Brella Privacy Policy

Effective date: 12/04/2020

Brella Insurance, Inc. (“Brella”) provides modern supplemental insurance benefits (the “Services”), powered by smart technology, for employers looking to offer a simple, comprehensive supplemental benefit to employees and their families.

Brella respects your privacy and is committed to protecting your personal information. This Privacy Policy describes our information practices and the choices you can make about the collection and use of information you submit, or we collect through our websites (www.joinbrella.com), our mobile websites, our applications or any of our other online tools. These sites, applications and tools owned and operated by Brella are collectively referred to as the “Websites” or “Services” in this policy. This Privacy Policy will also inform you of your privacy rights, and how the law protects you.

This Privacy Policy includes links to help you navigate through the document. Use the links below to skip to any section. Feel free to print the Policy or to request a PDF version, email us at privacy@joinbrella.com.

  1. Important Information and Who We Are
  2. The Information We Collect About You
  3. How Your Information Is Collected
  4. How We Use Your Information
  5. Cookies and Tracking Technologies
  6. Your Choices
  7. Disclosures of Your Information
  8. International Transfers
  9. Data Security
  10. Notices of Information Privacy

Purpose of this Privacy Policy

This Privacy Policy aims to give you information on how Brella collects and processes your personal information through the use of our Services, including any data you may provide through the use of the Services when you sign up, create an account, submit an application, generate a proposal, add beneficiaries, shop benefits, file a claim, subscribe to notices, request additional information, request support, apply for an open position, purchase our services, comment on our social media, or contact us by phone, email, social media, post or through a Contact-Us form.Please note that Brella’s Services are directed to adults, and are not intended for children under 18 years of age. Adult members managing accounts or coverage for children under 18 may upload or manage the minor's data as appropriate, however, no one under the age of 18 years may provide any information to or on Brella’s Websites or services without parental or guardian consent and oversight. If you are under 18, do not use or provide any information via Brella’s Services, or via any of features, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from, or about a child under 18 without parental consent, please contact us.It is important that you read this Privacy Policy together with any other privacy notice we may provide on specific occasions when we are collecting or processing personal information about you so that you are fully aware of how and why we are using your information. This Privacy Policy supplements other privacy notices and is not intended to override them.

Security Offer

Brella Insurance, Inc. has appointed a Security Officer who is responsible for overseeing questions in relation to this Privacy Policy. If you have any questions about this Privacy Policy, including any requests to exercise your privacy rights, please contact the Security Officer using the details set out below.

Contact Details

If you have any questions about this Privacy Policy or our privacy practices, please contact our Security Officer in the following ways:

Full name of legal entity:
Brella Insurance Inc.
Email Address:
privacy@joinbrella.com
Postal Address:
2093 Philadelphia Pike,
#2496
Claymont, DE 19703

Changes to the Privacy Policy

Brella keeps our Privacy Policy under regular review. This version was last updated on December 4, 2020. Historic versions can be obtained by contacting us.

Third-Party Links

Brella Websites and Services may include links to third-party websites, plug-ins and applications. Clicking on those links or enabling those connections may allow third parties to collect or share data about you. We do not control these third-party websites, and are not responsible for their privacy statements. When you leave our Website or services, we encourage you to read the privacy policy of every website you visit.

Personal information means any information about an individual from which that person can be identified. It does not include data where the identity has been removed (anonymous data). When you use our Services, you are contracting with Brella. By using our Services, you expressly consent to the collection, use, disclosure and retention of your information or any personal information you provide on behalf of another individual as described in this policy.

We may collect, use, store and transfer different kinds of personal information about our visitors, customers, brokers, agents, insuring employers, insured employees, applicants, claimants, etc. which we have grouped together as follows.

Identity Data

Includes first name, maiden name, last name, middle name, suffix, signatures, social security number, date of birth, national producer number (brokers, producers and agents), username, account name, passwords or other similar identifiers.

Contact Data

Includes postal address, billing address, email address and telephone numbers.

Sensitive Personal Information

Includes insurance policy number, certificate identifiers, member identifiers, medical information, health or other insurance information, claim information, age, gender, disability status, familial status, marital status, medical condition or other health and treatment related information; ethnicity (voluntary for career applicants); sex (voluntary for career applicants - including gender, gender identitiy, gender expression, etc.).

Financial Information

Includes financial information, financial status, payment processing information or other bank information used to process payments.

Transaction Information

Includes details about payments to and from you and other details of products and services purchased or transacted with us.

Commercial Information

Includes records of products, features, services purchased or considered, and other purchase preferences, histories, tendencies.

Geo-Location Information

We may request access or permission to and track location-based information from your mobile device, either continuously or while you are using the Application, to provide location-based services. If you wish to change our access or permissions, you may do so in your device’s settings. Includes records of treatment locations, location information while using our applications, proximity to treatment facilities.

Mobile Device Access

We may request access or permission to certain features from your mobile device, including your mobile device’s [bluetooth, calendar, camera, contacts, microphone, reminders, sensors, SMS messages, social media accounts, storage,] and other features. If you wish to change our access or permissions, you may do so in your device’s settings.

Mobile Device Data

Device information such as your mobile device ID number, model, and manufacturer, version of your operating system, phone number, country, location, and any other data you choose to provide.

Push Notifications

We may request to send you push notifications regarding your account or the Application. If you wish to opt-out from receiving these types of communications, you may turn them off in your device’s settings.

Technical Data

Includes internet protocol (IP) address, login data, browser type and version, device information, operating system, platform, browsing history, search history, and other information about your interaction with Services, online applications and advertisements.

Professional and Employment Related Information

Includes job title, employment status, employer information, employment history, compensation, education and other career information,

Usage and Profile Information

Includes information about how you use our Website, applications and Services, purchases made, quotes submitted, interests, feedback, survey responses, comments and other content you choose to provide

Marketing and Communications Data

Includes your preferences in receiving marketing from us and our third parties and your communication preferences

Aggregated Data

We also collect, use and share Aggregated Data such as statistical or demographic data for any purpose. Aggregated Data could be derived from your personal information, but is not considered personal information as this data will not directly or indirectly reveal your identity. For example, we may aggregate your Usage Data to calculate the percentage of users accessing a specific Service feature. However, if we combine or connect Aggregated Data with your personal information so that it can directly or indirectly identify you, we treat the combined data as personal information which will be used in accordance with this Privacy Policy.

Information About Others

Employers, brokers and agents, their designees, members, etc. may submit or upload information on behalf of other people to process proposals, applications, accounts, etc. for Brella products and services, and this information may contain personal information. By submitting personal information on behalf of someone else to us, you represent and confirm that you have obtained appropriate, lawful consent to do so.

If You Fail to Provide Personal Information

Where we need to collect personal information under the terms of service, terms of a contract we have with, or are entering into with you, or by law, and you fail to provide that information when requested, we may not be able to perform the contract we have or are trying to enter into with you (for example, to provide you with Services). In this case, we may have to cancel a Service you have with us, but we will notify you as appropriate if this is the case at that time.

We use different methods to collect information from and about you including through:

Direct Interactions

You may give us your Personal Information by creating an account with us, filling in forms or by corresponding with us by post, phone, email or otherwise. This includes personal information you provide when you create an account, apply for an appointment, submit an application, request/accept a quote, review or enroll for services, filing claims, participate in any interactive features of our Services (e.g., posting, sharing, sending and receiving comments through our Services), fill out a form, make a purchase, apply for a job, communicate with us via third party social media sites, request customer support or otherwise communicate with us.

Interactions on your behalf

Authorized brokers, agents, employers or members may give us your personal information when submitting applications, requesting quotes, setting up accounts, reviewing or enrolling for services, filling in forms, requesting support, filing claims or otherwise corresponding with us.

Automated Technologies or Interactions

As you interact with our Website, applications and Services, we will automatically collect Technical Data about your equipment, its location, your browsing actions and patterns. We collect this personal information by using cookies, server logs and other similar technologies. We may also receive Technical Data about you if you visit other websites employing our cookies. Please refer to our Cookies and Tracking Technologies section below for further details.

Third parties or Publicly available Sources

We may receive personal information about you from various third parties and public sources including those set out below:

  • Technical Data from the analytics providers and advertising networks.
  • Contact, Financial and Transaction Data from providers of transaction and payment services
  • Identity and Contact Data from mailing list providers
  • Identity and Contact Data from providers of identity verification services
  • Identity, Professional, Employment and Contact Data from recruiting agencies
  • Identity and Contact Data from social media networks
  • Identity and Contact Data from publicly available sources

We will only use your personal information when the law allows us to. Most commonly, we will use your personal information in the following circumstances:

  • Where we need to deliver our services, perform the contract we are about to enter into or have entered into with you.
  • Where it is necessary for our legitimate interests (or those of a third party), and your interests and fundamental rights do not override those interests.
  • Where we need to comply with a legal obligation.

Purposes for Which We Will Use Your Personal Information

We have set out below, in a table format, a description of all the ways we plan to use your personal information, and the purposes for which we do so.

Use of Data
Type of Information
Purpose of Using Personal Information

To process your application for Appointment and set up broker or agent accounts

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To authorize broker or agent in the sale of insurance products, and deliver products to you.

To register you as a new customer and set up employer account

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To support employer member enrollment and account management.

To process and set up member enrollment

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To support member enrollment and account management.

To process proposals and quotes

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To support processing requested proposals for service, etc.

To process and deliver Services and claims

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To support requests for coverage and compensation for a covered loss

To process payments and transactions including:
(a)Manage payments, commissions, etc.
(b) Collect fees

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you.

To satisfy or recover debts

To make suggestions and recommendations to you about services, offers, promotions, events and content that may be of interest to you

• Identity Data
• Contact Data
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

To develop our Services and grow our business

To manage and maintain our relationship with you which includes notifying you about changes to our Services, terms of use or our privacy policies

• Identity Data
• Contact Data
• Transaction Data
• Usage and Profile Information
• Marketing and Communications Data

Delivery of our Services, or performance of a contract with you to inform you of any changes to our terms and conditions

To administer and protect our business, our Services and applications (including troubleshooting, data analysis, testing, system maintenance, support, reporting and hosting of data)

• Identity Data
• Contact Data
• Technical Data

Necessary for running our business, provision of administration of accounts, network security, to prevent fraud and, in the context of a business reorganizations or group restructuring organization.

Necessary to comply with legal obligations

To deliver relevant content, advertisements, marketing material, promotional offers, product recommendations to you and to measure or understand the effectiveness of the advertising we serve to you

• Identity Data
• Contact Data
• Technical Data
• Usage and Profile Information
• Marketing and Communications Data

To study how customers use our Services to further develop them, grow our business and to inform our marketing/business strategy.

To send you communications, including marketing communications to form a view on what we think you may want or need, or what may be of interest to you.

To decide which services, offers, promotions, rewards, and events that may be relevant for you.

To use data analytics to improve our Services, applications, marketing, customer relationships and experiences

• Technical Data
• Usage and Profile Information

To define customer types for our Services, to keep our Website updated and relevant, to develop our business and to inform our marketing strategy

To communicate with you by email, text, social media messaging, social media posting or any other communication mechanism that you choose.

• Identity Data
• Contact Data
• Technical Data
• Marketing and Communications Data

To reply to communications sent to us and for customer relationship management purposes

Provide you with support on our Services

• Identity Data
• Contact Data
• Sensitive Personal Information
• Financial Information
• Transaction Data
• Commercial Information
• Professional or Employment Information
• Technical Data
• Usage and Profile Information

Delivery of our Services, or performance of a contract with you, and provide product and service support.

To respond to inquiries related to marketing content, employment opportunities, etc.

• Identity Data
• Contact Data
• Professional or Employment Information
• Technical Data
• Marketing and Communications Data

To reply to inbound requests for information and other interactions.

Opting Out

You will receive marketing and promotional offer communications from us if you have requested information from us, or purchased Services from us and you have not opted out of receiving that marketing. You can ask us to stop sending you marketing messages at any time by following the opt-out links on any marketing message sent to you or by contacting us at any time. Where you opt out of receiving these marketing messages, this will not apply to personal information provided to us as a result of purchasing or using our Services, a Service support experience or other transactional communications.

Policy for Children

We do not knowingly solicit information from or market to children under the age of 13. If you become aware of any data we have collected from children under age 13, please contact us using the contact information provided below.

Controls for Do-Not-Track Features

Most web browsers and some mobile operating systems [and our mobile applications] include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. No uniform technology standard for recognizing and implementing DNT signals has been finalized. As such, we do not currently respond to DNT browser signals or any other mechanism that automatically communicates your choice not to be tracked online. If a standard for online tracking is adopted that we must follow in the future, we will inform you about that practice in a revised version of this Privacy Policy.

Cookies are small text files that are placed on your computer or device by the websites that you visit. They are widely used to make websites work more efficiently as well as to provide information to the owners of the site. When you use and access Brella’s websites and services, we may place a number of cookie files in your web browser. We use these cookies for the following purposes:

  • To enable certain functions of the website and services
  • To provide analytics
  • To store your preferences

Brella and our business partners may use cookies and other automatic data collection technologies to collect certain information about your equipment, browsing actions and patterns including:

  • Details of your visits to our Websites, Services and applications including traffic data, location data, logs, and other communication data and the resources that you access and use.
  • Information about your computer, device and internet connection, including your IP address, operating system, platform, browser type, etc.

The technologies we use for this automatic data collection may include:

  • Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our sites or Services. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Websites.
  • Flash Cookies. Certain features of our Website may use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies.
  • Web Beacons. Pages of our the Website and emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit us, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

In addition, some content or applications on the Website may be served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or in conjunction with web beacons or other tracking technologies to collect information about you when you use our Websites. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content.

We do not control these third parties' tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly as they may provide you with ways to choose not to have your information collected or used in this way.

You can set your browser to refuse all or some browser cookies, or to alert you when websites set or access cookies. If you disable or refuse cookies, please note that some parts of this Website may become inaccessible or not function properly.

If you would like to delete cookies, or configure your web browser to delete or refuse cookies, please visit the help pages of your specific web browser.

Chrome web browser:

Google Chrome Support

Internet Explorer web browser:

Internet Explorer Support

Microsoft Edge web browser:

Edge Support

Mozilla Firefox web browser:

Firefox Support

Opera web browser:

Opera Help

Apple Safari web browser:

Safari User Guide

For any other web browser, please visit your browser’s official web pages. To opt out of being tracked by Google Analytics across all websites, visit the GA Opt-out page. If you are based in the United States you can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website at http://optout.networkadvertising.org. If you are based in the European Union you may visit the website of the European Interactive Digital Advertising Alliance (“EIDAA”) at https://www.edaa.eu as well as of the European Advertising Standards Alliance (“EASA”) at http://www.easa-alliance.org.

You can learn more about cookies on the AllAboutCookies, AboutCookies.org and Network Advertising Initiative websites.

You can opt-out of notifications from Brella by following the instructions included within the notices, or contacting us directly at privacy@joinbrella.com. You may not opt-out of administrative or transactional emails (e.g. emails about transactions, policy changes, etc.) for your Services, accounts, etc.

For more information about your privacy choices supported under federal or state laws, refer to relevant Notices of Information Privacy appropriate to your situation.

We may share your personal information with the parties set out below for the purposes set out in the How We Use Your Information section and table above. We require all third parties to respect the security of your personal information and to treat it in accordance with the law.

Brella Partners

We may share the information we collect about you with Brella partners including Greenhouse Life Insurance Company. The information may be disclosed to provide joint content and our services (e.g. registration, appointment, transactions, underwriting, etc.).

Service Providers and Other Third-Parties

We may disclose your information to service providers under contract who help with our business operations and Services such as, but not limited to:

  • Service providers acting as processors who provide Information Technology, payment processing, Cloud Services, Analytics, system development and operations or administration services.
  • Professional advisers acting as processors or joint controllers inducing lawyers, bankers, auditor and insurers who provide consultancy, legal, accounting, engineering, development and accounting services. (such as, but not limited to, application and benefit enrollment services, policyholder or certificate holder claims processors, etc.).

We require all third parties to respect the security of your personal information and to treat it in accordance with the law. We do not allow our third-party service providers to use your personal information for their own purposes and only permit them to process your personal information for specified purposes and in accordance with our instructions.

Change of Control - New Owners

We may use, or disclose the personal information we collect to evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us about our Service users or consumers is among the assets transferred. Should such a change of control occur, we will make reasonable efforts to request that the new entities follow this Privacy Policy, or materially similar policies with respect to your personal information, and, if your personal information would be used contrary to this policy, we will request that the new entity provide you with prior notice.

Other Entities per Your Instruction and Consent

You may have opportunities to express interest in or register for other services through our Websites or Services. When you do, or when you explicitly ask us to send your information, we will provide information about you to those third-parties, or parties working on their behalf, to implement your request.

Social Media Disclosure

Our Websites or Services may include Social Media features, such as ‘Follow’ or ‘Share’ buttons. These features may collect your IP address, which page you are visiting on our Websites, and may set a cookie to enable the features to function. Social Media features are either hosted by a third party, or hosted directly on our Websites. Your interactions with these features are governed by the privacy policies of the companies providing them.

Legal, Regulatory and Law Enforcement

We may disclose the personal information we collect to respond to law enforcement requests and as required by applicable law, court order or governmental regulations. Law enforcement, governmental agencies, or authorized third-parties, including but not limited to inspections, reviews, and in response to a verified request relating to a criminal investigation or alleged illegal activity or any other activity that may expose us, you, or any other Brella user to legal liability. In this regard, we may share your information with third parties in response to a subpoena, court order, search warrant, other legal process and/or to others as required or permitted by law. In such events, we may disclose information relevant and necessary to the inspection, investigation or inquiry.

We largely operate in the United States (“U.S.”), and therefore, if you reside outside of the U.S. you understand and agree that your personal information may be transferred to, stored or processed in, the U.S. by us and our third party hosting providers. Furthermore, you understand that U.S. law may not afford the same level of protection to personal information as those afforded in your country. Personal information may be transferred for the performance of a contract or as required for the implementation of pre-contractual measures taken at your request or to establish or exercise our legal rights.

We maintain technical, physical, and administrative security measures designed to protect the security of your personal information against loss, misuse, unauthorized access, disclosure, or alteration. Some of the safeguards we use are firewalls, data encryption, physical access controls to our data centers and information access authorization controls. In addition, we limit access to your personal information to those employees, agents, contractors and other third parties who have a business need to know. They will only process your personal information on our instructions, and they are subject to a duty of confidentiality. It is your responsibility to make sure that your personal information is accurate and that your password(s) and account registration information are secure and not shared with third parties.

No method of transmission over the Internet, method of processing, or method of electronic storage, is 100% secure, therefore, we cannot guarantee its absolute security. We have put in place procedures to deal with any suspected personal information breach and will notify you and any applicable regulator of a breach where we are legally required to do so. Notice will be given promptly, consistent with the legitimate needs of law enforcement and any measures necessary for Brella or law enforcement to determine the scope of the breach and to assure or restore the integrity of the data system. Brella may delay notification if Brella or a law enforcement agency determines that the notification will impede a criminal investigation, unless and until Brella or the agency determines that notification will not compromise the investigation. If you have any questions about the security of your personal information, please contact us.

Health Insurance Portability and Accountability Act (HIPAA) Privacy Notice

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule supports individuals rights to receive a notice that describes (i) how their individual health information, personal information and other protected health information (PHI) may be used and/or disclosed, (ii) their privacy rights with respect to their PHI, and (iii) Brella’s obligations with respect to that information. Brella is committed to maintaining compliance with the HIPAA Rules to safeguard PHI, including the Privacy Rule.

Please click the following to view Brella’s HIPAA Notice of Privacy Practice.

Other Notices of Information Disclosure

Under the Gramm-Leach-Bliley Act (GLBA), insurers and agents must provide additional relevant personal information disclosures. See our policy.

California Privacy Rights

California Civil Code Section 1798.83, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year. If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.

If you are under 18 years of age, reside in California, and have a registered account with the Application, you have the right to request removal of unwanted data that you publicly post on the Application. To request removal of such data, please contact us using the contact information provided below, and include the email address associated with your account and a statement that you reside in California. We will make sure the data is not publicly displayed on the Application, but please be aware that the data may not be completely or comprehensively removed from our systems.