Privacy Policy

CHL Insurance Solutions, LLC

Effective Date: April 30, 2026

1. Introduction

This Privacy Policy outlines how CHL Insurance Solutions, LLC (“Company,” “we,” or “us”) handles your personal information on our website, https://www.chlinsurancesolutions.com (“Website”), through our social media presence (e.g., Facebook Business Page, Instagram Profile, LinkedIn Company Page), our Yelp Business Profile, our Google Business Profile, our Google Appointment Calendar, and through our services (“Service”).

As a licensed health and life insurance agency, we are committed to protecting your privacy and ensuring your data is handled responsibly and in compliance with all applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

2. Definitions

Company: CHL Insurance Solutions, LLC, is a non-governmental Licensed Insurance Agency (FL Producer: L131407; GA Producer: 241106) and is operated solely by Justin Tomlin, an Independent Licensed Insurance Sales Representative (FL Producer: W960118; GA Producer: 3760385). We are located at 5950 NW 1st Pl, Ste 110, Gainesville, FL 32607.

Website: https://www.chlinsurancesolutions.com, where we provide educational content and information related to health insurance options, Medicare, ACA Marketplace, supplemental health coverage, and life insurance products. Our Website is hosted by Bluehost, Inc. and powered by WordPress.

Service: Educational content, general guidance, and information support regarding health insurance options, including Medicare, ACA Marketplace, supplemental health coverage, and life insurance (including term life and whole life). We also provide appointment scheduling and contact services to discuss insurance topics.

You: Any individual visiting our Website or using our Service.

Fraud: Any intentional misrepresentation, concealment, or omission of a material fact used to obtain an insurance benefit or payment that would not have been available otherwise. This includes the misuse of personal information or the submission of false claims or applications for enrollment.

3. Information Collection and Use

We collect personal information, such as your name, contact details, and other information you voluntarily provide, for the purposes of assisting with your inquiries about health and life insurance options, scheduling appointments, and providing educational content and general guidance.

This information is collected through various methods, including:

  • Forms on our Website
  • Phone conversations
  • In-person meetings
  • Google Calendar Appointment Schedule booking form
  • Interactions on our social media pages (direct messages, comments, lead forms on Facebook, Instagram, or Linkedin)
  • Interactions with our Google Business Profile and Yelp Business Profile (direct messages, review responses)

The specific purposes for which we collect and use your information, along with your explicit authorization, will be detailed in consent forms presented to you at the time of collection.

3.1 Automatically Collected Information (Website Analytics)

When you visit our Website, we automatically collect certain non-personal information through third-party analytics services, such as Google Analytics. This data includes:

  • Information about your device, browser type, and IP address
  • Pages viewed and time spent on the Website
  • The path you take through our site

This information is used solely in an aggregated and anonymous form to understand website traffic, analyze trends, and improve the functionality and design of our Website.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

3.2 Website Hosting and Service Providers

Our Website is hosted by Bluehost, Inc. (“Bluehost”) and powered by WordPress. Bluehost collects certain technical and usage data as part of website hosting and content delivery services, including IP addresses, device information, browser type, and pages accessed. Bluehost acts as a service provider and processes data in accordance with applicable privacy laws. For more information on Bluehost’s data practices, please refer to Bluehost’s Privacy Policy at https://www.bluehost.com/privacy-policy.

Our Website may utilize WordPress plugins and third-party integrations for functionality such as contact forms, appointment scheduling, and analytics. Any plugins that collect or process personal information are selected and configured to comply with applicable privacy laws. We review plugin data practices prior to implementation.

We also use Google Workspace for email, contact forms, document management, and the Google Calendar Appointment Schedule. All personal information collected through these Google services is processed in accordance with our Business Associate Agreement with Google and our HIPAA compliance measures outlined in Section 6.

3.3 Website Forms and Explicit Consent

When you submit personal information through our Website (contact forms, appointment scheduling, inquiry forms), you are providing explicit consent for us to:

  • Process your request and provide the service you requested (e.g., scheduling, educational content delivery, general guidance)
  • Contact you via phone, email, or text message regarding your request or related insurance information and education
  • Retain your information for service delivery and regulatory compliance (see Section 10)

By submitting a form, you acknowledge that you have read this Privacy Policy and consent to these uses. You may withdraw consent for marketing communications at any time by contacting us (see Section 18). All forms include checkboxes or statements indicating your understanding of these uses and requesting your affirmative consent before submission.

4. Data Security and Fraud Prevention

While no online transmission or storage method is completely secure, we implement reasonable administrative, technical, and physical safeguards designed to protect your personal data from unauthorized access, loss, or misuse. This includes adhering to strict guidelines and industry best practices.

4.1 Breach notification

In the event of a security breach affecting your personal data, we will notify affected individuals without unreasonable delay and in compliance with all applicable state and federal notification laws, typically within thirty (30) days of discovery. Such notification will include information about the nature of the breach and steps you should take to protect yourself.

4.2 Fraud Prevention and Reporting

We prioritize safeguarding your personal information, handling it with the utmost care and in accordance with applicable privacy regulations. We are committed to promptly reporting any instances of suspected fraud to the appropriate state and federal agencies.

5. Legal Bases for Data Processing

We process your personal information based on one or more of the following legal bases:

  • Consent: When you explicitly consent to our processing of your data for specific purposes (e.g., appointment scheduling, contact/inquiry assistance, educational communications)
  • Contractual Necessity: When processing is necessary to provide you with the services you have requested (e.g., scheduling appointments, responding to inquiries)
  • Legal Obligation: When we are required by law to process your information (e.g., HIPAA, state laws)
  • Legitimate Interests: When processing serves our legitimate business interests in a way that does not override your fundamental rights (e.g., website analytics and fraud prevention)

6. Use of Google Workspace & HIPAA Compliance

CHL Insurance Solutions leverages the robust security infrastructure of Google Workspace for our digital operations, including email, contact forms, document management, and the Google Calendar Appointment Schedule. As part of our commitment to HIPAA compliance, we have a Business Associate Agreement (BAA) (Effective: September 6, 2022) with Google, which establishes the responsibilities of both parties in protecting Protected Health Information (PHI).

Google acts as a Business Associate under our BAA and provides the infrastructure only; we control data access, encryption, and configuration. Google does not use our data for artificial intelligence training, marketing purposes, or any other unauthorized use per our BAA terms. We diligently configure and manage our Google Workspace services (such as Gmail, Drive, Forms, etc.) in accordance with HIPAA Security Rule requirements, implementing strict access controls, data encryption, and regular auditing to ensure the privacy and security of your information at all times.

Contact form submissions received through this Website are routed to and stored within this BAA-covered Google Workspace environment. The contact form itself does not collect Protected Health Information (PHI), and no PHI is transmitted through the form submission process.

6.1. Google Calendar Appointment Scheduling

When you book an appointment using our Google Calendar appointment scheduling tool (accessible through our Website or shared calendar link), the following information may be collected:

  • Name, email address, phone number
  • Appointment date, time, and reason/topic
  • Any additional notes you provide when scheduling

This appointment information is stored in Google Calendar and is processed under our Business Associate Agreement with Google. Google does not use this information for marketing, artificial intelligence training, or any unauthorized purposes per our BAA terms. We retain appointment records in accordance with Section 10 (Data Retention), and you may request access to, correction of, or deletion of your appointment information at any time by contacting us (see Section 18).

6.2. Website Content Form Submissions

When you submit a request through the contact form on our Website, the following information may be collected:

  • Name
  • Email and/or Phone Number (your preferred contact method)
  • Your question or message

This information is used solely to respond to your inquiry and schedule a consultation at your request. It is not used for automated marketing, sold to third parties, or shared with insurance carriers without your explicit written consent.

Contact form submissions are received via our HIPAA-compliant Google Workspace email environment and retained in accordance with Section 9 (Data Retention). No health information is collected through this form.

You may request deletion of your submitted information at any time by contacting us directly.

For information on how submitted data is stored and protected, see our HIPAA Compliance section above. deletion of your submitted information at any time by contacting us directly.

6.2.1. Scope of Appointment (SOA)

If you are interested in discussing Medicare Advantage (Part C) or Prescription Drug Plans (Part D), federal regulations require that a Scope of Appointment (SOA) form be completed prior to our meeting. The SOA documents the specific Medicare product types you have agreed to discuss and is required under 42 CFR §§ 422 and 423.

The SOA is not an application for coverage and does not commit you to enrolling in any plan. SOA records are retained for a minimum of ten (10) years in accordance with CMS requirements. SOA forms are transmitted and stored through our HIPAA-compliant Google Workspace environment.

If you are seeking assistance with an ACA Marketplace plan, we are required to obtain your consent before accessing your application or enrollment information through the Federal Marketplace (HealthCare.gov). This consent authorizes CHL Insurance Solutions, LLC to act as your authorized representative or assisting agent for the purpose of enrollment assistance only.

For Florida and Georgia residents, this consent is obtained in accordance with applicable state and federal guidelines governing Marketplace assisters and licensed agents. Consent may be revoked at any time by contacting us directly or by updating your authorized representative designation directly through your HealthCare.gov account.

No Marketplace consent form grants us authority beyond enrollment assistance — we do not have access to your tax information, immigration status, or any other sensitive data held by the Federal Marketplace beyond what is necessary to assist with your coverage application.

7. Information Sharing with Third Parties

We protect your information, sharing it only when necessary and in limited circumstances. We do not sell, rent, or share your personal information with third parties for marketing purposes.

When providing enrollment assistance or plan-related services for health, Medicare, or life insurance products, we may share information with insurance carriers and third-party enrollment platforms as necessary to process your application or enrollment. Any such sharing will only occur with your explicit written consent and will be governed by applicable carrier data processing terms.

We may also share information with:

  • Our legal and compliance advisors
  • Law enforcement or government agencies, if required by law

7.1. Social Media Platforms, Yelp Business Profile, and Google Business Profile

We maintain a presence on social media platforms, including Facebook, Instagram, and LinkedIn, as well as a Yelp Business Profile and Google Business Profile. When you interact with our profiles or send messages on these platforms, the respective platform provider (e.g., Meta for Facebook and Instagram; LinkedIn Corporation for LinkedIn; Google for Google Business Profile; Yelp for Yelp Business Profile) collects certain data about your interactions.

Platform Data & Metadata: The platforms themselves collect data related to your usage and interactions, such as metadata (e.g., who you communicate with, when, how often, device information), profile information, and aggregated insights (e.g., Facebook Page Insights, Instagram Insights, LinkedIn Page Analytics, Google Business Profile Insights, Yelp Business Insights). For Facebook Page Insights, CHL Insurance Solutions, LLC and Meta are joint controllers of this data.

Our Use of Platform Data: While we do not have direct access to identifiable personal data collected by these platforms for their insights, we utilize aggregated, anonymized data to understand how users interact with our presence and improve our content and services.

Personal Information via Direct Messages: When you provide personal information to us via direct messages on social media platforms (e.g., through a Facebook, Instagram, or LinkedIn direct message, or a message via Yelp), we will transfer that information to secure HIPAA-compliant channels (email, contact forms, or phone) for processing. We do not retain copies of personal information in social media platforms longer than necessary to complete the transfer and acknowledge receipt. Any personal information you directly provide to us via messages will be handled in accordance with the rest of this Privacy Policy and our HIPAA compliance measures once it is received by us.

For more information on the data practices of these platforms, please refer to their respective privacy policies.

8. Cookies and Tracking Technologies

We utilize website analytics and tracking services, including Google Analytics and WordPress-compatible analytics tools, to understand user behavior, improve our Website experience, and optimize our digital presence. These tools use cookies and other tracking technologies to collect non-personal information, such as:

  • Browsing behavior and page view data
  • Device information (type, operating system, browser)
  • Site engagement metrics (time on page, bounce rate, conversion events)
  • Geographic location (city/state level, not precise location)

This information is collected in aggregated, anonymized form and used solely to improve website functionality, user experience, and content relevance. We do not use this data to identify individual users or create detailed behavioral profiles.

You can opt out of Google Analytics tracking by installing the Google Analytics Opt-Out Browser Add-on at https://tools.google.com/dlpage/gaoptout.

Similarly, when you visit or interact with our social media profiles (Facebook, Instagram, LinkedIn, Google Business Profile, Yelp Business Profile), the respective platform may place cookies or use other tracking technologies to collect data about your activity. We do not have direct access to or control over these third-party cookies or the data they collect.

Similarly, when you visit or interact with our social media profiles (Facebook, Instagram, LinkedIn, Google Business Profile, Yelp Business Profile), the respective platform may place cookies or use other tracking technologies to collect data about your activity. We do not have direct access to or control over these third-party cookies or the data they collect.

8.1. Managing Cookies

Most browsers allow you to refuse cookies or alert you when cookies are being sent. For instructions on managing cookies, please visit your browser’s help documentation. Note that blocking cookies may affect the functionality and user experience of our Website. Additionally, the WordPress platform may set functional cookies necessary for core website operation; these are not used for tracking or advertising purposes.

We encourage you to review the privacy policies of Bluehost, Google, Meta (Facebook, Instagram), LinkedIn, Yelp, and any other relevant third-party services for more information on their practices and how to manage your privacy settings with them.

9. Data Retention

We retain your personal information only as long as necessary to fulfill the purposes for which it was collected, to provide our services, and to comply with applicable legal and regulatory requirements.

  • Non-regulated data (contact form submissions, appointment records, general inquiries): three (3) years from your last interaction with us, unless you request earlier deletion.
  • Medicare Scope of Appointment (SOA) records: minimum of ten (10) years, as required by CMS under 42 CFR §§ 422 and 423.
  • ACA Marketplace consent records: retained in accordance with applicable CMS and federal Marketplace requirements.
  • Life insurance records: retained for the period required by the Florida Department of Financial Services or applicable state law, regardless of any deletion request.

When retention periods expire, we securely delete or anonymize your information. You may request earlier deletion of non-regulated data at any time by contacting us (see Section 18).

9.1. Non-Regulated Data Retention

For personal data not subject to federal or state retention requirements, we retain your information for three (3) years from your last interaction with us, unless you request earlier deletion. Non-essential data may be deleted upon your written request at any time, subject to legal holds or ongoing service obligations.

9.2. Life Insurance Records

Records relating to life insurance products may be subject to Florida Department of Financial Services or other state record-keeping requirements applicable to licensed life insurance agents. Such records will be retained for the period required by applicable law, even if a deletion request is received.

10. Your Rights and Preferences

10.1. Right to Access

You have the right to request a copy of the personal information we hold about you. We will provide this information in a portable, machine-readable format upon request.

10.2. Right to Correction

You have the right to request that we correct any inaccurate or incomplete personal information we hold about you.

10.3. Right to Deletion

You may request deletion of your personal data or revoke consent to be contacted at any time. We will promptly fulfill these requests, ceasing contact and deleting non-required data within thirty (30) days of receiving a valid request.

10.4. Right to Revoke Consent

You may withdraw your consent for us to process your personal information for specific purposes at any time. Withdrawal of consent will not affect the lawfulness of processing before the withdrawal.

10.5. Right to Object

You have the right to object to our processing of your personal information for direct marketing purposes, including marketing calls, texts, or emails. You can opt out of marketing communications by contacting us.

11. Marketing and Communications

We may contact you about educational content and information services via phone, email, text message, or mail based on your expressed interest or consent.

11.1 Opting out of communications

You can opt out of non-required communications by:

  • Clicking the “unsubscribe” link in our emails
  • Replying STOP to any text message
  • Contacting us directly

12. Links to other websites

Our Website may contain links to third-party sites (e.g., Medicare.gov, Healthcare.gov, and our social media profiles such as Facebook, Instagram, LinkedIn, Google Business Profile, and Yelp Business Profile). We are not responsible for the privacy practices or content of these sites. We encourage you to review their privacy policies before providing any information.

13. Transfer of account upon business sale

If CHL Insurance Solutions, LLC is sold or transferred to another entity, your client record and associated personal data may be transferred to another licensed insurance agent and/or licensed insurance agency. We will notify you in advance of any such change and provide you with the opportunity to opt out if applicable.

14. California, Virginia, and Florida Consumer Privacy Rights

For California Residents

CHL Insurance Solutions, LLC is licensed to sell insurance products in Florida and Georgia only. If you are a California resident seeking insurance assistance, please contact a licensed insurance agent in California or the California Department of Insurance at insurance.ca.gov. The following rights are provided as a courtesy disclosure under CCPA/CPRA for California residents who visit this site:

California’s Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA) provide you with certain rights regarding your personal information. These rights include:

  • The right to know what information we collect
  • The right to delete personal information
  • The right to correct inaccurate information
  • The right to opt out of the sale or sharing of your information

To exercise any of these rights, please contact us directly. We will respond to verified requests within forty-five (45) days.

For Virginia Residents

CHL Insurance Solutions, LLC is licensed to sell insurance products in Florida and Georgia only. If you are a Virginia resident seeking insurance assistance, please contact a licensed insurance agent in Virginia or the Virginia State Corporation Commission’s Bureau of Insurance at scc.virginia.gov/pages/Bureau-of-Insurance. The following rights are provided as a courtesy disclosure under the VCDPA for Virginia residents who visit this site:

Virginia’s Consumer Data Protection Act (VCDPA) provides you with rights to:

  • Access, correct, delete, and obtain a portable copy of your personal information
  • Opt out of the processing of your data for targeted advertising and profiling

To exercise these rights, please contact us using the information in section 18.

For Florida Residents

While Florida does not currently have a comprehensive consumer data privacy law equivalent to California’s or Virginia’s, Florida residents are protected under the Florida Information Protection Act (FIPA), which requires us to notify you of any unauthorized access to your personal information (see Section 4.1). Additionally, you have rights under HIPAA (if applicable) and other applicable state and federal laws.

To exercise any rights to access, correct, or delete your personal information, please contact us using the information in Section 18. We will respond to your request within thirty (30) days.

Note: Florida law is evolving. If Florida enacts a comprehensive privacy law during your use of our services, we will update this policy and notify you of any changes to your rights.

15. Law Enforcement and legal obligations

We may disclose your personal information to law enforcement or other authorities if required by law, such as in response to a court order, subpoena, or to comply with legal obligations. Such disclosures will be limited to what is necessary to meet those requirements.

16. No interactions with anyone under 18

Our Service is not directed at individuals under 18. We do not knowingly collect data from children and request that minors refrain from using our Website or Service. If we learn of unintended data collection from a child, we will delete such data immediately.

17. Changes to this privacy policy

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any revisions will be posted on this page, and we encourage you to review it periodically for updates. We will post an updated “Effective Date” at the top of this policy.

18. Contact Us

For questions about this Privacy Policy, your data, to request access or deletion, to exercise any of your privacy rights, contact the Agent in Charge:

19. Disclaimer

We are not affiliated with or endorsed by the US government or federal Medicare program.

CHL Insurance Solutions, LLC is an independent insurance agency located at 5950 NW 1st Pl Ste 110, Gainesville, FL 32607. It is solely operated by Justin Tomlin, an Independent Licensed Health & Life Insurance Agent.

  • Agency Licensing:
    • Florida: L131407
    • Georgia: 241106
  • Agent Licensing:
    • Florida: W960118
    • Georgia: 3760385

This website serves as a solicitation for insurance.