-Party Service Providers: We may share your information with third parties that perform services for us or on our behalf. Our third-party service providers include:

  • Anthropic: for AI document processing.
  • Vercel: for hosting and analytics.
  • Stripe: for subscription and payment management. Payments are processed by Stripe. PlanStan does not receive or store full payment card numbers.
  • Postmark: for communications.
  • Redis: for data caching and session management.
  • Webflow: for our marketing website.
  • Google Analytics: for website analytics.

These service providers process your data according to their own privacy policies and terms of service. We select service providers that maintain reasonable data protection practices. We may change our service providers from time to time without notice. We primarily process and store data in the United States. Some service providers may process data outside your state of residence; where they do, they maintain their own data protection safeguards.

B. By Law or to Protect Rights: We may disclose your information if required by law, subpoena, or government request, or if we believe in good faith that disclosure is necessary to protect our rights, prevent fraud, respond to an emergency, or protect the personal safety of our users or the public.

C. Business Transfers: In connection with a merger, sale of company assets, financing, or acquisition of all or a portion of our business to another company, your information may be transferred as a business asset. Any acquirer will be required to honor the promises we have made in this Privacy Policy with respect to your information, or we will obtain your consent before materially changing how your information is used. We will notify you via email and/or a prominent notice on our website of any change in ownership.

D. With Your Consent: We may disclose your personal information for any other purpose with your consent.

5. Your License Grant for Data

When you provide User Content to us, you grant PlanStan certain licenses as described in Section 7C of our Terms of Service.

In summary: You grant us a perpetual license to (i) Summary of Benefits and Coverage (SBC) documents and plan structure data you upload (these standardized documents do not contain personal health information), and (ii) de-identified and aggregated data that cannot be linked back to you. For any other content you provide, we receive only a limited license to provide the Services, which ends when you delete the content. We do NOT receive a perpetual license to your identifiable personal health information, family member data, or health condition information—these are deleted according to the retention periods in Section 7 of this Privacy Policy.

We will not attempt to re-identify any de-identified or aggregated data.

For complete details about the scope and terms of the data license, please see Section 7C of our Terms of Service.

6. Data Security

We use administrative, technical, and physical security measures to help protect your personal information. For health information specifically, we:

  • Encrypt data at rest using AES-256.
  • Encrypt data in transit using TLS 1.2+.
  • Limit access to employees who need it for service provision.
  • Conduct regular security assessments.

A. Health Breach Notification: In the event of a breach of your health information, we will notify you without unreasonable delay and in no case later than 60 calendar days after discovery. If a breach involves 500 or more individuals, we will also notify the Federal Trade Commission without unreasonable delay and, where required, prominent media outlets. These obligations are required by the FTC Health Breach Notification Rule (16 CFR Part 318).

7. Data Retention Periods

We retain your information for specific periods:

  • Account data: Duration of your active account + 90 days.
  • Health information: Duration of your active account + 90 days.
  • SBC documents and plan structure data: Retained indefinitely under our perpetual license (as described in Section 5 and Terms Section 7C). These standardized documents do not contain your personal health information.
  • Other uploaded documents: Duration of your active account + 90 days.
  • De-identified/aggregated data: Indefinitely. We retain de-identified data indefinitely for: (i) product improvement, (ii) compliance with legal obligations, (iii) establishment or defense of legal claims, and (iv) legitimate business interests in developing industry insights.
  • Marketing data: Until you opt-out + 30 days for processing.
  • Security logs: 12 months.
  • Backups: Deleted data may persist in encrypted backups for up to 90 days before being permanently deleted as part of our routine backup rotation.
  • Transaction records: We retain billing and transaction records as required by tax, accounting, and legal obligations (generally up to 7 years).

8. Your Privacy Rights

You have certain rights regarding your personal information:

  • Access: You may request a copy of the personal information we hold about you.
  • Correction: You may request that we correct any inaccurate personal information.
  • Deletion: You may request deletion of your personal information, subject to our legal retention obligations and the data retention periods specified in Section 7.
  • Portability: You may request your data in a portable format where technically feasible.
  • Opt-Out: You may opt out of marketing communications at any time by following the unsubscribe instructions in those emails or by contacting us directly.

Some jurisdictions provide residents with additional privacy rights under applicable state laws. If such laws apply to you and to our processing of your information, you may have additional rights as provided by those laws.

How to Exercise Your Rights: To exercise any privacy rights, contact us at stan@theplanstan.com with:

  • Your account email address.
  • The specific right you wish to exercise (e.g., access, deletion).
  • Any information needed to verify your identity.

9. Children's Privacy

Our Services are not intended for use by individuals under the age of 18, and we do not knowingly collect personal information from children under 13 in compliance with the Children's Online Privacy Protection Act (COPPA).

If you are under 18, you may not use the Services. If you are a parent or guardian and believe your child under 13 has provided us with personal information, please contact us immediately at stan@theplanstan.com, and we will delete such information as quickly as possible.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we do, we will bring it to your attention by placing a notice on the Site, by sending you an email, and/or by some other means, and we will update the "Last Updated" date at the top of this policy. If you don't agree with the changes, you are free to reject them; unfortunately, that means you will no longer be able to use the Services. If you use the Services in any way after a change to the Privacy Policy is effective, that means you agree to all of the changes.

11. Third-Party Websites

Our Services may contain links to third-party websites. We are not responsible for the privacy practices of these external sites. We encourage you to review their privacy policies.

12. Contact Us

If you have any questions about this Privacy Policy, please contact us at:

PlanStan, LLC
228 Park Ave S, Suite 258824
New York, NY 10003
Email: stan@theplanstan.com

Stop Leaving Money on the Table
This open enrollment period is your chance to get this right. Don't guess. Don't default. Don't ask around.
See My Cheapest Plan
See My Cheapest Plan
Main logo link that leads to home page
Important: PlanStan provides educational analysis and information about US-health insurance options. We are not licensed insurance agents or advisors. We do not provide insurance advice or recommendations. Our analysis is for informational purposes only to help you understand your options. Always consult with qualified insurance professionals for personalized advice. PlanStan does not guarantee any specific outcomes or savings.
Contact & Legal
stan@theplanstan.comTerms of ServicePrivacy Policy