Effective Date: 04/04/2025

1. Introduction

Akroamatik Financial, LLC (“Akroamatik,” “we,” “us,” or “our”) is committed to protecting the privacy and security of your personal information. This Privacy Policy describes how we collect, use, share, and protect the personal information of our clients, prospective clients, and website visitors in connection with the services we offer. These services include the sale of life insurance, health insurance, annuities, Medicare products, and the provision of digital notary services (Remote Online Notarization or RON).

This policy outlines our practices concerning Personally Identifiable Information (PII), Nonpublic Personal Information (NPI) as defined under the Gramm-Leach-Bliley Act (GLBA), Protected Health Information (PHI) as defined under the Health Insurance Portability and Accountability Act (HIPAA), and personal information collected during digital notary services under Florida law. We are committed to complying with applicable federal and state laws governing data privacy and security, including GLBA, HIPAA, the Florida Information Protection Act (FIPA), and Florida statutes regulating Remote Online Notarization (Chapter 117, Florida Statutes).

Please read this policy carefully to understand our practices regarding your information and how we will treat it.

2. Information We Collect

We collect various types of personal information necessary to provide you with our insurance, annuity, and digital notary services, and to comply with legal and regulatory obligations. The collection of extensive personal details, including sensitive health and financial data, is often mandated by the regulatory requirements governing insurance underwriting and remote online notarization identity verification. While we strive to collect only the information necessary for these legitimate purposes, the nature of our services requires gathering comprehensive data. The types of information we collect fall into several categories:

Personally Identifiable Information (PII)

This is information that can be used to identify you directly or indirectly.

Examples include:

• Basic Identifiers: Full name, maiden name, alias, home address, email address, telephone number, date of birth, gender, marital status.

• Government Identifiers: Social Security number (SSN), driver’s license number, passport number, state identification card number, military identification number.

• Digital Identifiers: IP address, website URL (if collected automatically), online account information (usernames, security questions/answers if applicable).

• Biometric Data: Fingerprints, voiceprints, full-face photographs (potentially captured during RON identity verification or video recording).

Nonpublic Personal Information (NPI)

This is a category of PII specifically related to financial products and services, protected under GLBA. It includes information provided by you to obtain financial products/services, information resulting from transactions, or information otherwise obtained in connection with providing financial products/services.

NPI we collect may include:

• Information from Applications/Forms: Name, address, SSN, income, assets, financial account information, employment history.

• Transaction Information: Account balances, payment history, policy/contract numbers, types of products purchased, claims information (financial aspects).

• Information from External Sources: Credit history, credit scores from consumer reporting agencies.

Note: Information lawfully made available from public sources (e.g., public government records, widely distributed media) may not be considered NPI.

Protected Health Information (PHI)

This is a subset of PII specifically related to health, healthcare services, or payment for healthcare, protected under HIPAA. PHI is individually identifiable health information created, received, maintained, or transmitted by a covered entity (like a health plan or certain healthcare providers) or their business associates.

PHI we may collect (primarily for health insurance and Medicare products) includes:

• Health Status Information: Information about your past, present, or future physical or mental health condition, medical history, diagnoses, treatments, test results.

• Healthcare Provision Information: Details about healthcare services you receive.

• Healthcare Payment Information: Information related to payment for healthcare, including claims information, health insurance policy numbers, beneficiary numbers.

• Identifiers Linked to Health Data: Any of the 18 HIPAA identifiers (name, address elements smaller than state, dates related to individual, phone/fax numbers, email, SSN, medical record numbers, account numbers, etc.) when linked with health information.

Remote Online Notarization (RON) Data

Specific information collected during the digital notary process as required or permitted by Florida law (Chapter 117, Florida Statutes):

• Identity Verification Data: Information used for identity proofing and credential analysis, such as images or data extracted from your government-issued ID (driver’s license, passport), answers to knowledge-based authentication (KBA) questions related to your personal or financial history, visual confirmation via audio-visual technology.

• Notarial Session Data: The full, unedited audio-visual recording of the entire RON session.

• Electronic Journal Information: Details recorded in the secure electronic journal, including date/time of notarization, type of notarial act, document type/title, principal’s name and address, method of identity verification, fee charged.

• Document Information: The electronic document being notarized, including any embedded PII, NPI, or PHI.

• Electronic Signatures and Seals: Your electronic signature applied to the document, and our electronic notary seal and digital certificate.

The data collected for RON, particularly government ID details, KBA answers, and the audio-visual recording, constitutes highly sensitive PII. Its handling is strictly regulated by Florida Statute 117 in addition to FIPA. Furthermore, depending on the nature of the document being notarized (e.g., a healthcare directive or a loan agreement), the RON data (especially the recording and journal entry) may contain embedded PHI or NPI, triggering additional handling requirements under HIPAA and GLBA. This multi-layered sensitivity demands specific attention in our privacy practices.

3. How We Collect Information

We collect personal information through various channels:

Directly from You

• When you complete applications (paper or electronic) for insurance (life, health, Medicare) or annuities.

• During consultations, interviews, or communications via phone, email, or potentially in-person meetings.

• When you submit information through forms on our website (e.g., contact requests, quote requests).

• During the Remote Online Notarization (RON) process conducted via an approved technology platform. This includes information you state verbally, identification documents you present electronically, your responses to KBA questions, and your electronic signature.

From Third Parties

• From your employer or group plan sponsor, if you are seeking coverage under an employer-sponsored plan.

• From healthcare providers, clinics, or hospitals (typically with your explicit authorization) to obtain medical records needed for underwriting health-related insurance or processing claims (PHI).

• From consumer reporting agencies to obtain credit reports or other information relevant to financial underwriting, as permitted by the Fair Credit Reporting Act (FCRA) and GLBA (NPI).

• From government agencies, potentially for identity verification or regulatory compliance purposes.

Via Third-Party RON Service Providers

• Florida law requires us to contract with state-approved third-party vendors to provide the technology platform necessary for conducting Remote Online Notarizations. These platforms facilitate the mandatory identity proofing (KBA, credential analysis), provide the secure audio-visual communication channel, capture the required audio-visual recording, create the electronic journal entry, and apply tamper-evident seals. Therefore, much of the RON-specific data is collected through these essential vendor platforms on our behalf. Our reliance on these vendors necessitates careful selection, due diligence, and strong contractual agreements to ensure their compliance with Florida law (FS 117.295) and robust data protection standards.

Automatically (If Applicable)

• If our website utilizes cookies, server logs, or similar tracking technologies, we may automatically collect technical information such as your IP address, browser type, operating system, pages visited on our site, time spent, and referring website addresses. This information is typically used for website operation, analytics to improve user experience, and potentially for security monitoring. (See Section 9 for more details on Cookies).

4. How We Use Your Information

We use the personal information we collect for specific business purposes, adhering to applicable legal and regulatory limitations.

Primary Purposes

• Providing Products and Services: To evaluate your eligibility for insurance (life, health, Medicare) and annuities; underwrite and price policies/contracts; issue policies and establish accounts; process transactions (premium payments, policy changes, benefit payments, claims processing); service your policies and accounts; provide financial advice related to our products (if applicable); and perform digital notarizations as requested.

• Communication: To communicate with you about your applications, policies, claims, notarizations, account status, renewals, and other service-related matters; respond to your inquiries and requests; and provide important notices.

• Compliance and Legal Obligations: To comply with applicable federal and state laws and regulations (including HIPAA, GLBA, FIPA, Florida RON statutes, insurance regulations, tax reporting); respond to subpoenas, court orders, or other legal processes; cooperate with regulatory authorities (e.g., Department of Financial Services, Office for Civil Rights) and law enforcement agencies; prevent fraud; and fulfill other legal requirements.

• Business Operations: For internal purposes such as data analysis (often using aggregated or de-identified data), audits, quality assurance, service improvement, system maintenance, security monitoring, risk management, fraud detection and prevention, and business administration.

• Marketing: To inform you about products, services, or offers from Akroamatik Financial, LLC that may be of interest to you. We will provide you with the opportunity to opt-out of receiving marketing communications as required by law (e.g., under GLBA for NPI). We will not use your PHI for marketing purposes without your explicit prior authorization, as required by HIPAA.

• Specific Use Limitations: The purpose limitation principle applies differently depending on the type of data and governing law.

• PHI (HIPAA): Your Protected Health Information will be used primarily for purposes related to your health insurance or Medicare coverage, specifically for Treatment, Payment, or Healthcare Operations (TPO) as defined by HIPAA. Examples include processing claims, determining eligibility or coverage, coordinating care (if applicable), and performing legally required healthcare operations. Any other use or disclosure of PHI (such as for marketing) generally requires your written authorization. We adhere to the “minimum necessary” standard, using or disclosing only the amount of PHI needed for the intended purpose, where applicable.

• NPI (GLBA): Your Nonpublic Personal Information will be used primarily to provide the financial products (life insurance, annuities) and services you requested, administer your accounts, process transactions, and for related business operations as permitted by GLBA. Sharing NPI with certain third parties for purposes like marketing is subject to your right to opt-out (see Section 5 and Section 8).

• RON Data (FL Stat. 117): Information collected during the Remote Online Notarization process, including the audio-visual recording and electronic journal entries, is used to perform the notarial act, verify your identity as required by law, and comply with Florida’s mandatory record-keeping requirements. Florida law also places specific restrictions on how the third-party RON service providers we use can utilize personal information obtained during the notarization process.

We handle data subject to multiple regulations according to the strictest applicable standard. For instance, if PHI is discussed within a RON recording, HIPAA’s stringent rules govern the use and disclosure of that PHI, overriding potentially broader permissions related to the recording itself under RON laws.

5. How We Share Your Information

We do not sell your personal information. We share your personal information only as necessary to provide our services, conduct essential business operations, comply with legal obligations, or with your consent. We require third parties with whom we share your information to protect it and use it only for the purposes for which it was shared.

• Affiliated Companies: We currently do not have affiliated companies. If this changes, we may share information (excluding PHI unless permitted by HIPAA and NPI subject to GLBA rules) with affiliates for purposes such as offering complementary products or services or for operational efficiency. We will update this policy and provide necessary notices if such sharing occurs.

• Non-affiliated Third Parties: We may share your information with the following categories of non-affiliated third parties:

• Insurance Carriers: To obtain quotes, submit applications for life insurance, health insurance, Medicare products, or annuities, facilitate underwriting, issue policies, and process claims.

• Third-Party Administrators (TPAs): If applicable, TPAs may assist in administering policies or processing claims on behalf of insurance carriers or Akroamatik.

• Remote Online Notarization (RON) Service Providers: We share information with state-approved RON vendors as necessary to conduct digital notarizations. This includes providing the platform, performing identity verification (credential analysis, KBA), and potentially storing the required audio-visual recordings and electronic journals on our behalf.

• Service Providers: We engage other companies to perform essential services on our behalf. These may include IT hosting and support, data storage providers, email communication services, payment processors (if applicable), document management services, and marketing assistance providers. Our contracts with these service providers require them to maintain the confidentiality and security of your information and restrict them from using it for any purpose other than providing the contracted services to us.

• Marketing Partners (Joint Marketing – GLBA): We currently do not engage in joint marketing agreements with other financial institutions. If we were to do so, we might share certain NPI (excluding account numbers for telemarketing/direct mail) as permitted by GLBA, under contractual agreements that protect the information. You would be notified and potentially have the right to opt-out of such sharing.

• Legal and Regulatory Authorities: We may disclose information as required or permitted by law to comply with legal processes (e.g., subpoenas, court orders), respond to requests from government regulators (e.g., state insurance departments, HHS/OCR, FTC), law enforcement agencies, or for fraud prevention, risk control, and legal defense.

• Consumer Reporting Agencies: We may share information with consumer reporting agencies as permitted by the Fair Credit Reporting Act (FCRA) and GLBA.

• Others with Your Consent or Direction: We may share your information with other third parties if you explicitly consent to or direct us to do so.

• Specific Sharing Restrictions and Requirements:

• HIPAA (PHI): We will not share your PHI without your written authorization, except as permitted or required by HIPAA for Treatment, Payment, or Healthcare Operations (TPO), or for specific public interest and benefit activities (e.g., public health reporting, required by law). When we share PHI with service providers performing functions on our behalf (acting as Business Associates), we require them to sign a Business Associate Agreement (BAA) legally obligating them to protect the PHI according to HIPAA standards.

• GLBA (NPI): You have the right to opt out of us sharing your NPI with certain non-affiliated third parties, particularly if the sharing is for purposes other than servicing your account or as legally required/permitted (e.g., sharing for another company’s independent marketing purposes). Exceptions where opt-out does not apply include sharing necessary to process transactions you request, prevent fraud, comply with legal requirements, or with service providers acting on our behalf under contract. We will not disclose account numbers to non-affiliated third parties for use in telemarketing or direct mail marketing. See Section 8 for how to exercise your opt-out right.

• FIPA (Third-Party Agents): If we use third-party agents (vendors) to maintain, store, or process your PII, and they experience a data breach, FIPA requires them to notify us within 10 days of determining the breach occurred. Our agreements with these vendors include provisions for data protection and breach notification.

• FL RON (Vendor Data Use): As noted, Florida Statute 117.295 restricts how RON service providers can use, sell, or transfer the personal information of principals or witnesses obtained during notarizations.

The reliance on third parties (insurance carriers, RON vendors, IT services) is integral to our business model. Therefore, robust contractual agreements are essential and legally mandated in many cases (e.g., BAAs under HIPAA, service provider agreements under GLBA). These contracts are critical tools for ensuring that third parties protect your information according to legal standards and use it only for the authorized purposes. When data is subject to multiple regulations (e.g., PHI within a RON recording), we adhere to the most restrictive sharing rules applicable to ensure compliance.

6. Data Security Measures

We are committed to protecting the confidentiality, integrity, and availability of your personal information (PII, PHI, NPI, and RON data). We implement and maintain a comprehensive written information security program with reasonable and appropriate administrative, technical, and physical safeguards designed to protect against unauthorized access, use, disclosure, alteration, or destruction of your information. Our security practices are designed to comply with the requirements of the HIPAA Security Rule, the GLBA Safeguards Rule, and the “reasonable measures” standard under the Florida Information Protection Act (FIPA). Meeting the specific requirements of the HIPAA Security Rule and GLBA Safeguards Rule helps ensure we meet FIPA’s standard for the sensitive data we handle.

Our information security program includes:

Administrative Safeguards

• Security awareness and privacy training for employees handling personal information.

• Access control policies limiting access to sensitive information based on job function and legitimate business need (“need-to-know”).

• Documented information security policies and procedures.

• Vendor management procedures, including due diligence and contractual requirements for third parties handling our data to maintain appropriate safeguards.

• Contingency planning and disaster recovery procedures.

• A written Incident Response Plan outlining procedures for detecting, responding to, and mitigating security incidents and data breaches.

Physical Safeguards

• Secure storage of physical documents containing personal information (if any).

• Controls to limit physical access to our facilities and systems where sensitive information is stored.

• Workstation security policies (e.g., screen locks, secure positioning, policies regarding portable devices).

Technical Safeguards

• Access Controls: Unique user identifications, strong password requirements, and multi-factor authentication (MFA) for accessing systems containing customer information, as required by the GLBA Safeguards Rule.

• Encryption: Encrypting sensitive personal information (PHI, NPI, RON data) both when it is stored (at rest) and when it is transmitted over networks (in transit).

• Audit Controls: Implementing mechanisms to log and monitor access to and activity within systems containing electronic PHI and NPI.

• Network Security: Utilizing firewalls, intrusion detection/prevention systems, and secure network configurations.

• Malware Protection: Deploying anti-malware software on relevant systems.

• System Monitoring and Testing: Regularly monitoring systems for unauthorized activity and testing the effectiveness of safeguards (e.g., vulnerability scanning, penetration testing as appropriate).

• Secure Software Development/Acquisition: Implementing procedures to assess the security of applications used to handle customer information.

• Data Minimization and Disposal: Securely disposing of customer information when no longer needed for a legitimate business or legal purpose.

• Change Management: Procedures to evaluate security impacts before implementing changes to information systems or networks.

• Remote Online Notarization (RON) Security: We utilize state-approved RON technology providers that employ specific security measures mandated by Florida law, including:

• Tamper-evident technology for electronic documents and notarial seals.

• Secure audio-visual communication platforms reasonably protected from interception.

• Robust identity proofing methods (credential analysis and KBA).

• Use of digital certificates for the notary’s electronic signature.

• Secure storage and retention of audio-visual recordings and electronic journals.

Please Note: While we and our RON vendors secure the notarization platform, Akroamatik is not responsible for the security of the systems or internet connection you use to access the RON session.

Incident Response and Breach Notification: Our Incident Response Plan includes procedures to detect, assess, contain, and remediate security incidents. In the event of a data breach involving personal information, we will comply with all applicable federal and state notification requirements.

This may include notifying:

• Affected individuals without unreasonable delay, as required by FIPA (generally within 30 days, unless exceptions apply) and potentially HIPAA (without unreasonable delay, max 60 days for PHI).

• The Florida Department of Legal Affairs if a breach affects 500 or more Florida residents (within 30 days).

• The U.S. Department of Health and Human Services (HHS) in the case of a breach of unsecured PHI.

• The Federal Trade Commission (FTC) if a security event under the GLBA Safeguards Rule affects 500 or more consumers.

• Relevant credit reporting agencies if required by law (e.g., FIPA requires notice for breaches affecting over 1,000 individuals). A single incident could potentially trigger notification duties under multiple laws (FIPA, HIPAA, GLBA), each with distinct requirements regarding timing, content, and recipients. Our response plan is designed to address this complexity.

7. Data Retention

We retain personal information only for as long as reasonably necessary to fulfill the purposes for which it was collected, including providing you with products and services, conducting business operations, complying with legal, regulatory, accounting, or reporting requirements, resolving disputes, and enforcing our agreements. Our retention practices are guided by applicable laws and business needs.

Specific Retention Periods

• Remote Online Notarization (RON) Records: Florida law mandates specific, long-term retention for records related to digital notarizations. We, or our designated secure repository, will securely maintain the electronic journal and the complete, unedited audio-visual recording of each RON session for a minimum period of 10 years following the date of the notarial act, as required by Florida Statute 117.245(4). This mandatory 10-year retention period applies regardless of the retention period for any underlying transaction documents and is a critical component of our compliance. Retention may be longer if the notarization involved an electronic will, requiring maintenance by a qualified custodian per Florida law.

• Insurance and Financial Records: Records related to life insurance, health insurance, Medicare products, and annuities (including applications, policies, transaction histories, claims information) are retained in accordance with applicable state and federal laws (e.g., state insurance regulations, GLBA, HIPAA for health records) and our internal record retention policies. Retention periods vary depending on the type of record, product, and jurisdiction, but often extend for several years (e.g., 6-7 years or longer) after the policy terminates, the claim is settled, or the account is closed.

Data Retention Schedule

We strive to maintain a data retention schedule that outlines the retention periods for different categories of personal information (e.g., PHI, NPI, general PII, RON records) based on legal requirements and business needs. This structured approach helps ensure compliance with varying retention mandates (like the specific 10-year RON requirement) and facilitates timely, secure disposal.

Secure Disposal

When personal information is no longer required to be retained for legal or business purposes, we securely destroy or dispose of it using methods appropriate to the sensitivity of the information and the medium on which it is stored. This may include shredding physical documents or using secure electronic data destruction techniques to prevent unauthorized access.

8. Your Privacy Rights

You have certain rights regarding the personal information we maintain about you, subject to applicable laws and regulations. These rights may vary depending on the type of information (PHI vs. NPI vs. general PII) and the governing law (HIPAA, GLBA, Florida law).

Rights under HIPAA (Regarding PHI for Health/Medicare Products)

• Right to Access: You have the right to inspect and obtain a copy of your PHI maintained in our designated record sets (e.g., policy or claims records).

• Right to Amend: If you believe your PHI is incorrect or incomplete, you have the right to request that we amend the information.

• Right to an Accounting of Disclosures: You have the right to request an accounting of certain disclosures of your PHI made by us or our Business Associates (excluding disclosures for TPO, to yourself, or based on your authorization) for up to six years prior to your request.

• Right to Request Restrictions: You may request restrictions on how we use or disclose your PHI for TPO. We are generally not required to agree to your request, except we must agree to restrict disclosure to a health plan for payment purposes if the service was paid for out-of-pocket in full.

• Right to Request Confidential Communications: You can ask us to communicate with you about PHI in a certain way or at a certain location (e.g., mailing to a different address).

• Right to a Copy of this Notice: You have the right to receive a paper or electronic copy of our Notice of Privacy Practices (this document, or a separate HIPAA-specific notice if provided).

Rights under GLBA (Regarding NPI for Life Insurance/Annuities)

• Right to Opt-Out of Certain Sharing: You have the right to direct us not to share your NPI with certain non-affiliated third parties, except as permitted by law (e.g., for servicing your account, preventing fraud, legal compliance). This primarily applies to sharing for purposes like third-party marketing. Instructions on how to opt-out are provided below under “Exercising Your Rights.”

• Right to Access and Correct (Best Practice): While GLBA does not explicitly mandate broad access and correction rights like HIPAA, we are committed to maintaining accurate records. You may contact us to inquire about or request correction of the NPI we maintain about you.

Rights under Florida Law and General Principles (Regarding PII)

• Right to Access, Correct, or Delete: You may request to access, correct inaccuracies in, or request deletion of the PII we hold about you. We will evaluate and respond to these requests in accordance with applicable laws and our internal policies. Please note that the right to deletion is subject to significant limitations due to our legal and regulatory obligations to retain certain records, particularly the mandatory 10-year retention period for RON records under Florida Statute 117.245 and retention requirements for insurance and financial records. We cannot delete information that we are legally required to maintain.

Exercising Your Rights

To exercise any of these rights, please submit your request using the contact information provided in Section 12 below. Your request should clearly state the right(s) you wish to exercise and provide sufficient detail to allow us to locate your information.

• Verification: To protect your privacy and security, we must verify your identity before processing your request. The verification process may involve matching the information you provide in your request with the information we have on file, or potentially asking for additional proof of identity depending on the sensitivity of the request and the information involved. This is necessary to prevent unauthorized access to or modification of your personal information.

• Response Time: We will respond to your request within a reasonable timeframe, and in accordance with any timelines mandated by applicable law (e.g., HIPAA generally requires response to access requests within 30 days).

• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights.

9. Cookies and Tracking Technologies

Our website may use cookies and similar tracking technologies (such as web beacons, pixel tags, and server logs) to enhance user experience, analyze website traffic, and support website functionality.

What are Cookies: Cookies are small text files stored on your device (computer, tablet, smartphone) when you visit certain websites.

Types of Cookies We May Use

• Strictly Necessary Cookies: Essential for the website to function properly (e.g., navigation, access to secure areas).

• Performance/Analytics Cookies: Collect information about how visitors use the website (e.g., pages visited, time spent) to help us improve performance. Data collected is often aggregated.

• Functional Cookies: Allow the website to remember choices you make (e.g., language preference) to provide enhanced features.

• Targeting/Advertising Cookies: May be used to deliver content more relevant to you and your interests (if applicable).

• Information Collected: These technologies may automatically collect information such as your IP address, browser type, device identifiers, operating system, referring URLs, pages viewed, links clicked, and dates/times of visits. If you log into a client portal or submit a form containing personal information while cookies are active, the automatically collected data may potentially become linked to your identifiable information (PII, NPI, or PHI), subjecting it to the protections outlined elsewhere in this policy.

• Third-Party Cookies: We may allow third-party service providers (e.g., Google Analytics) to place cookies through our website to perform analytics services. We do not control these third-party cookies; their use is governed by the privacy policies of those third parties.

• Managing Your Preferences: You can typically manage cookie preferences through your web browser settings. Most browsers allow you to block or delete cookies. However, blocking strictly necessary cookies may impact website functionality. Our website may also feature a cookie consent banner allowing you to customize your preferences for non-essential cookies.

• Do Not Track: Some web browsers transmit “Do Not Track” signals. Currently, there is no industry standard for how websites should respond to these signals. Therefore, our website may not respond to “Do Not Track” signals.

10. Children’s Privacy

Our services, including insurance products, annuities, and digital notary services, are intended for adults and are not directed at children under the age of 18. We do not knowingly collect personal information from individuals under the age of 18 without verifiable parental consent or as otherwise permitted by law.

While our primary services are for adults, we recognize that legally permissible situations might arise requiring the notarization of a document for a minor (e.g., travel consent forms). Performing Remote Online Notarization for minors presents unique challenges regarding identity verification methods mandated by Florida law (such as KBA and credential analysis), which are typically designed for adults. Any such rare instance would be handled with extreme caution, likely requiring the physical presence and active participation of a parent or legal guardian during the RON session, and in full compliance with Florida law and guidance from the Florida Department of State.

If you are a parent or guardian and believe we may have collected information about your child under 18 without appropriate consent, please contact us immediately using the information in Section 12. We will take steps to investigate and delete such information if required by law.

11. Policy Updates

We reserve the right to amend this Privacy Policy at any time to reflect changes in our business practices, service offerings, or legal and regulatory requirements. The data privacy landscape is constantly evolving, with updates to federal regulations like GLBA and HIPAA, and new state laws emerging. We regularly review our policies and procedures to maintain compliance.

If we make changes to this policy, we will post the updated version on our website and update the “Effective Date” at the top of this policy. For material changes that significantly alter how we handle your personal information, we may provide more prominent notice or direct communication (e.g., via email to current clients), particularly if required by laws like GLBA or HIPAA regarding their respective notices.

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our services after changes are posted constitutes your acceptance of the revised policy.

12. Contact Information

If you have any questions, concerns, or complaints about this Privacy Policy or our privacy practices, or if you wish to exercise your privacy rights, please contact us. Having a designated point of contact ensures your inquiries are handled consistently and knowledgeably, given the complexities of the various regulations (HIPAA, GLBA, FIPA, FL RON) we follow.

Please direct your inquiries to our designated Privacy Contact:

Akroamatik Financial, LLC

Attn: Privacy Officer

[email protected]

We will investigate and attempt to resolve complaints and disputes regarding use and disclosure of personal information in accordance with the principles contained in this Policy and applicable law.