Privacy Policy — How I Handle Your Information

Who operates this site

This site (crossguardadvisory.com) is operated by Vincent Oriolo, an independently licensed life and health insurance broker doing business as CrossGuard Private Benefits Advisory ("CrossGuard"). CrossGuard is a trade name; all insurance business under the CrossGuard name is conducted on Vincent Oriolo's personal license.

References to "I," "me," or "my" in this policy refer to Vincent Oriolo personally. References to "you" or "your" refer to the visitor or person submitting information through the site.

What information I collect

I collect information in two ways:

Information you provide

When you submit a form on this site (such as the lead form, contact form, or licensing-request form), I collect the fields you fill in. These typically include:

• Name
• Email address
• Phone number
• State of residence
• The topic of your inquiry and any free-text message you provide

Information collected automatically

When you submit a form, the following technical context is recorded alongside your submission:

• Your IP address (received from Cloudflare request headers)
• Your browser type and operating system (user agent string)
• The page URL you submitted from
• The page that referred you to this site, if any
• UTM and similar campaign-tracking parameters present in the URL
• The version of the disclosures and consent labels visible on the page at the moment of submission, recorded as a snapshot for compliance purposes
• The state of the affirmative consent checkboxes you selected

Outside of form submissions, this site uses Cloudflare Web Analytics, which is privacy-friendly and does not place tracking cookies or collect personal data. [REVIEW: confirm cookie inventory at launch]

Why I collect it

• To respond to your inquiry and conduct the consultation you requested
• To comply with insurance regulatory recordkeeping obligations imposed by state insurance departments and issuing carriers
• To verify the affirmative consent you provided at the time it was provided
• To prevent fraud and protect the integrity of the site (e.g., spam mitigation through Cloudflare Turnstile)

How I use it

I use the information you provide to follow up with you regarding your inquiry, to evaluate insurance options that may fit your situation, and to maintain the records required by applicable insurance regulations. I do not sell your information to third parties. I do not use your information for behavioral advertising on third-party platforms.

[REVIEW: confirm no retargeting / lookalike audience use of lead data now or planned]

Where it is stored

Form submissions are stored in Cloudflare D1 (a managed SQLite-compatible database hosted by Cloudflare, Inc.) located in regions that Cloudflare designates. D1 is the system of record for compliance recordkeeping at launch.

Who I share it with

I may share your information with the following categories of service providers, under contractual obligations to protect it:

• Cloudflare, Inc. — hosting, content delivery, web analytics, spam protection (Turnstile), and the D1 database that holds compliance records. Cloudflare receives the same information you submit and the technical context described above.
• [REVIEW: name the CRM provider once selected]
• [REVIEW: name the email notification provider once selected]
• [REVIEW: name the consultation booking tool once selected]
• The issuing insurance carriers and their underwriting partners, in connection with insurance applications you choose to submit
• State insurance departments and other regulators, in response to lawful regulatory requests
• My professional advisors (legal counsel, accountants), under confidentiality obligations

I do not sell your information. I do not share it with third parties for their own marketing purposes.

How long I keep it

Form submissions are retained for as long as required by applicable insurance regulations and for as long as is reasonably necessary to perform the services you requested.

[REVIEW: state the actual retention period (e.g., "X years from your last interaction with me, except where state regulation requires longer") and confirm with legal counsel before publication]

How it is protected

I take reasonable measures to protect the information you submit. Technical safeguards include encryption in transit (HTTPS), encryption at rest within Cloudflare's infrastructure, and access controls that limit administrative access to my Cloudflare account. The compliance export endpoint that allows me to retrieve records is protected by an authenticated bearer token rotated on a defined schedule.

No system is perfectly secure. If a breach occurs that affects your information, I will respond per applicable law.

[REVIEW: confirm breach notification language with counsel and align with state-specific breach laws]

Your rights

Depending on the state where you reside, you may have rights with respect to information I hold about you. These commonly include:

• The right to know what categories of information I hold about you
• The right to request access to specific information about you
• The right to request correction of inaccurate information
• The right to request deletion of your information, subject to exceptions for information I am required to retain by law
• The right to opt out of certain types of processing where applicable

To exercise these rights, contact me at [email protected]. I will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling certain requests.

[REVIEW: state-specific privacy notices (California CCPA/CPRA, Colorado, Virginia, Connecticut, Utah, others) need counsel determination — currently not licensed in CA so traffic may be limited but counsel should rule on this]

Children's information

This site is not directed to children under 13. I do not knowingly collect information from children under 13. If you believe I have collected information from a child under 13, contact me at [email protected] and I will delete it.

[REVIEW: confirm children's data language with counsel]

Visitors outside the United States

This site is operated from the United States and is intended for residents of the United States, specifically the states where Vincent Oriolo is licensed (see Licensing & Disclosures). I do not solicit business outside the United States.

[REVIEW: EU/UK/other-international visitor handling — counsel determination required]

Cookies and analytics

This site uses Cloudflare Web Analytics, which does not place tracking cookies and does not collect personal data such as IP addresses for analytics purposes. The lead form uses Cloudflare Turnstile to prevent spam, which may set a short-lived session token.

If advertising or behavioral-tracking pixels (Meta, Google, TikTok, etc.) are added in the future, this Privacy Policy will be updated, a separate Cookie Policy will be added, and a cookie consent mechanism will be introduced where required by law.

Do Not Track signals

Browsers offer a "Do Not Track" (DNT) signal. There is no industry consensus on how to interpret DNT, and this site does not currently change its behavior in response to DNT signals. The site does not engage in behavioral advertising regardless.

Changes to this policy

I may update this Privacy Policy from time to time. The version number and "Last updated" date at the top of this page reflect the current revision. Material changes will be reflected in a version increment and may be communicated through the site or other means.

The version of this policy in effect at the time of any form submission you make is recorded with that submission, so you can refer back to the exact wording you saw.

Governing law

[REVIEW: confirm governing-law state (New Jersey was used in the prior Terms scaffold) with counsel]

Contact

For privacy questions, requests to exercise your rights, or to report a suspected privacy concern:

• Email: [email protected]
• Mail: [REVIEW: mailing address — service-area business, no public office today; counsel may require a mailing address here]