Privacy Policy

Effective 06/20/2025

1. Introduction
2. How We Collect and Use Personal Information
3. Cookies
4. Your Rights
5. Security
6. Data Storage
7. California Privacy Rights
8. Customer Testimonials, Comments, & Reviews
9. Links to Other Websites
10. Children Under 18
11. Changes to This Policy
12. Contacting Us

1. Introduction

SunFireMatrix, Inc. (“SunFire” or “we” or “us”) provides this Privacy Policy (“Policy”) to inform you (“you”) of our policies and procedures regarding the collection, use, and disclosure of personal information we receive via our website at https://sunfireinc.com (the “Site”) and the services we provide through our applications (collectively, the “Services”). The Services, Site, and any supporting subdomains are managed and run by SunFire. Any information collected by the Site is collected by SunFire on our behalf and in compliance with this Policy. Any information collected by the Services is done on behalf of the beneficiary or the beneficiary’s insurance provider or insurance agent on the beneficiary’s behalf and is done in compliance with this Policy. By using the Site and the Services, you consent to, without limitation, the collection, transfer, processing, storage, disclosure, and other uses of your data outlined in this Policy. This Policy also describes how we use artificial intelligence (“AI”) technologies in our Services and your rights under applicable U.S. privacy laws. This Policy may be updated from time to time without notice and it is suggested you review the Policy at the Site regularly for any changes.

The terms “using” and “processing” of the personal information (as herein defined) may include statistical or other analysis, using or handling in any way, including but not limited to, collecting, storing, evaluating, modifying, deleting, using, combining, disclosing, and/or transferring information within our organization, among our partners, or to third parties.

The Site and Services may contain health or medical-related information. Such information is not a substitute for professional medical advice, diagnosis, or treatment. Always seek the advice of your physician or other qualified health providers with any questions you may have regarding a medical condition.

2. How We Collect and Use Personal Information

a. Collection

1. Information Submitted by You, Information–such as your name, address, phone number, and email address–is not collected as you browse the Site without a registered account unless you have already provided such data through your insurance provider. However, when you register with us on the Site to create an account (“Account”) and become a registered user (partner or customer), you agree to provide us with certain personally identifiable information to complete registration, including without limitation, information that can be used to contact or identify you, and your personal health information as defined by HIPAA (“Personal Information”) such as your name, address, phone number, and email address. You agree that SunFire may use any content, including Personal Information, that you submit using the Site, Services, or any APIs for any purpose identified within the privacy notice or this Policy unless explicitly revoked by you per Section 4 of this policy. We communicate these uses to you throughout the Site at the time of collection or registration in addition to this Policy.
2. Protected Health Information. Any information collected by the Site, Services, or disclosed by you through your use of the Site is protected by the Health Insurance Portability and Accountability Act (“HIPAA”). The Site is intended for the collection, access, or disclosure of protected health information and some of the information collected will be used in connection with your enrollment or provider. All Personal Information gathered that is covered by HIPAA will never be sold, leased, rented, or otherwise shared for marketing purposes without your consent.
3. Log Data and Usage Information. When you visit the Site, whether as a Account holder or a non-registered user, our servers automatically record information that your browser sends whenever you visit a website generally (“Log Data”). This Log Data may include information such as your computer’s Internet Protocol (“IP”) address, browser type, operating system, and/or the webpage you were visiting before you came to our Site, pages of our Site that you visit, the time spent on those pages, access times and dates, and other statistics. We use this information to ensure our products and services are functioning as intended and keeping our users’ data safe when submitted on our Site.

b. Use

SunFire does not rent, lease, sell (for marketing or financial purposes), or otherwise share Personal Information about you with other persons or non-affiliated companies except to provide products or services you have requested, when we otherwise have your permission, or under the following circumstances:

1. Service Providers
   We may employ third party companies and individuals, which may use AI technologies, to facilitate our Services, to provide services on our behalf, to perform Site-related services (e.g., without limitation, maintenance services, database management, payment processors, web analytics, and improvement of the services’ features), or to assist us in analyzing how the Services are used. These third parties have access to your Personal Information only to perform these tasks on our and your behalf and are obligated not to disclose or use it for any other purpose.
2. Compliance with Laws and Law Enforcement
   SunFire cooperates with government and law enforcement officials and private parties to enforce and comply with the law. We may disclose the information we collect from you to comply with the law, a judicial proceeding, court order, subpoena, or other legal processes.
3. To Protect Us and Others
   We also may disclose the information we collect from you where we believe it is necessary to investigate, prevent, or take action regarding illegal activities, suspected fraud, situations involving potential threats to the safety, rights, or property of any person or party, or violations of our Terms of Use or this Policy.
4. Improvements of the Site and Services
   We use this information to enable you to access your registration data on the Site, monitor and analyze the use of the Site and for the Site’s technical administration including security features, to increase Site functionality and user-friendliness including access to technical support, and to better tailor the Site to our visitors’ needs. For example, we use such information to verify that visitors to the Site meet the criteria required to process their requests.
5. Legal and Ethical AI Use
   SunFire and its subcontractors may use technologies to analyze Personal Information, such as age, location, health data, or plan preferences, to provide personalized plan recommendations, assess eligibility, or optimize the Services and the Site. We are committed to using AI ethically by ensuring fairness, transparency, and accountability in our processes, including regular evaluations to mitigate bias and comply with applicable laws. Where AI involves automated decision-making or profiling that may produce legal or significant effects, we provide human oversight and allow you to request a plain-language explanation of the AI logic.
6. Business Transfers
   We may sell, transfer or otherwise share some or all of our assets, including your Personal Information, and other information collected from you, in connection with a merger, acquisition, reorganization, sale of assets, or in the event of bankruptcy. If required under applicable privacy laws, we will make our best efforts to give you advance notice and the opportunity to opt-out of the business transfer based on the contact information you have provided.

c. SunFire will not:

1. Release the names of individuals or information that could be linked to an individual, nor will we present the results of data analysis (including maps) in any manner that would reveal the identity of individuals, unless otherwise necessary due to the conditions above, but in no event in violation of any agreements you have made with us in sharing your data;
2. Release individual addresses, nor will we present the results of data analysis (including maps) in any manner that would reveal individual addresses, unless otherwise met by conditions above;
3. Use the personal information cited above in any manner inconsistent with the authority granted by you when creating your account.
4. We do not sell your Personal Information. However, we may share de-identified or aggregated data for analytics or AI training purposes, ensuring it cannot be linked to an individual, in accordance with industry best practices.

3. Cookies

We use cookies and similar technologies to enhance your experience, analyze Site usage, and deliver personalized content. These technologies may support AI-driven analytics or personalization.

However, cookies, of the types listed below, are only used on the marketing webpage located at https://sunfireinc.com. A “cookie” is a small data file that we transfer to your computer’s hard disk for record-keeping purposes. We use cookies for several purposes as identified below.

The SunFire Site and its URLs, unlike the cookies mentioned above, utilize sessions. Unlike persistent cookies, sessions are deleted from your computer when you log off from the Site and then close your browser.

You can instruct your browser, by changing its options, to stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. If you do not accept cookies, however, you may not be able to use all portions of the Site, the Services, or all functionality of any respective services provided thereby.

We may retain Personal Information only as long as necessary to fulfill the purposes outlined in this policy or as required by law. Upon request, we will delete your Personal Information, subject to applicable legal exceptions.

4. Your Rights

a. Changing, Correcting or Deleting Your Information

You, as an Account holder, may review, update, correct or delete information by making the appropriate corrections on the Site. If you delete all such information, then your Account may become deactivated. However, we may retain a copy of your records in our systems to comply with our legal and regulatory requirements.

b. Data Access and Portability

In some jurisdictions, applicable law may entitle you to request certain copies of your Personal Information held by us. You may also be entitled to request copies of Personal Information that you have provided to us in a structured, commonly used, and machine-readable format and/or request us to transmit this information to another service provider (where technically feasible).

c. Keeping and Deleting Your Data

We will keep your Personal Information for only so long as is necessary to serve your needs as the beneficiary or user of the Site or Account holder, and to comply with our legal obligations. Please note that if you request the deletion of your Personal Information your request may be subject to further retention due to those conditions mentioned in Section 2(a)(ii).

d. Withdrawing Consent of Processing

If we are processing your Personal Information based on your consent, you may withdraw your consent at any time by reaching us using the information in Section 12 below. Please note that the withdrawal of your consent does not affect the lawfulness of any processing activities based on such consent before its withdrawal. Additionally, in some jurisdictions, applicable law may give you the right to limit how we use your Personal Information, in particular, where (i) you contest the accuracy of your Personal Information; (ii) the processing is unlawful and you oppose the erasure of your Personal Information; (iii) we no longer need your Personal Information for the processing, but you require the information for the establishment, exercise or defense of legal claims; or (iv) you have objected to the processing and we are processing the request per our standard procedures to verify its legitimacy.

e. Right to Opt-Out of Automated Decision-Making

Depending on your state of residence, you may have the right to opt out of profiling or automated decision-making that produces legal or similarly significant effects. Automated decision-making involves the use of AI technologies to process personal information, such as age, health data, or plan preferences, without human intervention. Profiling refers to analyzing your data to create predictive profiles about your preferences or needs. To opt-out of automated decision making, contact the party that assisted you with your enrollment. We will use reasonable efforts to ensure that your decision to opt-out of automated decision making does not unreasonably affect your ability to access our Services, subject to legal requirements.

f. Right to Limit Sensitive Data Use

You have the right to request that we limit the use and disclosure of your sensitive Personal Information, such as health data, Social Security number, or other data defined as sensitive under applicable laws (e.g., CPRA, Maryland Online Data Privacy Act), to what is strictly necessary for providing our Services or complying with legal obligations. You may exercise this right by contacting the party that assisted with your enrollment if you believe the processing is unnecessary, unlawful, or if you contest the accuracy of the data.

g. Right to Non-Discrimination

We will not discriminate against you for exercising any of your privacy rights under applicable state laws, including requesting access, correction, or deletion of your Personal Information, opting out of data sales or automated decision-making, or limiting the use of sensitive data. Discrimination includes, but is not limited to, denying services, charging different prices, or providing a lower quality of service. SunFire is committed to treating all users fairly and ensuring compliance with non-discrimination requirements under applicable laws such as the CCPA, CPRA, and Virginia Consumer Data Protection Act.

5. Security

1. The security of your submitted information is one of our top concerns. We have implemented industry-standard precautions to protect our Site and Services, as well as the information we collect, from loss, misuse, unauthorized access, disclosure, alteration, and destruction. This includes safeguarding sensitive data processed by AI technologies, such as health information, to prevent unauthorized access or misuse. We have also implemented access controls to safeguard against unauthorized access to our information systems. Please be aware that despite our best efforts, no data security measures can guarantee 100% security all of the time. There are also certain steps you should take to safeguard your account and information. For example, you should select a secure password that only you know and should always sign out of your account when finished. Also, you should not grant access to your account to any third parties. It is your responsibility to protect the confidentiality of your password and/or credentials to prevent unauthorized access to your account. You are responsible for all activities that occur under your account and password. You should immediately change your password and notify us if you discover or suspect any unauthorized use of your account.
2. Fraud Waste and Abuse. SunFire takes Fraud Waste and Abuse seriously and is committed to following applicable federal laws and regulations. If you suspect Fraud Waste and/or Abuse has occurred please submit a request through SunFire’s Fraud Waste and Abuse platform for the quickest response.

6. Data Storage

Your information will be stored and maintained on, systems located in the United States. Your submission of such information represents your agreement to this Section. Your personal information may be transferred to and stored in jurisdictions outside your state, including areas with different data protection laws. We will ensure such transfers comply with applicable laws.

7. California Privacy Rights

Effective January 1, 2020, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), grants California residents the right to submit a verifiable consumer request to access, in a portable and (if technically feasible) readily usable format, the specific pieces and categories of personal information a business has collected about them, the categories of sources from which the information was collected, the business or commercial purposes for collecting or selling the information, and the categories of third parties with whom the information was shared or sold. California residents also have the right to request deletion of their personal information, subject to certain exceptions, and the right to opt out of the sale or sharing of their personal information for targeted advertising. Additionally, residents have the right to limit the use and disclosure of sensitive personal information, as defined under the CCPA, and the right not to be discriminated against for exercising these rights. Consistent with California law, we will not charge different prices or provide different quality of services for exercising these rights, unless the differences are directly related to the value of the consumer’s data.

To exercise your rights, please submit a verifiable consumer request as outlined in Section 12 of this Policy. You must verify your identity before we can process your request, which may require providing government-issued identification. You may designate an authorized agent to submit a request on your behalf by providing a valid power of attorney, your valid government-issued identification, and the authorized agent’s valid government-issued identification.

We do not sell personal information to third parties as defined under the CCPA. However, we may share personal information with third parties for business purposes, such as analytics, advertising, or marketing, as described in this Policy. This includes sharing for targeted advertising based on users’ online activities over time and across different sites, services, and devices, which you may opt out of as described in Section 12. We ensure all third-party data sharing complies with CCPA requirements, including providing appropriate notices and obtaining necessary consents where applicable.

8. Customer Testimonials, Comments, & Reviews

We may post customer testimonials, comments, and reviews on our Site, which may contain Personal Information. We do obtain the customer’s consent via email before posting the testimonial, to be able to post their name along with their testimonial. If you wish to update or delete your testimonial, you can contact us by utilizing the contact methods below in Section 12.

9. Links to Other Websites

The Site may contain links to other websites. If you choose to click on a third-party link, you will be directed to that third party’s website. The fact that we link to a website is not an endorsement, authorization, or representation of that third party of our affiliation with that third party, nor is it an endorsement of their privacy or information security policies or practices. We do not exercise control over third-party websites. These other websites may place their cookies or other files on your computer, collect data or solicit personal information from you. Other websites follow different rules regarding the use or disclosure of Personal Information and the like that you submit to them. We encourage you to read the privacy policies or statements of the other websites you visit.

10. Children Under 18

We are committed to protecting the privacy of children. We do not collect Personal Information from any person we know is a child under the age of 18 without prior approval from the parent or guardian. If a parent or guardian becomes aware that his or her child has provided us with Personal Information without their consent, he or she should contact us by utilizing the contact methods below in Section 12.

11. Changes to this Policy

If material changes to this Policy are made, the updated Policy will be posted on the Site with the accompanying revision date. SunFire may amend or update this Policy from time to time. You can review the most current version of this Policy at any time at https://www.sunfireinc.com/privacy/. Use of information we collect is subject to the Policy in effect at the time such information is used. If we make material changes in the way we use Personal Information, we will notify you by posting an announcement, adding an effective date, or sending you an email. Lack of notification from us regarding a change to this policy does not invalidate any changes. You must periodically review this Policy independently to note any changes. Your continued use of the Service following any such change, including AI-related practices, constitutes your agreement to be bound by such changes to this Policy. Your only remedy, if you do not accept the terms of this Policy, is to discontinue use of the Site or the Services.

12. Contacting Us

If you have any questions about this Policy, please contact us using the SunFire Privacy Platform below.

SunFire has appointed a Lead Privacy Officer responsible for overseeing the implementation of the privacy program across the company. If you have any questions about this Policy or SunFire’s websites, please contact us by utilizing the SunFire Privacy Platform.

We will reply to your complaint as soon as we can and in any event within 30 days. We are committed to working with you or working to route your request to the appropriate party with regard to the resolution of any complaints or concerns regarding your privacy.

If you have questions about security or data privacy, please contact us at compliance@sunfireinc.com.