Privacy Policy

Our Commitment to Your Privacy

Insurance Me For Life (IMFL) is committed to protecting your privacy and handling your personal information responsibly and in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).

This Privacy Policy explains how we collect, use, disclose, and protect your personal information when you use our services.

Due to the nature of insurance services, we cannot provide our core services anonymously or under a pseudonym. Insurers require verified identity information to assess applications and issue policies. You may browse our website and access general information without identifying yourself.

1. What Information We Collect

Personal Information

When you use our services, we may collect the following types of personal information:

• Contact Details: Name, email address, phone number, postal address
• Identification Information: Date of birth, gender
• Financial Information: Income, assets, liabilities, existing insurance coverage
• Health Information: Medical history, pre-existing conditions, smoking status, height, weight
• Employment Information: Occupation, employer details, work duties
• Family Information: Details about dependents and beneficiaries
• Technical Information: IP address, browser type, device information, cookies

Sensitive Information

We collect sensitive information (such as health information) only with your consent and only when necessary to provide our services. Sensitive information is subject to additional protections under Australian privacy law.

Health information we may collect includes medical history, pre-existing conditions, current medications, smoking status, and height and weight. This information is collected as part of our quote request process and may also be collected during our pre-assessment medical screening, which occurs after you receive quotes but before a formal insurance application is submitted. Health information may be processed by AI systems (Anthropic Claude) for analysis purposes, subject to the same protections as all other personal information we handle. Health data is only shared with insurers with your consent and solely for the purpose of underwriting your insurance application. Health records are retained for the duration of your policy plus 7 years, or 7 years from last contact for inactive records, in accordance with ASIC requirements.

2. How We Collect Information

We collect information in the following ways:

Directly From You

• Online quote request forms
• Phone conversations and consultations
• Email correspondence
• Insurance application forms
• Document uploads and submissions

From Third Parties

With your consent, we may collect information from:

• Insurance companies (when processing quotes and applications)
• Medical professionals (when assessing claims)
• Your financial adviser or accountant (if you authorize us to contact them)
• Publicly available sources (to verify information)

Automatically Through Our Website

• Cookies and similar tracking technologies
• Website analytics (Google Analytics)
• Log files and server data

Unsolicited Information

If we receive personal information we did not solicit, we will assess whether we could have collected it under APP 3. If we determine we could not have, and the information is not contained in a Commonwealth record, we will destroy or de-identify it as soon as practicable.

3. Why We Collect and Use Your Information

We collect and use your personal information for the following purposes:

Primary Purposes

• To provide you with general advice about life insurance products
• To request and compare insurance quotes on your behalf
• To assist you with completing insurance applications
• To liaise with insurers during underwriting and application processes
• To provide ongoing service and support for your policies
• To assist with insurance claims

Secondary Purposes

• To comply with legal and regulatory obligations (ASIC, ATO, AFCA)
• To conduct internal audits and quality assurance
• To improve our services and website functionality
• To send you relevant updates about your policies or our services (with consent)
• To manage complaints and disputes

4. Who We Share Your Information With

We may disclose your personal information to the following parties:

Insurance Companies

We share your information with insurance companies to obtain quotes, process applications, and manage claims. Insurers have their own privacy policies governing how they handle your information.

Our AFSL Holder

Consilium Advice Australia Pty Ltd (AFSL 246623) has oversight of our operations and may access your information for compliance, audit, and supervisory purposes.

Service Providers

We may share information with third-party service providers who assist us, including:

• Technology providers (website hosting, CRM systems, email services)
• Payment processors
• Professional advisers (lawyers, accountants, auditors)

Regulatory Bodies

We may disclose information to regulators such as ASIC, the Australian Financial Complaints Authority (AFCA), or law enforcement agencies when required by law.

Other Parties

We may disclose information:

• With your consent to other parties you specify
• If required by law or court order
• To protect our legal rights or prevent fraud

Partner-Share Links

When you choose to share your quote summary with another person — for example, your partner — via our portal share-link feature, you provide us with their email address. We will use that email address only to send a one-time notification containing the share link, and to log when the link is opened. We will not contact the recipient again unless they choose to engage with us directly. The recipient's email address is automatically removed from our records seven days after the share link expires (the link expires 30 days after it is created, so retention is approximately 37 days). The recipient can also request earlier deletion at any time by contacting us.

5. Overseas Disclosure

Some of our service providers store or process personal information on servers located overseas. We take reasonable steps to ensure that overseas recipients of personal information comply with the APPs or are subject to substantially similar privacy protections.

Personal information may be disclosed to service providers located in the following jurisdictions:

• India — Database hosting (Supabase, with data stored in Mumbai/ap-south-1)
• United States — Website hosting (Vercel), email delivery (Resend), SMS and voice services (Telnyx), workflow automation (Inngest), AI services (Anthropic), error monitoring (Sentry), document signing (Zoho Sign), analytics (Google, Microsoft)

Telemetry and Error Monitoring

We use Sentry Inc. (United States) to capture server and edge runtime errors so we can diagnose and fix issues. Error events may cross the border to Sentry's US infrastructure. Before events leave our servers, we automatically scrub known personal information fields (including email addresses, phone numbers, names, addresses, session cookies, and authorisation headers) from the request payload, user context, and breadcrumbs attached to the event. Stack traces and error messages are preserved so that our engineers can debug problems without seeing your personal information.

6. How We Protect Your Information

We take information security seriously and implement measures including:

Technical Safeguards

• SSL/TLS encryption for data transmission
• Encrypted database storage
• Secure authentication and access controls
• Regular security audits and vulnerability assessments
• Firewall and intrusion detection systems

Organizational Safeguards

• Staff training on privacy and data security
• Confidentiality agreements with employees and contractors
• Secure disposal of physical and electronic records
• Regular review and update of security policies

Data Retention

We retain your personal information for as long as necessary to provide our services and comply with legal obligations. Generally, we retain information for:

• Active client records: Duration of policy plus 7 years
• Inactive records: 7 years from last contact (ASIC requirement)
• Financial records: 7 years (ATO requirement)

7. Notifiable Data Breaches

In the event of an eligible data breach likely to result in serious harm, we will notify affected individuals and the Office of the Australian Information Commissioner (OAIC) as required under Part IIIC of the Privacy Act 1988 (Notifiable Data Breaches scheme). We will take prompt steps to contain the breach and assess the risk of harm.

8. Artificial Intelligence and Automated Processing

We use artificial intelligence (AI) services, including Anthropic's Claude, to assist with analysing insurance product documents and, where applicable, call transcript summaries. Personal information processed by AI is subject to the same protections as all other personal information we handle. AI is used to support our services, not to make automated decisions about your insurance application.

9. Call Recordings

With your consent, we may record phone calls for quality assurance and compliance purposes. Call recordings are stored securely and retained in accordance with our data retention schedule. You will be informed at the start of any recorded call and may decline recording.

10. Government Identifiers

We do not adopt government-related identifiers (such as Medicare numbers or tax file numbers) as our own identifiers. We only collect, use, or disclose government identifiers when required by law or for the purpose of verifying your identity in connection with insurance applications.

11. Data Quality

We take reasonable steps to ensure the personal information we collect, use, and disclose is accurate, up-to-date, complete, and relevant. If you believe any information we hold about you is inaccurate, please contact us.

12. Your Privacy Rights

Under the Privacy Act, you have the following rights:

Right to Access

You can request access to the personal information we hold about you. We will provide access within 30 days unless a legal exception applies.

Right to Correction

If you believe any information we hold is inaccurate, incomplete, or out of date, you can request correction. We will update records promptly and notify relevant third parties if necessary.

Right to Erasure (Deleting Your Data)

You can request that we erase the personal information we hold about you. The fastest way is to use our self-service erasure form, which lets you submit a deletion request from your portal account:

Submit a data erasure request

Some records cannot be erased while we have an ongoing legal obligation to retain them (for example, ASIC requires us to keep client records for 7 years from last contact). Where retention is required, we will explain why in our response and erase the data once the obligation ends.

Right to Complain

If you believe we have breached your privacy, you can lodge a complaint using our complaints process. If not satisfied with our response, you can escalate to the Office of the Australian Information Commissioner (OAIC).

How to Exercise Your Rights

To access, correct, or make a privacy complaint:

13. Cookies and Website Tracking

What Are Cookies?

Cookies are small text files stored on your device when you visit our website. They help us improve your experience and analyze website usage.

Types of Cookies We Use

• Essential Cookies: Required for website functionality (login, forms)
• Analytics Cookies: Google Analytics to understand how visitors use our site
• Session Recording: Microsoft Clarity for session recordings and heatmaps to understand how visitors interact with our site
• Advertising Cookies: Facebook Pixel and Google Ads / DoubleClick for conversion tracking for advertising campaigns
• Scheduling: Calendly for appointment scheduling functionality
• Performance Cookies: Vercel Analytics for website performance monitoring

Managing Cookies

You can control cookies through your browser settings. Note that disabling cookies may affect website functionality. Most browsers allow you to:

• View and delete existing cookies
• Block all cookies
• Block third-party cookies only
• Receive notifications before cookies are stored

14. Marketing Communications

We may send you marketing communications about our services, insurance updates, or relevant industry news, but only with your consent.

Unsubscribe

You can opt out of marketing communications at any time by:

• Clicking "unsubscribe" in any marketing email
• Emailing us at torben@insuremeforlife.com.au
• Calling us on 0407 934 855

Note: Even if you opt out of marketing, we may still send you service-related communications about your policies or account.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of significant changes by:

• Posting the updated policy on our website with a new "Last Updated" date
• Sending you an email notification (if we have your email address)

Your continued use of our services after changes take effect constitutes acceptance of the updated policy.

16. Contact Us

If you have questions about this Privacy Policy or how we handle your information, please contact us:

17. Office of the Australian Information Commissioner

If you are not satisfied with our response to a privacy complaint, you can contact the Office of the Australian Information Commissioner (OAIC):