Last updated: June 23, 2026
QuoteTurbo is a free ACA quoting tool. It needs real household data to run subsidy math and export quotes that clients can actually use. This page explains which data we collect, why we collect it, how we store it, and what we will not do with it.
The short version is simple. We collect only what we need to run quotes, keep accounts secure, and improve the product. We do not sell broker data, client data, or quote data. We do not run ad pixels on quoting or client pages. We use Google Analytics for traffic and conversion events on marketing pages, and Microsoft Clarity to understand how people move through the app so we can fix real UX problems, not to build ad profiles.
Key Takeaways
- QuoteTurbo stores only the data needed to quote ACA plans, export PDFs, and keep accounts secure.
- We do not sell broker data, client data, or quote data. There is no ad network stitched into the quoting flow.
- Google Analytics and Microsoft Clarity are used for traffic and session analytics. Both are scoped to product improvement, not ad targeting.
- Client data is encrypted in transit (TLS). Storage protections are described on the security page. We do not load third party ad pixels on pages that handle quote details.
- You can export your data or request deletion by contacting the team. The tool is free today. Your data is not the product.
Who this policy is for
This privacy policy is written for three groups. Brokers and agencies that use QuoteTurbo to run ACA quotes. Insurtech and Devkrest clients who care about how our reference product behaves before they hire us for a private build. And compliance teams who need to know where data lands before they sign off on a new tool.
QuoteTurbo is a US focused ACA quoting tool. It is not designed for EU consumers or EU privacy law use cases. If you have a cross border stack, the right move is a private build with a custom data and consent model. That work starts on the Devkrest page.
What we collect when you sign up
When a broker signs up for QuoteTurbo we collect a small set of account details. Work email, name, agency name, and a password or SSO identity. If you invite team members, we collect the same for them. This is standard account data. It lets us keep your workspace separate from every other agency.
We log basic account metadata. When the account was created. When someone last signed in. How many brokers are in the workspace. Which plans and quotes belong to which workspace. This is the minimum needed to run the product and keep the right data with the right team.
What we collect when you quote a household
To run a real ACA quote we need the same inputs every Marketplace quote needs. Household composition, ZIP and county, ages, income estimates, and some optional clinical detail such as doctors and prescriptions. When you enter that data into QuoteTurbo it is stored so you can re run the quote later.
Client PDFs are not stored on our servers
When you export a client quote PDF, QuoteTurbo assembles the file inside your browser from quote data and your agency branding settings. The rendered PDF downloads directly to your device. We do not upload, retain, or process that PDF file on QuoteTurbo servers.
Client data is scoped to your workspace. Other agencies cannot see it. Devkrest engineers see it only when they are working on production incidents or support tickets for your workspace, and those accesses are logged. When we talk about examples in public, we talk about shapes and numbers, not names or identifiers.
How long we keep quote and client data
Brokers need quote history for more than one plan year. Renewal seasons, commission disputes, and client questions all reach back to last year's quote. By default we keep quote and client records until the workspace owner asks us to delete them or until the account has been dormant for a long time.
If you want a stronger rule for your agency, talk to us. A private build can enforce stricter retention windows, anonymization rules, or explicit deletion SLAs. The free tool defaults to utility for brokers who want to keep history until they say otherwise.
Google Analytics, Microsoft Clarity, and analytics
QuoteTurbo uses Google Analytics 4 on public marketing pages to measure traffic, referrers, and a small set of conversion events. Examples include opening the plan finder from a campaign link, submitting the Devkrest engineering form, and clicking outbound links to Devkrest. We do not send client quote payloads or PHI into GA4.
QuoteTurbo also uses Microsoft Clarity for session analytics. Clarity may run on public marketing pages and on some in-app screens. It records how people move through the interface so we can see where they get stuck. It does not change what you see in a quote. It does not decide anything for you.
We try to limit analytics on the most sensitive surfaces, but Google Analytics and Microsoft Clarity are loaded globally today. Do not enter client PHI into fields you would not want reflected in analytics tooling. If your agency needs a different analytics posture, contact us about a private build with the logging and consent stack you sign off on.
The cookie notice at the bottom of the page reminds visitors that we use cookies and analytics, including Google Analytics and Microsoft Clarity.
Cookies and local storage
QuoteTurbo uses cookies and local storage for a few concrete things. Keeping you signed in between sessions. Remembering which marketing dialogs and notices you have already dismissed. Making sure live activity toasts and similar UI behave consistently instead of flashing on every page load.
We do not use third party ad cookies. We do not join your quote data with a broker profile that an ad network can target. The tool is not an ad tech product. It is a quoting and client conversation product.
Where data lives and how it is protected
QuoteTurbo runs in US based cloud infrastructure. Data is encrypted in transit using TLS. Access to production systems is limited to a small set of Devkrest engineers with strong authentication and audit trails. Changes to the production environment go through review and deployment pipelines, not ad hoc shell access.
Storage encryption, retention controls, and incident response follow industry-standard practices for a production SaaS tool. Contact us if your agency needs a written security summary, a BAA, or a private deployment with stricter controls.
Service providers we use
QuoteTurbo uses the following categories of service providers to run the product. Each processes data only to provide the service described. We do not sell broker data, client data, or quote data to these vendors or to anyone else.
| Provider | Purpose | Data they may see | Privacy policy |
|---|---|---|---|
| Vercel | Application hosting and CDN | HTTP request metadata, IP addresses, and application responses needed to serve pages and API routes. | View policy |
| Google Analytics 4 | Marketing traffic and conversion analytics | Page views, referrers, and conversion events on public marketing pages. Quote payloads and client PHI are not sent to GA4. | View policy |
| Microsoft Clarity | Session replay and UX analytics | Interaction patterns on marketing pages and selected in-app screens. Clarity is not mounted on screens that display full client identifiers plus clinical detail. | View policy |
| Devkrest (Find Plan Tool API) | ACA quoting, client records, and account backend | Broker account data, household quote inputs, client records, and quote history required to run the product. | View policy |
This table reflects service providers in use as of June 2026. We update it when we add or remove a processor that touches broker or client data. Final wording is subject to counsel review.
State privacy notices
Residents of California, Colorado, Connecticut, Virginia, Texas, Washington, and other states with comprehensive privacy laws may have rights to access, delete, or correct personal information we hold. Washington's My Health My Data Act may apply when health-related information is collected through the quoting workflow. Contact us through the support channels below to exercise applicable rights. We do not sell personal information as defined under the California Consumer Privacy Act (CCPA/CPRA).
When we share data
Beyond the service providers listed above, we share data only when required to run the product you signed up for, when you direct us to (for example exporting a quote), or when the law requires it. We pick vendors who document their security posture and who sign data protection agreements where they apply.
We do not sell data. We do not rent lists. We do not ship your client list into a marketing partner's CRM.
Legal process and compliance requests
If we receive a legal request for data tied to a workspace we respond the way a responsible engineering team does. We validate the request, we scope it to the minimum data needed to comply, and when the law allows we notify the workspace owner that a request happened. We do not volunteer data where the law does not require it.
For agencies in regulated environments, the right long term answer is a private build with a data handling agreement, BAA, and custom logging that passes your own audit. The Devkrest page covers how those projects work.
Your choices and how to contact us
If you are a broker and want a copy of the data tied to your workspace, reach out through the usual support channels with your account email and agency name. We can export quote and client records in a machine readable format. If you want a specific subset deleted, say so clearly and we will confirm once the work is done.
If you are an agency principal or insurtech evaluating a Devkrest build, use the form on the Devkrest landing page to set up a call. We can walk through this policy and the technical posture behind it in more detail and map it to your own compliance requirements.
Changes to this policy
When we change how QuoteTurbo handles data, we update this page. We keep the language plain and the promises concrete. No dark patterns, no fine print that reverses the rest of the copy.
If a change is large enough to matter to a broker or a client we will call it out inside the product as well. A privacy policy is only useful when the people who rely on it actually see it.
