INFORMATION SECURITY OVERVIEW
Last Updated: NOVEMBER, 11, 2025
howmuch Insurance Services, LLC (“howmuch,” “we,” “our,” or “us”) is committed to protecting the privacy, confidentiality, and integrity of the information entrusted to us. This summary outlines the administrative, technical, and physical measures we use to safeguard personal information processed through our Services.
1. Security Program and Oversight
We maintain internal security and privacy procedures that guide how data is accessed, used, and protected. Our management team reviews these procedures periodically to address new business and regulatory requirements. Although we do not maintain a dedicated security officer position, designated team members are responsible for overseeing data protection and responding to security-related issues.
2. Access Control
Access to systems containing personal information is limited to authorized personnel based on job responsibilities. User accounts require unique credentials and periodic password changes. Access privileges are reviewed as roles change or employment ends.
3. Data Protection and Encryption
All data transmitted through our public website and online forms is encrypted in transit using HTTPS/TLS.
Sensitive information (such as date of birth, driver’s-license number, or Social Security number) is stored in secure databases protected by strong password and firewall controls. Encryption at rest is implemented for sensitive fields where technically feasible.
4. System and Network Security
Our systems are hosted in reputable U.S. data centers and cloud environments that apply standard physical and logical security safeguards. Firewalls, routine updates, and malware protection help prevent unauthorized access. Basic monitoring and log reviews are conducted to detect anomalies.
5. Vendor and Third-Party Management
We share personal data only with trusted service providers and partners that support our Services (for example, hosting, analytics, or quote Providers). Each vendor is subject to confidentiality obligations and must use information solely to provide contracted services. We review vendors for appropriate data-handling practices before onboarding.
6. Incident and Breach Handling
If we become aware of unauthorized access to personal information, we promptly investigate, mitigate potential impact, and comply with applicable breach-notification laws. While we do not maintain a formal written Incident Response Plan, key personnel are designated to coordinate any required investigation and notification.
7. Data Retention and Disposal
We retain personal information only for as long as necessary to provide the requested Services or comply with legal obligations. When data is no longer required, it is securely deleted or anonymized.
8. Continuous Improvement
We regularly review our security practices and make reasonable updates as our technology, risks, and legal requirements evolve.
Contact
For security or privacy inquiries, please contact: privacy@howmuch.net