Privacy Policy

Effective March 24, 2026. Last updated June 16, 2026.

Who We Are

Sidebar Benefit Advisors is a technology platform operated by Ithaca Health LLC (“we,” “us,” or “our”), a Texas limited liability company. Ithaca Health is a licensed insurance agency that contracts with licensed, independent insurance agents to provide enrollment assistance to consumers. Sidebar Benefit Advisors is not affiliated with or endorsed by the U.S. government or the federal Medicare program. This Privacy Policy explains how we collect, use, share, and protect your personal information.

Scope and Applicability

This Privacy Policy applies to your interactions with Sidebar Benefit Advisors through our websites, our agent-matching and PlanMatch services, our text and email communications, and our call-center and in-person enrollment support. It does not apply to: (a) our employees, contractors, and job applicants, whose information is covered by a separate notice; (b) information exchanged solely in business-to-business dealings with our retail, agency, and carrier partners; (c) the licensing and appointment data of insurance agents, which we process in our capacity as a licensed insurance agency; and (d) protected health information that we handle on behalf of a health insurance carrier under the Health Insurance Portability and Accountability Act (HIPAA), where we act as a business associate of that carrier. For questions about information handled on a carrier’s behalf, contact that carrier directly.

Information We Collect

We may collect the following types of information:

  • Contact information: Name, email address, phone number, zip code.
  • Medicare-related information: Plan preferences, enrollment period status, carrier interests.
  • Pharmacy data (PlanMatch only): Prescription medication history retrieved with your explicit consent via an authorized pharmacy data aggregator. See the PlanMatch section for details.
  • Device and usage data: IP address, browser type, pages visited, and interaction data collected via cookies and analytics tools.
  • Agent information: National Producer Number (NPN), carrier appointments, licensing data obtained through NIPR verification.

Sources of Personal Information

We collect personal information from the following sources: directly from you when you enter a ZIP code, request to speak with an agent, complete a form, or use PlanMatch; automatically from your device and browsing activity through cookies and analytics tools; from the licensed insurance agents and carriers who serve you; from licensing authorities and the National Insurance Producer Registry (NIPR) when we verify an agent’s credentials; from an authorized pharmacy data aggregator when you give explicit consent through PlanMatch; and from service providers that help us operate, secure, and analyze our platform.

How We Use Your Information

  • To match you with a licensed Medicare agent in your area.
  • To provide Medicare plan information and drug coverage lookups.
  • To process PlanMatch pharmacy data authorizations and generate plan comparisons.
  • To verify agent licensing and carrier appointments.
  • To send enrollment-related communications (with your consent).
  • To improve our platform, troubleshoot issues, and analyze usage trends.

How We Share Your Information

We do not sell your personal information. We may share information with:

  • Licensed insurance agents to facilitate your Medicare enrollment.
  • Insurance carriers as required to process enrollments.
  • Service providers who help us operate the platform (hosting, analytics, communication services) under strict confidentiality obligations.
  • Regulatory bodies when required by law, including CMS compliance audits.

PlanMatch and Pharmacy Data (HIPAA)

If you use our PlanMatch feature, we retrieve your prescription medication history through a HIPAA-compliant pharmacy data aggregator. This requires your explicit, informed consent before any data is accessed.

  • Pharmacy data is used solely to compare Medicare plans on your behalf.
  • Data is encrypted in transit and at rest.
  • Pharmacy data is automatically deleted after 30 days.
  • You may revoke authorization at any time by contacting privacy@sidebarhealth.com.

Text Messaging and Telephone Communications

If you provide your phone number and consent, we may send you text messages and place calls related to your request for Medicare or insurance assistance, including connecting you with a licensed agent and sending appointment or follow-up messages. Message frequency varies. Message and data rates may apply. You can opt out of text messages at any time by replying STOP, and reply HELP for help. Your mobile opt-in and consent information is never sold or shared with third parties for their own marketing, and is used only to deliver the communications you requested. Opting out of texts does not remove you from communications about an enrollment or application already in progress.

Sensitive Personal Information

Some of the information we collect, such as your Medicare interests and, with your explicit consent, your prescription medication history through PlanMatch, is considered sensitive personal information under certain state laws. We use and disclose sensitive personal information only to provide the services you request (matching you with an agent and comparing plans), to comply with law, to secure our platform, and for other purposes permitted without a right to limit. We do not use sensitive personal information to infer characteristics about you or for targeted advertising.

Data Retention

We retain personal information for as long as needed to provide our services, maintain your account, and fulfill the purposes described in this Policy, and thereafter as required to meet legal, regulatory, and recordkeeping obligations. Medicare marketing and enrollment records are retained for the period required by the Centers for Medicare & Medicaid Services (CMS). Prescription medication history retrieved through PlanMatch is automatically deleted within 30 days. When information is no longer needed, we delete or de-identify it.

Cookies, Tracking, and Global Privacy Control

We use cookies and similar technologies to remember preferences, analyze site traffic, and improve your experience. You can manage cookie preferences through your browser settings. We do not use cookies for cross-site behavioral advertising.

We honor browser-based opt-out preference signals, including Global Privacy Control (GPC), where required by law. Because we do not sell or share personal information for cross-context behavioral advertising, these signals do not change how we handle your information, but we recognize them as a valid opt-out.

Data Security

We implement industry-standard security measures including encryption, access controls, and regular security assessments. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.

Your State Privacy Rights

Depending on your state of residence, you may have some or all of the following rights regarding your personal information: the right to know and access the personal information we hold about you and how we use and disclose it; the right to correct inaccurate information; the right to delete your information; the right to data portability; the right to opt out of the sale or sharing of your information and of targeted advertising and certain profiling; and the right to limit the use of sensitive personal information. We do not sell your personal information, we do not share it for cross-context behavioral advertising, and we do not use it for targeted advertising or profiling that produces legal or similarly significant effects.

California residents (CCPA/CPRA):You have the rights to know, delete, correct, opt out of sale or sharing, and limit sensitive personal information, and the right not to be discriminated against for exercising them. Because we do not sell or share personal information and do not use sensitive personal information beyond permitted purposes, no opt-out is necessary, but you may still submit a request. Under California’s “Shine the Light” law, we do not disclose personal information to third parties for their own direct marketing.

Texas, Virginia, Colorado, Connecticut, Utah, and other states with comprehensive privacy laws: You have the applicable access, correction, deletion, portability, and opt-out rights described above. If we decline a request, you may appeal by replying to our response or contacting us at the address below; we will inform you of the outcome of any appeal.

How to exercise your rights: Submit a request by emailing privacy@sidebarhealth.com. We will verify your identity (and, for authorized-agent requests, the agent’s authority) before acting, and will respond within the timeframe required by your state’s law (for California, within 45 days, extendable to 90 days with notice). We will not charge you or deny you service for exercising these rights.

Children’s Privacy

Our services are intended for adults eligible for Medicare. We do not knowingly collect information from individuals under the age of 18.

Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page with a new “Last updated” date.

Contact Us

If you have questions about this Privacy Policy or wish to exercise a privacy right, contact us at privacy@sidebarhealth.com or by mail at:

Ithaca Health LLC d/b/a Sidebar Benefit Advisors
Attn: Privacy
5900 Balcones Drive, STE 100
Austin, TX 78731