Skip to main content
CrossGuard Private Benefits Advisory logo Call

Privacy Policy — How I Handle Your Information

A plain-language summary of what is collected, why, and how it is stored. Final wording is subject to legal counsel review.

Who operates this site

This site (crossguardadvisory.com) is operated by Vincent Oriolo, an independently licensed life and health insurance broker doing business as CrossGuard Private Benefits Advisory ("CrossGuard"). CrossGuard is a trade name; all insurance business under the CrossGuard name is conducted on Vincent Oriolo's personal license.

References to "I," "me," or "my" in this policy refer to Vincent Oriolo personally. References to "you" or "your" refer to the visitor or person submitting information through the site.

What information I collect

I collect information in two ways:

Information you provide

When you submit a form on this site (such as the lead form, contact form, or licensing-request form), I collect the fields you fill in. These typically include:

  • Name
  • Email address
  • Phone number
  • State of residence
  • The topic of your inquiry and any free-text message you provide

Information collected automatically

When you submit a form, the following technical context is recorded alongside your submission:

  • Your IP address (received from Cloudflare request headers)
  • Your browser type and operating system (user agent string)
  • The page URL you submitted from
  • The page that referred you to this site, if any
  • UTM and similar campaign-tracking parameters present in the URL
  • The version of the disclosures and consent labels visible on the page at the moment of submission, recorded as a snapshot for compliance purposes
  • The state of the affirmative consent checkboxes you selected

Outside of form submissions, this site uses Cloudflare Web Analytics, which is privacy-friendly and does not place tracking cookies or collect personal data.

Why I collect it

  • To respond to your inquiry and conduct the consultation you requested
  • To comply with insurance regulatory recordkeeping obligations imposed by state insurance departments and issuing carriers
  • To verify the affirmative consent you provided at the time it was provided
  • To prevent fraud and protect the integrity of the site (e.g., spam mitigation through Cloudflare Turnstile)

How I use it

I use the information you provide to follow up with you regarding your inquiry, to evaluate insurance options that may fit your situation, and to maintain the records required by applicable insurance regulations. I do not sell your information to third parties. I do not use your information for behavioral advertising on third-party platforms.

Where it is stored

Form submissions are stored in Cloudflare D1 (a managed SQLite-compatible database hosted by Cloudflare, Inc.) located in regions that Cloudflare designates. D1 is the system of record for compliance recordkeeping at launch.

Who I share it with

I may share your information with the following categories of service providers, under contractual obligations to protect it:

  • Cloudflare, Inc. — hosting, content delivery, web analytics, spam protection (Turnstile), and the D1 database that holds compliance records. Cloudflare receives the same information you submit and the technical context described above.
  • The issuing insurance carriers and their underwriting partners, in connection with insurance applications you choose to submit
  • State insurance departments and other regulators, in response to lawful regulatory requests
  • My professional advisors (legal counsel, accountants), under confidentiality obligations

I do not sell your information. I do not share it with third parties for their own marketing purposes.

How long I keep it

Form submissions are retained for as long as required by applicable insurance regulations and for as long as is reasonably necessary to perform the services you requested.

How it is protected

I take reasonable measures to protect the information you submit. Technical safeguards include encryption in transit (HTTPS), encryption at rest within Cloudflare's infrastructure, and access controls that limit administrative access to my Cloudflare account. The compliance export endpoint that allows me to retrieve records is protected by an authenticated bearer token rotated on a defined schedule.

No system is perfectly secure. If a breach occurs that affects your information, I will respond per applicable law.

Your rights

Depending on the state where you reside, you may have rights with respect to information I hold about you. These commonly include:

  • The right to know what categories of information I hold about you
  • The right to request access to specific information about you
  • The right to request correction of inaccurate information
  • The right to request deletion of your information, subject to exceptions for information I am required to retain by law
  • The right to opt out of certain types of processing where applicable

To exercise these rights, contact me at vincent@crossguardadvisory.com. I will respond within the timeframes required by applicable law and may need to verify your identity before fulfilling certain requests.

Children's information

This site is not directed to children under 13. I do not knowingly collect information from children under 13. If you believe I have collected information from a child under 13, contact me at vincent@crossguardadvisory.com and I will delete it.

Visitors outside the United States

This site is operated from the United States and is intended for residents of the United States, specifically the states where Vincent Oriolo is licensed (see Licensing & Disclosures). I do not solicit business outside the United States.

Cookies and analytics

This site uses Cloudflare Web Analytics, which does not place tracking cookies and does not collect personal data such as IP addresses for analytics purposes. The lead form uses Cloudflare Turnstile to prevent spam, which may set a short-lived session token.

If advertising or behavioral-tracking pixels (Meta, Google, TikTok, etc.) are added in the future, this Privacy Policy will be updated, a separate Cookie Policy will be added, and a cookie consent mechanism will be introduced where required by law.

Do Not Track signals

Browsers offer a "Do Not Track" (DNT) signal. There is no industry consensus on how to interpret DNT, and this site does not currently change its behavior in response to DNT signals. The site does not engage in behavioral advertising regardless.

Changes to this policy

I may update this Privacy Policy from time to time. The version number and "Last updated" date at the top of this page reflect the current revision. Material changes will be reflected in a version increment and may be communicated through the site or other means.

The version of this policy in effect at the time of any form submission you make is recorded with that submission, so you can refer back to the exact wording you saw.

Governing law

Contact

For privacy questions, requests to exercise your rights, or to report a suspected privacy concern:

Check your options Call