CheapestACA PlansAbout

Privacy Policy

Last updated: 2026-04-21

Summary

cheapestacaplans.com does not require an account, does not collect your email, does not sell or share your data with insurers or brokers, and does not run advertising. We use Google Analytics to measure site traffic with IP anonymization enabled. Search inputs (ZIP, age, income, family members) are sent to our API in real time to compute your results and are not stored. Read on for detail.

What we collect

  • Search inputs you type into the site. ZIP code, age, optional spouse age, optional children ages, and optional household income. These are sent to our server to compute your cheapest-plan results and are not saved to a database, logged with your IP, or associated with a user profile.
  • Rate-limit metadata. Your IP address is checked against a sliding-window rate limiter (30 requests per 10 seconds) to protect site availability. IP counters are held in memory at our rate-limit provider for at most a few minutes and are not used for identification, advertising, or cross-site tracking.
  • Multi-county-ZIP resolution logs. When you enter a ZIP that spans more than one county, we log a single structured line containing the ZIP, the candidate county FIPS codes, and which county was chosen, so we can tune the picker threshold. These logs contain no age, income, household, or IP data.
  • Google Analytics 4 pageviews. If GA4 is enabled, we record standard pageview and referral data with anonymize_ip: true set so Google strips the final octet before storing. GA4 may set its own cookies per its Google Privacy Policy.

What we do not collect

  • No accounts, no email addresses, no phone numbers.
  • No protected health information (PHI) or medical history.
  • No payment or banking information.
  • No social-security numbers or government identifiers.
  • No advertising identifiers, behavioral tracking pixels, session replay, or cross-site device graphs beyond what GA4 provides out of the box.

How we use the data we do collect

  • Search inputs compute your cheapest-plan results and the enrollment links shown on the results page. They exist only for the duration of the HTTP request.
  • GA4 pageviews help us see which pages are used, where visitors come from, and whether site improvements are reaching people.
  • Rate-limit data is used only to throttle abusive traffic and protect availability.

Who we share with

We do not sell your data. We do not share search inputs, results, or any personal information with insurance carriers, brokers, or third parties for marketing or lead generation. The only third parties that receive data from your visit are the infrastructure providers we use to run the site: Vercel (hosting, edge network, rate-limit cache) and Google Analytics. These providers process data under their own privacy commitments and only for the purpose of delivering their service to us.

When you click an enrollment link on our results page, you leave our site and arrive at HealthCare.gov, a state exchange, or an insurance carrier's website. Those destinations have their own privacy practices. We do not pre-populate any information about you on those sites, and we do not receive a referral fee or tracking callback from any of them.

Your rights (California CCPA / CPRA and similar)

California residents have specific rights under the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), including the right to know what personal information is collected about them, the right to delete that information, and the right to opt out of the sale or sharing of personal information. Residents of other states with similar laws (for example Colorado, Connecticut, Virginia, Utah) have equivalent rights under their own statutes.

Because we do not maintain user accounts, do not store search inputs, do not sell or share personal information, and do not run advertising beyond GA4 pageview measurement, in most cases there is no user-identifiable record on file that we could access or delete. If you believe we may hold information about you and want us to investigate, email the address at the bottom of this page and we will respond within 45 days.

Cookies and similar technologies

The site itself sets no tracking cookies. GA4, if enabled, sets its own cookies to measure unique visitors and sessions. You can block these with browser settings or the Google Analytics opt-out browser add-on; the site will continue to function normally.

Security

The site runs with HSTS, a strict Content Security Policy, X-Frame-Options DENY, and TLS enforced everywhere. Our underlying plan dataset is hosted in a private, token-authenticated blob. We publish a security.txt with a contact for reporting security issues responsibly.

Children

cheapestacaplans.com is not directed at children under 13 and does not knowingly collect information from them. The form accepts children's ages as part of a household-size calculation, but that information is not stored and is associated with the household search, not with a child-user.

Changes to this policy

We may update this policy when the site changes what it collects, stores, or shares. The "Last updated" date above reflects the most recent revision. Material changes will be announced via an update to this page.

Contact

Privacy questions, requests to exercise your rights under CCPA / CPRA or an equivalent state statute, and any concern about how your information is handled: use the feedback link at the bottom of every page. We will respond within 45 days.