For Brokers
About
Careers
Blog
Log in

Arlo Privacy Policy

Last Updated May 17, 2025
Railway Health Inc. d/b/a Arlo ("Arlo," "we," or "us") respects your privacy. This Privacy Policy describes how we collect, use, store, and share information about you when you use our website or any other Arlo products and services.
By accessing or using our site, portal, or mobile app, you acknowledge that you have read and understand this Policy.

1. Scope

This Policy applies to:
  • Websites – e.g., https://joinarlo.com and any site that links here
  • Portals & APIs – employer, broker, provider, and member portals, quoting interfaces, and related APIs
  • Mobile applications
  • Email, chat, or other interactive features that reference this Policy

2. Information We Collect

CategoryExamplesSource(s)
Personal Information (PI)name, date of birth, address, email, phone, Member ID, employer, and identifiers contained in documents you or your broker uploadyou, your employer, broker, or TPA
Sensitive & Health-Related Informationenrollment files, claims data, health-risk assessments used for underwriting or quotingemployers, TPAs, reinsurers, benefits administrators
Device / Usage InformationIP address, cookie IDs, browser type, operating system, session duration, click-stream datacookies, beacons, analytics providers
Submitted Documentscensuses, claims reports, plan summaries, stop-loss applications, signed formsbrokers, employers, TPAs
HIPAA Status: Arlo is not a HIPAA "Covered Entity." In certain engagements we act as a Business Associate to a Covered Entity (for example, when performing plan-level analytics). Where required, we handle Protected Health Information ("PHI") solely under a Business-Associate Agreement and in accordance with HIPAA's privacy and security rules.

3. How We Use Information

Business purposes
  • Underwrite and generate accurate stop-loss quotes
  • Operate, maintain, and improve our portals, APIs, and mobile app
  • Authenticate users and secure accounts
  • Respond to broker, employer, or member inquiries
  • Develop new products, models, and analytics
Legal & compliance purposes
  • Detect and protect against fraud or misuse
  • Satisfy audits, carrier requirements, and other legal obligations
  • Enforce our contracts and Terms of Use
We do not use your information for cross-context behavioral advertising, and we do not sell personal information.

4. How We Share Information

We disclose information only as necessary and pursuant to written agreements that restrict further use:
  • Reinsurers / carriers – risk evaluation and pricing review
  • Third-party administrators (TPAs) – eligibility, claims, or enrollment integrations
  • Service providers – cloud hosting, security, analytics, email, document processing
  • Authorized users – brokers, employers, or others you designate
  • Regulators, courts, or law enforcement – when required by law or subpoena
  • Corporate transactions – in connection with a merger, acquisition, or asset sale (subject to confidentiality)

5. Data Security

Arlo maintains a written information-security program aligned with the New York Department of Financial Services Cybersecurity Regulation (23 NYCRR 500). Key controls include:
  • Multi-factor authentication and role-based access
  • Encryption in transit and at rest for Non-Public Information
  • Network segmentation, intrusion detection, and continuous monitoring
  • Annual third-party penetration testing and risk assessments
No system is perfectly secure. You are responsible for safeguarding your credentials and promptly notifying us of any suspected unauthorized activity.

6. Cookies and Tracking

We use first- and third-party cookies, pixels, and log-file analytics to:
  • Maintain session state and facilitate log-ins
  • Understand how users navigate our sites
  • Measure performance and detect abuse
You can control cookies via your browser settings; some features may not function properly if cookies are disabled. We honor Global Privacy Control (GPC) signals as required by applicable law.

7. Retention & Deletion

We keep Personal Information only as long as necessary to:
  • Meet legal or contractual record-keeping requirements (e.g., ERISA, insurance regulations)
  • Resolve disputes and enforce agreements
Data that is no longer needed is securely deleted or anonymized.

8. Your Rights & Choices

Depending on your state of residence, you may have the right to:
  • Access the Personal Information we hold about you
  • Correct inaccurate or incomplete information
  • Delete certain information we collected from you
  • Receive a portable copy of your information
  • Opt out of targeted advertising or the use of sensitive PI beyond permitted purposes
  • Limit the use or disclosure of sensitive PI
  • Appeal a refusal to act on a request
To exercise any of these rights—or to designate an authorized agent—email security@joinarlo.com. We will verify your identity and respond within the timeframe required by law.

9. California Privacy Notice (CPRA)

If you are a California resident, the California Consumer Privacy Act, as amended by the California Privacy Rights Act (collec tively, "CPRA") grants you additional rights. Arlo does not sell or share PI (as those terms are defined by CPRA).

10. Other State Privacy Rights

Residents of Colorado, Connecticut, Delaware, Florida, Indiana, Iowa, Montana, New Hampshire, New Jersey, Oregon, Tennessee, Texas, Utah, Virginia, and any other state with a comprehensive privacy law may exercise comparable rights using the methods described in Section 8.

11. Children's Privacy

Our services are not directed to children under 13, and we do not knowingly collect PI from them. If you believe a child has provided us PI, contact us and we will delete it.

12. External Sites

Our sites may link to third-party websites. Arlo is not responsible for their privacy practices. Please review their policies before providing information.

13. Geographic Scope

Arlo's services are intended for users located in the United States. If you access our sites from another jurisdiction, you do so at your own risk and are responsible for compliance with local laws.

14. Changes to This Policy

We may update this Policy periodically. We will post the revised version with a new "Last Updated" date and, where material changes are made, provide additional notice (e.g., email or in-app banner). Continued use after the effective date constitutes acceptance.

15. Contact Us

Railway Health Inc. d/b/a Arlo
Attn: Privacy Officer
Convene, 3rd Floor, WorkSuite #320, One Liberty Plaza, New York, NY 10006
security@joinarlo.com