✦ 160 Years of Trusted Experience

MAPP Network – Privacy Policy

Last Updated: September 15, 2025

Memorial Asset Protection Plan, LLC d/b/a MAPP Network (referred to as “MAPP Network,” “we,” “us,” or “our“) is committed to protecting your privacy. This Privacy Policy describes the personal information that we collect through the MAPP Network website (mappnetwork.com) and our ARKOS platform (collectively, the “Services”), how we use and disclose that information, and the steps we take to safeguard it. This Policy applies to all users of our Services, including clients (individuals/families using our Services), insurance agents, funeral home partners, MAPP Certified Specialists, and any other licensed professionals or partners who create accounts or interact with our platform. By using our Services or providing us with personal information, you agree to the practices described in this Privacy Policy.

We operate in the State of Mississippi and comply with all applicable Mississippi state laws and relevant U.S. federal privacy regulations, including the Health Insurance Portability and Accountability Act (“HIPAA”) for any health-related data, and the Gramm-Leach-Bliley Act (“GLBA”) for non-public personal financial information, as described below. We also uphold any applicable consumer privacy rights.

1. Information We Collect

We may collect personal information about you in a variety of ways. The types of information we collect can include:

• Personal Identifiers: Information that identifies you, such as your name, postal address, email address, telephone number, date of birth, and other contact details. We collect this when you fill out our questionnaire, create an account, or otherwise provide it to us.

• Account Information: If you create an account on our platform, we will collect login credentials (such as username and password) and any profile information you provide.

• Family and Estate Planning Information: Details you provide about your needs and circumstances for end-of-life or estate planning. This may include information about a deceased loved one (e.g. name, date of death), existence of a will or trusts, names of beneficiaries or heirs, and related personal or legal information necessary to assist with your planning needs.

• Financial Information: Information related to your personal or family financial situation, which may include income range, assets, insurance policies or policy numbers, mortgage or real estate information, banking or investment account details, beneficiary designations, or other non-public personal financial information relevant to financial and estate planning. If you are a client, this might include details you submit for financial advising or insurance services. If you are a professional partner, we may collect business financial information relevant to our relationship.

• Health Information: If you provide health or medical information as part of our intake (for example, information about medical conditions or medications relevant to life insurance, long-term care insurance, Medicare, or funeral/medical directives planning), we will collect what you voluntarily provide. This can include health status, medical history, or healthcare wishes (such as advance directives) that are pertinent to the services you seek. We only request health-related information when it is needed for a specific service (e.g., matching you with a Medicare or long-term care specialist, or for insurance underwriting purposes).

• Professional Information (for Specialists/Partners): If you join our network as a MAPP Certified Specialist or partner (such as a funeral home or insurance agent), we collect information about your business and credentials. This includes your name, business contact information, professional title, license or certification numbers and states of issuance, insurance or bonding (if applicable), affiliations, education and qualifications, and any other information you provide in the onboarding process (such as your biography, areas of expertise, profile photo, and references). We may also collect background information to vet your qualifications (with your knowledge), such as verifying your license status or checking references.

• Usage and Technical Data: When you use our website or platform, we automatically collect certain information about your device and usage of the Services. This may include your IP address, device identifiers, browser type, operating system, referring URLs, pages or content viewed, dates/times of access, and interaction information (such as clicks). We use cookies and similar tracking technologies (like web beacons and analytics scripts) to collect some of this data. (See Cookies and Tracking below for more details.)

• Communication Records: We maintain records of any communications you have with us. For example, if you call, email, or text us, or engage via our ARKOS text platform or chat features, we may save your correspondence and our responses. This includes any information you share during those communications. If you choose to complete surveys or provide feedback, we collect those responses as well.

• Sensitive Personal Data: Some of the information we collect may be considered sensitive under certain laws – for instance, health information, financial account information, Social Security numbers (if you provide them for insurance or financial transactions), or precise geolocation. We only collect sensitive data if you choose to provide it or if it’s required to deliver our services (for example, a Social Security number for an insurance application). Where required by law, we will obtain your consent for collecting or using such sensitive information.

We collect the above information either directly from you (for example, when you fill out forms on our site, communicate with us, or sign up as a professional), or from third parties acting on your behalf. For clients: you might provide your information directly via our online questionnaire or to a funeral home partner who enters your information into our ARKOS platform with your permission. For professionals: you provide your information during the enrollment process or via your account profile. We may also receive information about you from referral partners (for example, if a funeral home refers a family to us, they might share basic information to initiate contact), from publicly available sources (such as state licensing databases to verify a professional’s credentials), or from service providers (such as background check services for vetting professionals).

We do not knowingly collect personal information from children under 13 years of age. Our Services are intended for use by adults. If you are under 13, please do not submit any personal information to us. If we learn that we have inadvertently collected information from a child under 13, we will delete it. If you are a parent or guardian and believe we have collected personal information from your child, please contact us so we can take appropriate action. (See Children’s Privacy below.)

2. How We Use Your Information

We use the personal information we collect for the following purposes, consistent with applicable laws and regulations:

• To Provide and Personalize Our Services: We use your information to deliver the services you request and to fulfill the purpose for which you provided the data. For clients, this means using your information to connect you with a MAPP Certified Specialist or appropriate professional partner that can assist with your needs (financial planning, estate legal services, insurance, funeral preplanning, etc.). We analyze the information you provide about your situation to identify which trusted professional in your area is best suited to help. We then use your contact information and relevant details to facilitate an introduction or referral to that specialistmappnetwork.com. We also use your data to personalize the guidance we or our partners provide – for example, understanding your family’s specific needs allows us to tailor our recommendations and the professional’s approach.

• Account Administration: If you create an account or profile (either as a client or a professional), we use your information to set up and maintain your account. This includes using your login credentials to authenticate you, using your contact information to send account-related notices, and storing any preferences or information you save in your account dashboard or client portal.

• Communication and Coordination: We use contact information (email, phone number) to communicate with you about the Services. This includes:

  • Sending confirmations or updates after you fill out our questionnaire or request a consultation.

  • Notifying you via email or text about your matched specialist, including a link to view the professional’s profile, credentials, and reviewsmappnetwork.com.

  • Having our MAPP Network team or the matched specialist reach out to schedule appointments or follow up on your case (you may receive a phone call, text, or email as appropriate).

  • Responding to your inquiries or customer service requests (if you contact us with questions or for support).

  • If you are a professional or partner, communicating about your account status, new client leads, service updates, or opportunities through the platform.

  • Sending administrative information, such as changes to our terms, policies, or other important notices.

• Facilitating Transactions: If our Services involve any financial transactions (for example, if you purchase an insurance product through a referred agent or pay for legal services through a partner, or if a professional pays a fee to join our network), we may use personal and financial information to process those transactions. This could include using payment information, processing billing, and keeping records of transactions. (Note: At present, initial consultations via MAPP are typically complimentarymappnetwork.com, and any payment for services will usually occur between the client and the chosen professional. If in the future MAPP Network processes any payments directly, we will use and protect payment information in accordance with this Policy.)

• Marketing and Service Offerings: We may use your information to inform you about additional services or resources that may be of interest to you, but only in accordance with applicable law and your preferences. For example, if you use our Services for estate planning assistance, we might later inform you of related services such as financial advising, insurance products, or updated offerings from MAPP that align with your needs (e.g., tax planning or long-term care solutions). We may also send newsletters or informational emails about end-of-life planning topics, company updates, or events. You have control over marketing communications – see Your Rights & Choices below for how to opt out. We do not use any sensitive health or financial information for marketing without your explicit consent.

• Improving and Developing Our Services: We may use aggregated, de-identified, or non-personally identifiable information to analyze how our Services are used and to improve our operations. For instance, we might track which parts of the questionnaire users most commonly need help with, how many families in a given region are seeking a particular type of service, or overall satisfaction ratings. This helps us optimize our platform, train our estate specialists, improve our matching algorithm, and enhance user experience. We also may use feedback you provide to develop new features or partnerships. Any analytics or research we perform with your data will not publicly reveal your personal identity.

• Compliance and Legal Obligations: We use personal information as necessary to comply with applicable laws, regulations, licensing requirements, and contractual obligations. For example, as a licensed insurance entity (in Mississippi and potentially other states), we are required to maintain certain records of customer interactions and transactions. We may use and retain information to meet regulatory recordkeeping and reporting duties (such as insurance regulations, financial audits, or legal compliance requirements). We also use data to comply with privacy laws – for instance, responding to a verified consumer request to exercise privacy rights. Additionally, if you are a professional, we use your information to verify your licensing status and ensure compliance with professional regulations.

• Protection of Rights, Security, and Fraud Prevention: We may use information to protect our platform, our company, our users, and others. This includes monitoring for and investigating fraudulent or suspicious activity, network and information security measures (like detecting cyber-attacks or bot abuse), enforcing our Terms & Conditions (such as acceptable use policies), and protecting the rights, property, and safety of MAPP Network, our users, or the public. If necessary, we will use personal information to contact you or the appropriate authorities in the event of a security issue or to prevent imminent harm.

• Other Purposes with Consent: If we intend to use your information for a purpose not described above, we will explain it at the time of collection and, if required, obtain your consent. For instance, if we ever wish to feature a success story or testimonial that includes your personal information, we would seek your permission before doing so.

We will only use your personal information in ways that are compatible with the purposes for which it was collected or that you later authorize. We do not engage in uses of personal data that are prohibited by law. For example, we will not use any health information you provide in a way that is inconsistent with HIPAA requirements, and we will not use any financial information in ways that violate GLBA or other financial privacy rules.

3. How We Disclose or Share Your Information

We understand the importance of keeping your personal information confidential. We share personal information only as necessary for the purposes outlined below, and we do so in compliance with applicable laws (including HIPAA and GLBA where relevant). The categories of third parties with whom we may share information include:

• MAPP Certified Specialists and Professional Partners: A core part of our service is to share your information with the licensed professional(s) who will be assisting you, but only with your knowledge and for the purpose of fulfilling your requests. For example, if you submit a request for estate planning help, we will forward the relevant details you provided to the MAPP Certified Specialist (such as a financial planner, attorney, or CPA) who will be contacting youmappnetwork.com. Similarly, if you inquire about funeral preplanning, we might share your info with a partner funeral director or insurance agent. We share only the information necessary for that professional to understand your situation and reach out to you. These professionals are independent from MAPP (see Terms & Conditions), but they are bound by confidentiality obligations and professional ethics. They are expected to safeguard your information and use it only for the purpose of providing you services. (For additional details on obligations of professionals, see Protection of Health Information (HIPAA) and Partner Obligations below.)

• Funeral Homes and Referral Partners: If you were referred to MAPP through a funeral home or another partner (for example, a hospice organization or a community group that uses our program), we may share information back with that referring partner only as needed and appropriate. For instance, a funeral home partner might receive updates on whether a referred family was successfully connected with a specialist, but we will not broadly share your financial or health details with the funeral home without your consent. We value the partnerships we have with trusted funeral homes and care providers to ensure a seamless experiencemappnetwork.com, and any information sharing with them will be limited to what is necessary for coordination and allowed by law.

• Service Providers (Processors): We employ third-party companies and individuals to perform certain business functions on our behalf. These service providers may need access to personal information to carry out their work for us. Examples include:

  • IT and Hosting Providers: Companies that provide data storage, cloud hosting, or CRM software (for example, our ARKOS platform infrastructure) where your information may be stored or processed.

  • Communication Services: Services that enable our text messaging platform, email distribution (for sending you notifications or newsletters), or telephony services for phone calls. For instance, if we send you a text message reminder, it might go through a third-party SMS gateway.

  • Analytics and Advertising Partners: We may use analytics providers (like Google Analytics) to understand how users interact with our site. These providers might receive technical identifiers or usage data (see Cookies and Tracking below). We do not allow analytics partners to use your data for their own unrelated purposes – any data shared is for our analysis only. We currently do not serve third-party ads on our site, but if we ever do, we would update this policy accordingly.

  • Business Support: This can include accountants, auditors, attorneys, insurers, and consultants who assist us in running our company and who may need limited access to information (for example, an auditor reviewing our records, or an attorney assisting with regulatory compliance). These parties are bound to confidentiality and use limitations.

  • Other Tools: If we conduct surveys or collect e-signatures on documents, we might use third-party tools that process your inputs.

  We contractually require all service providers to protect your information and only use it for the specific services they are providing us. They are not allowed to use or disclose your information for their own marketing or other purposes.

• Affiliated Entities: At present, Memorial Asset Protection Plan, LLC does not have subsidiary or parent companies that share consumer data for unrelated purposes. If in the future we become part of a corporate family with related affiliates, we may share information with those affiliates to the extent permitted by law and this Privacy Policy. For example, if we established an affiliated insurance agency or financial services company, we might share your information with them to seamlessly deliver a service you requested. Any such affiliate would be required to honor the same privacy commitments we do. We will update this Policy if our affiliate sharing practices change. (Note: “Affiliates” here means companies that are under common ownership or control with MAPP Network.)

• Legal and Regulatory Disclosures: We may disclose personal information when we believe in good faith that such disclosure is required or permitted by law. This includes situations such as:

  • Compliance with Laws or Orders: Responding to subpoenas, court orders, or lawful requests by government authorities (e.g., law enforcement, regulators). For instance, if we receive a subpoena related to a case or an investigation requiring client records, we may be compelled to provide certain information.

  • Regulatory Requirements: As a licensed entity in the insurance and financial sector, we may be subject to oversight by state insurance departments, the SEC/FINRA (if applicable), or other regulators. We might be required to share information during examinations, audits, or reporting processes (for example, providing data to Mississippi state insurance regulators in compliance reviews).

  • Enforcing Our Rights: Disclosing information as necessary to enforce our Terms & Conditions or other agreements, or to protect the rights and safety of our company, our partners, our users, or others. For example, we may share information with law enforcement or pursue legal remedies if someone is violating the law through our Services (such as fraud or cyber intrusion).

  • Emergency Situations: If someone’s life, health, or safety is at risk and personal information can help avert the danger, we might disclose information as allowed by law to address the emergency.

• Business Transfers: In the event that MAPP Network undergoes a business transition such as a merger, acquisition by or with another company, sale of all or part of its assets, or a financing or investment deal, your personal information may be transferred as part of that transaction. We would only do this to the extent permissible by law and with appropriate protections in place (the receiving party would be required to honor this Privacy Policy or obtain your consent for material changes). For example, if our company is acquired by another entity to continue providing the Services, user information would likely be one of the transferred assets. We would endeavor to notify you (for example, via a notice on our website or email) of any such change in ownership or control of your personal information.

• With Your Consent or At Your Direction: In all other cases not covered above, we will obtain your explicit consent before sharing your personal information with third parties. For instance, if you request that we share your information with a specific person outside of our standard process (maybe you want us to also send your plan details to another family member, or to a professional you found on your own), we will do so only with your authorization. Likewise, if we ever participate in a program where your information might be shared for a new purpose (say, contributing to a public awareness campaign with your story), we would only share in that manner if you agree.

No Sale of Personal Information: We do not sell your personal information to third parties. “Sell” in this context means the disclosure of personal information to a third party for monetary or other valuable consideration, as defined under some privacy laws. We also do not share your personal information with third parties for their own independent marketing or advertising purposes. All sharing of data is limited to the purposes described above (providing our services, with service providers, etc.).

Limited Use of Sensitive Information: We do not use or disclose sensitive personal information (such as health, financial account, or precise geolocation data) for any purposes other than those necessary to perform our services or as otherwise permitted by law (for example, certain disclosures required by law). We do not use sensitive data for targeted advertising or profiling in furtherance of decisions that produce legal or similarly significant effects.

4. Protection of Health Information (HIPAA)

Certain information that we collect may be related to your health or medical status. We understand that health information is personal and sensitive, and we are committed to handling it with the highest level of care and confidentiality. While MAPP Network itself is not a healthcare provider or insurance company (and thus may not be a “covered entity” directly governed by HIPAA in all cases), we strive to adhere to the privacy and security standards of the Health Insurance Portability and Accountability Act (HIPAA) for any health-related data you provide.

• Use and Disclosure of Health Data: Any health information you provide to us (such as medical history pertinent to an insurance inquiry or healthcare wishes relevant to estate planning) will be used solely for the purpose of assisting you with the services you requested. For example, if you indicate a medical condition that affects your life insurance options, we will share that information only with the insurance specialist or appropriate professional who needs it to advise you or to process an application. We will not disclose your health information to any third party except: (a) to the extent necessary to carry out the services you have requested (and only to those parties, like a specialist or service provider, bound to HIPAA-equivalent confidentiality); (b) with your explicit consent for a specific disclosure; or (c) if required by law (such as a court order or to prevent a serious imminent harm to health or safety).

• HIPAA Compliance by Partners: Many of the professionals and organizations we connect you with may be “covered entities” or “business associates” under HIPAA. For instance, if we refer you to a Medicare or home healthcare specialist, that provider is likely subject to HIPAA and will have their own Notice of Privacy Practices. We require any partner who is a covered entity (or who otherwise receives protected health information through our platform) to handle your information in accordance with HIPAA’s requirements. In cases where MAPP Network is deemed a business associate of a covered entity (e.g., if we perform a service involving PHI on behalf of a healthcare provider or insurer), we will enter into a Business Associate Agreement (BAA) as required by HIPAA, ensuring we and our subcontractors uphold HIPAA rules for privacy and security.

• Your Rights Under HIPAA: To the extent HIPAA applies, you have certain rights with respect to your health information. This includes the right to access and obtain a copy of any protected health information we have about you, the right to request an amendment of inaccuracies, and the right to an accounting of certain disclosures. You also have the right to request restrictions on certain uses or disclosures of your health data (though we may not be legally required to agree to all requests, we will honor those that we are required to or that we can accommodate). If you have questions about how your health information is used, or if you wish to exercise any applicable HIPAA rights, you can contact us (see Contact Information at the end of this Policy). We will assist or direct you to the appropriate partner entity, as needed, to fulfill your request.

• No Use for Marketing Without Consent: We will not use any health-related information for marketing purposes unless you have explicitly agreed (for example, if you ask to receive information about a health-related product). We also will not sell your health information. Any communications you receive about health services will be strictly related to the services you requested or as otherwise allowed under HIPAA (e.g., communications about treatment alternatives or health-related benefits, which are permissible).

• Confidentiality Measures: Within our organization, we treat health data as especially confidential. We limit internal access to any health-related details strictly to personnel who need to know that information to assist you (such as the estate specialist handling your case or our platform administrators for support). We train our staff on handling protected health information appropriately. If there is any unauthorized access or disclosure of your health data, we will take it seriously and follow the breach notification steps outlined in this Policy and as required by HIPAA’s Breach Notification Rule (see Data Breach Notification below).

In summary, even if MAPP Network is not always directly governed by HIPAA, we voluntarily uphold HIPAA-aligned privacy principles for health information. We want you to feel confident sharing information that will help us serve you, knowing that we regard your health details as private and will protect them as such. If you have any concerns about health data privacy, please reach out to us.

5. Protection of Financial Information (GLBA)

We are also committed to safeguarding your personal financial information in accordance with the Gramm-Leach-Bliley Act (“GLBA”) and other applicable financial privacy laws. GLBA applies to companies that offer financial products or services (which can include insurance, financial advising, estate planning services, etc.) and requires those companies to explain their information-sharing practices and to protect the security of customers’ non-public personal information. Here’s how we address financial data:

• Non-Public Personal Financial Information: Under GLBA, “non-public personal information” (NPI) typically includes any personally identifiable financial information you provide to us or we obtain in connection with providing a financial product or service. For example, this could be the information on an insurance or financial product application, account balances and transaction history, insurance policy details, income and asset information, Social Security number, and any other financial info not available publicly. We consider and treat all such data that we collect from you as protected NPI under GLBA.

• GLBA Privacy Notice: This Privacy Policy section serves as our GLBA Privacy Notice to you, describing how we collect, use, share, and protect your personal financial information. You have the right to know how your data is used and shared, and we aim to provide clarity here. In general, we collect financial information directly from you (or with your authorization, from entities like insurance companies or financial institutions you work with) for the purposes of helping you with estate and financial planning. We use that information only to carry out the services you’ve requested (such as evaluating your needs, referring you to appropriate financial specialists, processing insurance or investment inquiries, etc.) and for related everyday business purposes (like recordkeeping and compliance).

• Limited Sharing with Third Parties: We do not share your non-public financial information with non-affiliated third parties for their own purposes, except as permitted or required by law. The primary instance in which we share your financial information is when we refer you to a financial professional or institution to fulfill your request (for example, sharing relevant details with a life insurance carrier or an estate attorney you are matched with). GLBA recognizes certain exceptions where consumer data can be shared without needing an opt-out, such as: sharing as necessary to service or administer a product or transaction you requested, sharing with companies that perform services on our behalf (service providers) as long as they use the information only for those purposes, sharing with your consent, or sharing as required for legal/regulatory reasons. Our sharing practices fall within these allowed purposes. For example:

  • We may share your info with an insurance underwriting company to process an application you wanted to submit (this is at your direction and to serve you, which is permitted under GLBA).

  • We may share with a third-party service provider that helps us print and mail documents, but that provider cannot use your info for anything else.

  • If required by a state insurance regulator or auditor to examine our records, we will comply (sharing as required by law).

• Your Right to Opt Out of Certain Sharing: GLBA gives customers the right to “opt out” of certain kinds of information sharing with non-affiliated third parties, particularly if the sharing is for marketing purposes. MAPP Network currently does not engage in such sharing of your financial information for independent marketing by third parties. We do not sell or rent your financial data. We only share your information with third parties in the context of providing services to you or as required by law, which are generally considered “permissible purposes” under GLBA that do not trigger an opt-out requirement. Therefore, under GLBA, there is no need for you to opt out because we are not sharing your NPI in a way that federal law would give you the right to opt out of. If this ever changes, we will provide you with a GLBA-compliant opt-out notice and a reasonable means to opt out before your information is shared in such a manner.

• How We Protect Financial Information: We maintain physical, electronic, and procedural safeguards to protect your non-public personal financial information, as required by GLBA’s Safeguards Rule. This includes secure storage of records, encryption of electronic data (see Data Security below for more details), background checks and confidentiality agreements with employees handling sensitive data, and policies that limit access to financial information only to those employees, agents, or partners who need to know it to provide services to youtruliforhealth.com. We train our staff on the importance of confidentiality and security of financial data. We also regularly review and update our security measures to adapt to emerging threats or changes in technology.

• GLBA Annual Notice: Financial institutions are generally required to provide customers with an annual privacy notice under GLBA. As a user of MAPP Network’s financial services (such as insurance or financial planning referrals), you are entitled to receive our privacy notice. Rather than sending a paper mailing, we have made our Privacy Policy (this document) available on our website at all times, and it is updated as needed. This written Policy constitutes our notice to you. If you prefer a physical copy, you may contact us to request one. We will also notify you of significant changes to our privacy practices as required.

• Former Customers: If you cease to use MAPP Network’s services or your relationship with us ends, we will continue to treat your information in accordance with this Policy. For example, if you were connected to a financial planner and completed your transactions, we will still keep your data secure and not share it in ways that are not allowed, even if you are no longer actively using our platform. We retain records for only as long as necessary (see Data Retention below) and as required by law, and even after that, any disposal of records is done securely.

In summary, we handle your financial data with the care and transparency required by GLBA. You can have confidence that we are not distributing your personal financial details beyond what is necessary to serve you, and that we take safeguarding this information seriously. If you have any questions about your financial privacy or need further explanation of our practices, please contact us.

6. Data Security Measures

Protecting your personal information is a top priority for us. We employ a variety of security measures to guard against unauthorized access, use, alteration, or destruction of the information we hold. While no method of transmission over the Internet or method of electronic storage is 100% secure, we follow industry best practices and required standards to protect your data. Our security measures include:

• Encryption: We use encryption technology to protect sensitive data transmitted online. For example, our website and ARKOS platform are secured via HTTPS, which means information you input is encrypted in transit using Secure Socket Layer (SSL) or similar protocols. Where appropriate, we also encrypt sensitive data at rest (stored in our databases or servers), particularly for health information, financial details, and passwords. Any stored passwords are salted and hashed, not kept in plain text.

• Access Controls: We restrict access to personal information to employees, contractors, and service providers who need to know that information to perform their job duties or provide our Services. For example, a MAPP estate specialist or a support technician will have access only to the information needed to assist you. We employ role-based access controls and authentication measures (such as strong passwords and multi-factor authentication where feasible) to prevent unauthorized personnel from accessing data. Each professional partner accessing the system will have their own credentials, and they are prohibited from sharing login information under our Terms.

• Physical Security: The offices and facilities where personal data may be stored (e.g., our corporate office in Mississippi or any data center used by our cloud provider) have physical security controls. This can include locked file cabinets for paper records, security alarms, cameras, and access badges for facilities. We dispose of physical documents containing personal data via shredding or secure destruction.

• Firewalls and Network Security: We protect our IT systems with up-to-date firewall protection, intrusion detection systems, and antivirus/anti-malware software. Our network is monitored for suspicious activities, and we regularly apply security patches and updates to our software and systems to address vulnerabilities.

• Employee Training and Policies: We train our staff about the importance of confidentiality, data privacy, and security. We have internal policies governing how to handle personal information (including health and financial info). Employees are required to sign confidentiality agreements and undergo background checks as appropriate, especially those handling sensitive data. We also restrict the use of personal devices or unauthorized cloud services for storing user data.

• Third-Party Audits/Assessments: Where required (for instance, if mandated by a regulator or as part of a business associate agreement under HIPAA), we may undergo security assessments or audits. We also perform due diligence on our service providers’ security practices. For example, if we use a cloud hosting provider, we ensure they have robust security certifications (like SOC 2, ISO 27001, or HIPAA-compliant infrastructure as relevant).

• Data Minimization and Pseudonymization: We collect only the information that is reasonably necessary for the purposes described. Wherever feasible, especially in internal analyses or development/testing, we use de-identified or pseudonymized data (removing or replacing personal identifiers) so that individuals cannot be readily identified. If we share aggregated statistics (e.g., number of families served in a state, or average assets under planning), these reports contain no personal data.

• Monitoring and Testing: We monitor our systems for potential vulnerabilities and attacks. We conduct regular risk assessments and, from time to time, employ third-party security experts to test our systems (penetration testing) to help identify and fix potential weaknesses.

• Incident Response Plan: Despite all precautions, if a security incident (data breach) were to occur, we have a response plan in place. Our plan involves immediate steps to contain the incident, assess the scope, mitigate any ongoing risk, and notify affected parties and authorities as required by law. (See Data Breach Notification below for more details on our commitment in such events.)

It’s important to note that you also play a role in keeping your information secure. If you create an account, please keep your password confidential and do not share it with others. We recommend using a strong, unique password for our Services and changing it periodically. If you suspect any unauthorized access to your account or any suspicious activity (such as emails or calls purporting to be from us asking for your personal information), please notify us immediately.

While we cannot guarantee absolute security, we are continuously improving our security practices to meet or exceed legal requirements and to adapt to new threats. We take any data security incident very seriously and will act promptly to address it.

7. Data Breach Notification

In the unfortunate event that we experience a data breach that compromises the privacy or security of your personal information, we will follow all applicable data breach notification laws to inform you and the appropriate authorities. Our policy in such situations is:

• Timely Notification: We will notify affected individuals as soon as reasonably possible, consistent with the legitimate needs of law enforcement and any measures necessary to determine the scope of the breach and restore the reasonable integrity of our data system. Mississippi law (and laws of other states that may apply, depending on the residency of affected persons) may require notification within a certain number of days after discovery of a breach; we will adhere to those requirements. HIPAA (for health information) typically requires notification to individuals within 60 days of discovery of a breach of unsecured protected health information, and we would comply with that timeline or sooner if possible.

• Method of Notification: We will notify you in writing, either by email or postal mail. The notice will include information about what happened (to the extent known), the type of information involved, steps we are taking to address the breach, and steps you might take to protect yourself (such as monitoring accounts or changing passwords), as well as our contact information for further inquiries. If the breach involves a large number of people or we do not have up-to-date contact info, we may also post a notice on our website or notify the media, as required by law.

• Notification to Authorities: We will comply with any requirements to report breaches to government agencies. For example, Mississippi law may require notification to the state Attorney General if a certain threshold of residents is affected. If the breach involves health information, we will notify the U.S. Department of Health and Human Services (HHS) and, if more than 500 residents of a state are affected, we will also notify prominent media outlets as required by HIPAA. For breaches involving financial information, we will follow any regulatory guidance (for example, notifying state insurance regulators or the FTC, if applicable).

• Remediation: After a breach, beyond notification, we will take appropriate steps to remediate the situation. This might include investigating the cause, patching any security vulnerabilities, enhancing our security measures to prevent a recurrence, and cooperating with law enforcement if criminal activity was involved. We may also provide support to affected individuals, such as credit monitoring services, if financial information was compromised, depending on the severity of the breach and legal requirements.

We sincerely hope never to have to send such a notice, but we want you to know that we will be transparent and responsible if it occurs. Your trust is critical to us, and we will act to mitigate any incident swiftly.

8. Data Retention

We retain personal information for as long as necessary to fulfill the purposes for which it was collected, as outlined in this Privacy Policy, unless a longer retention period is required or permitted by law. In practice:

• Client Data: If you are a client (using our Services to connect with professionals), we will keep the information you provided and records of the services we facilitated for as long as you maintain an account with us or as long as needed to provide you services. Even if you do not create a formal account, when you submit information through our questionnaire, we create a profile in our system to manage your case. We typically retain client records to assist with any follow-up services and to have an internal history (for example, if you come back to us a year later for additional help, it’s useful to reference your prior information). If you wish to no longer use our services and want your data deleted, you may request deletion (see Your Rights & Choices below), and we will remove or anonymize your personal information, except for whatever we must keep for legal reasons. We will not keep your personal data indefinitely unless there’s an ongoing need.

• Professional/Partner Data: If you are a professional in our network, we retain your business and personal information while you are an active member of the MAPP Network and for a period after your partnership ends. We do this to comply with regulatory recordkeeping (for instance, we may need to document which agents or advisors we worked with and any client referrals made for a number of years) and to have historical data in case of any future inquiries or disputes. Typically, for insurance and financial services, records might be kept for at least 5–7 years (depending on state laws and professional regulations). License information may be updated periodically and old records archived.

• Legal and Regulatory Requirements: Certain laws require us to retain specific information for set periods. For example:

  • Under insurance regulations and GLBA, we may need to keep records of transactions or communications with clients for a minimum number of years.

  • HIPAA (if applicable to certain records) requires retention of privacy rule-related documentation for 6 years from creation or last effective date.

  • Tax laws may require retention of some information for 7 years.

  • If any litigation or official investigation is pending, we will preserve relevant data throughout the duration of that process.

• Deleted Accounts: If you deactivate your account or request deletion of your data, we will remove your personal information from active databases. However, some residual data may remain in backups or archives for a short period until those are cycled out, and we may retain whatever information is necessary for legal compliance. For example, if you engaged in a financial transaction through us, we might keep a record of that transaction even after your account is deleted, to satisfy audit requirements or potential legal obligations. We securely store such retained data and isolate it from routine use.

• Anonymous and Aggregated Data: Any information that we have anonymized or aggregated (so that it no longer identifies you personally) may be retained indefinitely, as it no longer constitutes personal information. We use such data to improve our services, and it poses no risk to your privacy.

When the retention period for personal information expires, or if we no longer need the data, we ensure it is securely deleted or destroyed. For digital data, this might mean secure deletion from servers and wiping of storage media; for physical records, shredding or incineration. We also ensure that third-party service providers handling data deletion adhere to proper data destruction practices.

9. Your Rights & Choices

We respect your rights to know about and control your personal information. Depending on your jurisdiction and the nature of your relationship with us, you may have some or all of the following rights regarding your data:

• Access and Portability: You have the right to request a copy of the personal information we hold about you. This is sometimes called a “Data Subject Access Request.” We will provide you with the information in our records, typically free of charge (unless the law allows charging a fee for excessive or repetitive requests). For California residents, this includes the right to request information about the categories of personal information we have collected, the sources of that information, the business purpose for collection, the categories of third parties with whom we shared the information, and the specific pieces of personal information we have about you. We will provide this in a readily usable format, and if technically feasible, in a format that you can transmit to another entity (this is data portability).

• Correction (Rectification): If you believe that any personal information we maintain about you is inaccurate or incomplete, you have the right to request that we correct or update it. For example, if you move or change contact details, or if some information in your profile is incorrect, you can ask us to fix it. For certain services, you may be able to log into your account and directly edit some of your information. For those you cannot change, contact us and we will make the correction upon verifying the request.

• Deletion (Right to be Forgotten): You have the right to request that we delete your personal information, subject to certain exceptions. We will honor deletion requests and erase your personal data from our records, unless it is necessary for us to retain it for reasons permitted by law. Common examples of exceptions include: if the information is needed to complete a transaction you requested or to provide you services (we cannot delete data that is integral to an ongoing service unless you also terminate the service), to detect or prevent security incidents or fraud, to comply with legal obligations (e.g., we may keep records required by law, such as proof of transactions or communications), or for our internal uses that are lawful (like maintaining suppression lists to ensure we don’t contact you again if you asked not to be contacted). If full deletion is not possible (for example, information stored in backups), we will isolate and secure the data and/or anonymize it so it is no longer identifiable.

• Opt-Out of Marketing Communications: If at any time you prefer not to receive marketing or promotional emails, newsletters, or texts from us, you may opt out. You can do so by:

  • Clicking the “unsubscribe” link in the footer of any marketing email we send.

  • Replying “STOP” to any promotional text message (SMS) we send, as indicated in the message. We will then confirm your unsubscribe status and you will not receive further marketing textslulich.com.

  • Contacting us at our email or phone (provided in Contact Information below) and requesting to be removed from marketing lists.

  Note: Even if you opt out of marketing, we may still send you transactional or service-related communications (such as appointment reminders, security alerts, or updates on an ongoing case) as those are not promotional in nature.

• Opt-Out of Sharing or Selling: As stated, we do not sell personal information. If you are a resident of a state like California, Virginia, Colorado, etc., that grants the right to opt out of the sale of personal data or certain types of sharing (like sharing for cross-context behavioral advertising), you can rest assured we do not engage in those practices. If that changes, we will update our Policy and provide a clear opt-out mechanism. Likewise, if you wish to limit certain uses of sensitive personal information (as some state laws allow), note that we only use sensitive data for necessary services, not for secondary purposes, in line with your expectations when providing it. If you still have concerns, you may contact us to discuss limitations or to ensure we refrain from any unwanted use.

• Non-Discrimination: We will not discriminate against you for exercising any of your privacy rights. That means, if you choose to exercise your rights (such as requesting deletion or opting out of marketing), we will not deny you our services, charge you different prices, or provide you a lesser quality of service just because you exercised your rights. For example, California law guarantees this non-discrimination right, and we uphold it. (However, please understand that deletion of certain data may preclude us from providing certain services if the service relies on that data – for instance, if you delete all your contact information, we cannot reach you to provide a consultation. But we will inform you if any requested deletion would affect service, so you can decide.)

• California “Shine the Light”: California’s “Shine the Light” law allows residents to request certain information about any personal information disclosed to third parties for their direct marketing purposes. We do not disclose personal information to third parties for their own direct marketing purposes without consent. Thus, we typically have no such disclosures to report. California residents may contact us for further information or with any questions regarding this.

• Automated Decision-Making: Our matching process is primarily a human-guided service; we do not currently make any legally significant decisions about you purely by automated means. If in the future we use automated decision-making or profiling that produces legal or similarly significant effects, we will inform you and ensure compliance with any rights you have to opt out or request human review of such decisions under applicable law (for example, under the EU GDPR or similar laws, if applicable).

• Withdrawal of Consent: In situations where we rely on your consent to process personal information (for instance, if you gave consent for us to use a testimonial, or to gather certain health info), you have the right to withdraw that consent at any time. Withdrawal of consent will not affect the lawfulness of processing based on consent before its withdrawal. If you withdraw consent, we will stop the processing for which consent was provided, and, if appropriate, delete the relevant information (subject to legal retention needs).

• Make Choices in Your Account: If you have an online account with us, you may have access to self-service settings to update certain information or adjust preferences. For example, you may be able to change notification preferences (opting in or out of certain types of emails or texts) or update contact info. We encourage you to use these tools for convenience. For anything you cannot manage yourself, you can always contact us.

How to Exercise Your Rights: To exercise any of the rights above, please contact us using the information in the Contact Information section at the end of this Privacy Policy. Please clearly describe your request – for example, “I am requesting a copy of my personal data,” or “Please delete the account associated with [your email]”. For certain requests, especially those involving sensitive data (like an access or deletion request), we will need to verify your identity to ensure we’re acting on behalf of the correct individual. We may do this by asking you to provide certain information that we can match with our records (such as confirming your last interaction with us, or providing ID in some cases). We will respond to your request within the timeframe required by law (for instance, for California residents, typically within 45 days with a possible 45-day extension). If we need more time or cannot fulfill a request (due to a legal exception), we will inform you of the reason and the length of extension if applicable.

If you are an authorized agent making a request on behalf of someone else, please provide proof of your authorization (for example, a written permission from the person, or evidence of power of attorney). We will also need to verify the identity of the person for whom the request is made, directly with them unless your documentation legally permits otherwise.

10. Cookies and Tracking Technologies

Cookies are small text files placed on your device (computer, smartphone, etc.) when you visit a website. We and our third-party partners use cookies and similar tracking technologies to enhance your experience and gather information about how our site is used.

• Types of Cookies We Use:

  • Essential Cookies: These are necessary for our website to function properly. For example, if our site has a login function or if you fill out forms, essential cookies might keep you logged in or remember your inputs as you navigate between pages. Without these cookies, certain services or features may not be available.

  • Analytics Cookies: We use these to collect information about how visitors use our site, such as which pages are visited most often, how users navigate the site, and if they encounter error messages. We typically use Google Analytics (or a similar tool) which sets cookies to help us analyze site traffic. The information gathered is generally aggregated and not intended to identify you personally. It helps us improve the website’s functionality and understand user preferences.

  • Preference Cookies: If applicable, these cookies remember choices you make on our site (e.g., your preferred language or region, or other settings) to provide a more personalized experience.

  • Advertising/Tracking Cookies: As of the latest update, we do not host third-party advertisements on mappnetwork.com that would set advertising cookies. However, if in the future we engage in any online advertising or retargeting campaigns, cookies or pixel tags might be used to tailor ads to your interests on our site or across other sites. We will update this section if such practices are adopted and ensure compliance with applicable laws (like obtaining consent where required).

• Cookie Consent: When you first visit our site, you may see a banner or pop-up about cookies. By clicking “Accept” on the cookie notice, you agree to our use of cookies as described. You can adjust your browser settings to refuse cookies or alert you when cookies are being sent. However, please note that if you disable cookies entirely, some features of our Services may not function correctly. For instance, the questionnaire might not remember your progress, or you might have to re-enter information that would have been stored.

• Do Not Track (DNT): Some web browsers have a “Do Not Track” feature that lets you tell websites you do not want to have your online activities tracked. At this time, we do not respond to DNT signals in a uniform way, because there is not yet a common standard adopted by industry groups, technology companies, or regulators. We will update our practices if a standard for responding to DNT signals emerges.

• Third-Party Websites and Social Media: Our site may include features from third-party services (like a YouTube video embed, which we do have on the homepagemappnetwork.com, or social media sharing buttons). These third parties may set their own cookies or use other tracking technologies. For example, playing the YouTube video might set Google/YouTube cookies; clicking “Join as a Pro” might redirect to a partner site that uses its own cookies. We do not control these third-party technologies. We encourage you to read the privacy policies of any third-party sites or services before interacting with them.

• Managing Cookies: You have the right to decide whether to accept or reject cookies. You can manage cookies through your web browser settings. For instance, you can usually set your browser to notify you when you receive a cookie, giving you the chance to decide whether to accept it. You can also delete cookies after the fact. The Help or Settings section of your browser (or a quick internet search for “how to manage cookies in [Your Browser Name]”) can provide specific guidance. There are also online resources and tools for opting out of certain cookies, such as those used by Google Analytics (Google provides a browser add-on for opting out) or industry opt-out sites for advertising cookies (like aboutads.info).

By continuing to use our site, you agree to our use of cookies and similar technologies as described unless you have disabled them via your browser or other opt-out mechanisms.

11. Third-Party Links and Services

Our website and communications may contain links to websites or services that are operated by third parties (for example, a link to a partner funeral home’s website, an external resource article, or a link to a professional’s personal website or profile). Additionally, some content on our site might be hosted by third parties (such as an embedded video or map). This Privacy Policy does not apply to those third-party sites or services, and we are not responsible for the privacy practices or content of any third parties.

• External Websites: If you click a link to an external website, that website will have its own privacy policy and terms of service. We encourage you to review those policies before providing any personal information or using those sites. We do not control and are not responsible for how those third parties collect, use, or secure your data. For example, if you are connected with a MAPP Certified Specialist and they direct you to fill out a form on their own firm’s website, any data you provide there would be governed by that firm’s privacy practices (though as a MAPP partner, they are expected to keep it confidential).

• Social Media: Our Services may include social media features, such as a Facebook or LinkedIn button to share content, or perhaps display of posts from our official pages. These features may collect your IP address and set cookies to work properly. They may be hosted by a third party (like the social network itself). Your interactions with those features are governed by the privacy policy of the social media platform.

• Third-Party Content: Occasionally, we might embed third-party content, such as a YouTube video (as on our homepage), Google Maps for showing our service areas, or a widget showing customer reviews. These third-party content providers may collect usage data (e.g., YouTube might track video views, Google might log map usage). Such providers have their own privacy policies — for instance, Google’s privacy policy will apply to Google-provided services.

• Professional Directories and Profiles: On our site, we may list or showcase certain professionals or partners (for example, highlighting a “Featured MAPP Specialist” or providing a directory where you can see basic info about our network professionals in your state). The information in these profiles is provided by the professionals or obtained from public sources with their consent. We strive to ensure it is accurate and up-to-date, but we do not independently guarantee the accuracy of third-party-provided information. If you use a directory feature to click through to a professional’s full profile page (which might be on our site or redirect to the professional’s own site), be aware that some content on those pages might be managed by the professional. We allow professionals to describe their services, credentials, and perhaps link to their own privacy notices or terms. While we have standards for our network, each professional’s handling of any data you give them once you engage may be subject to their own privacy obligations (e.g., an attorney will follow attorney-client confidentiality rules, a financial advisor might have SEC Regulation S-P notices, etc.). We encourage you to review any disclosures provided by the professional when you formally engage them.

• No Endorsement of Third-Party Practices: A link to or integration with a third-party service on our site is not an endorsement of their privacy or security practices. It’s provided for your convenience or to enhance your experience. If you have concerns about how a partner or linked service handles privacy, please let us know, and consider reaching out to that third party as well.

In short, once you leave our website or otherwise interact with a third-party feature, our responsibility for your privacy ends with respect to those third parties. We recommend you exercise caution and review the privacy statements of any other site you visit.

12. Children’s Privacy

Our Services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. The nature of our services (estate planning, financial planning, etc.) typically involves adults or at least mature teenagers with parental involvement; it would be extremely unusual for a young child to directly use our platform.

If you are under 13, please do not attempt to use our website or send any personal information about yourself to us. If we discover that we have collected personal information from a child under 13 without verifiable parental consent, we will promptly delete that information from our records.

If you are a parent or guardian and you believe we might have information from or about a child under 13, please contact us immediately (see Contact Information below). We will work with you to investigate and, if applicable, delete the information in accordance with the Children’s Online Privacy Protection Act (COPPA) and other relevant laws.

For minors older than 13 but under 18: Our Services generally should be used by minors only with appropriate consent and participation of a parent or guardian. For example, if a 17-year-old is involved in discussions about estate planning for a family member, we expect a parent or guardian to be present or aware. If you are under the age of majority in your state (which is 18 in Mississippi and most states), you should use our Services only with the involvement of a parent or guardian.

Some state laws (like California) provide additional rights to minors under 18, such as the right to request deletion of content they posted. However, it is unlikely a minor can create an account or post content on our platform due to the nature of our services. Regardless, if we ever host content created by a minor and they request removal, we will honor it to the extent required by law.

13. Changes to This Privacy Policy

We may update or revise this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or for other operational reasons. When we make changes, we will post the updated Policy with a new “Last Updated” date at the top.

If changes are significant, we will take additional steps to notify you: for example, by prominently posting a notice of such changes on our website homepage, or by emailing you if we have your email on file. In certain cases, if required by law, we may seek your consent to material changes in how we use personal information (especially if we plan to use your data for a new purpose not originally disclosed).

We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of our Services after any changes to this Policy constitutes your acceptance of the updated terms. If you do not agree with any updates or modifications, you should stop using the Services and can request that we remove your personal information as outlined above.

14. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please do not hesitate to contact us:

MAPP Network (Memorial Asset Protection Plan, LLC)
Attn: Privacy Officer (or Privacy Compliance Department)
911 Porter Ave
Ocean Springs, Mississippi 39564, USA
Phone: 228-217-1149
Email: info@mappnw.com

You may contact us by mail, phone, or email. For privacy-specific inquiries (such as exercising your rights or reporting a potential data issue), email is often the most efficient communication method, but please use whatever is most convenient for you. When you contact us, please provide your name and contact information and clearly describe your question or request related to privacy, so we can respond promptly and accurately.

If you are not satisfied with our response to a privacy concern, and applicable law grants you the right, you may also lodge a complaint with a supervisory authority (for example, a state Attorney General’s office for consumer privacy matters, or the U.S. Department of Health & Human Services for HIPAA-related complaints). We would, however, appreciate the chance to address your concerns directly first and will do our utmost to resolve any issues.

Thank you for trusting MAPP Network with your sensitive planning needs. We value your privacy and are here to protect it.