ratefeed

data practices · last revised 2026-07-09

Data practices

Public records in. No personal data.

This page describes what data ratefeed handles, on both sides of the API: what we collect from regulators, and what we see when you call us.

§1What we collect

Public regulatory records, and nothing else.

Everything in the ratefeed database is a public record published by a government body:

  • Rate and rule filings from state insurance regulators: carrier names, NAIC company codes, tracking numbers, filing types, statuses, dates, rate-change percentages, and the filing documents carriers submitted for public access.
  • County-level non-renewal data published by the US Senate Budget Committee. These are aggregates; the smallest unit is a county.
  • ZIP-level premium and claims metrics published by the US Treasury's Federal Insurance Office. Also aggregates; the smallest unit is a ZIP code.
  • FAIR Plan enrollment statistics as published by the California FAIR Plan.

The named entities in our data are insurance companies acting in their regulated, corporate capacity. Sources are enumerated one by one on the methodology page.

What we do not collect

No policyholder information, no person-level data of any kind, no scraped social profiles, no purchased data-broker feeds, no inferred household attributes. If a dataset's smallest unit is a person or a household, it does not enter ratefeed.

§2Retention

Public records are kept; corrections are layered on top.

Source documents and extracted records are retained indefinitely. They are public records, and their value to customers is historical: backtests need the past to stay put. When a record is corrected, the corrected value supersedes it in the API and the correction is logged on the methodology page; we do not silently rewrite history.

If a regulator removes a document from public access or asks us to, we remove our copy and note the removal.

§3The API and your data

What we see when you call us.

  • Account data. A name or company label you give us when we mint your key, and the email address we correspond with. That is the whole customer record.
  • API keys are stored as SHA-256 hashes. We cannot read your key back, and neither can anyone who obtains the database.
  • Usage metering. Each request logs the key, the endpoint path, and a timestamp. That log exists to enforce daily quotas and to understand which data is useful. It is not sold, shared, or used for anything else.
  • Query semantics. All API endpoints are read-only GETs. You never send us payload data, so there is no customer payload for us to hold.
  • Transport. The API is served over TLS only.
§4This website

Static pages, nothing watching you.

This site is static HTML and CSS. No analytics, no cookies, no tracking pixels, no third-party requests of any kind. Your visit here produces nothing beyond a standard server access log at our hosting provider.

§5Questions

Ask us.

Questions about any of the above, requests to delete your account data, or concerns about a record: hello@ratefeed.io. A person reads it and answers, typically within one business day.