HelloSafe

Compliance & licensing

Distribute travel insurance without carrying the license

HelloSafe runs the insurance distribution. The advice, the regulatory documents, claims and complaints sit with us. You keep the client relationship and the commission.

The distribution model

Who does what, exactly

Three roles, three sets of responsibilities. The regulated activity never sits with you.

You: the partner

You recommend and route: tracked links, widget, white-label or API. You follow the marketing rules and keep your client relationship.

  • Promote with the kit and your own content
  • Route travelers to the comparison or the checkout
  • No advice obligations, no regulatory documents

HelloSafe: the distributor

HelloSafe runs the regulated sale: advice, pre-contractual documents, complaints handling and customer support, 7 days a week.

  • Policy documents and required disclosures built in
  • Compliant, multilingual sales journey
  • Claims path and complaints handling

Insurers: the risk carriers

Allianz Global Assistance, AIG Travel Guard, Generali, IMG and others underwrite the policies. HelloSafe distributes independently, with no exclusive agreements.

  • Underwriting and policy risk
  • Assistance networks on the ground
  • Disclosed rankings, disclosed commissions

Licensing by integration mode

Do you need a license? No

Whatever the integration depth, HelloSafe remains the distributor of record. The only thing that changes is how the journey is embedded.

Links & widget

You refer, nothing more

Tracked links and the comparison widget route to HelloSafe's journey. You never collect insurance data, so no registration is required on your side.

White-label

Our journey, your brand

Quote and checkout run on HelloSafe rails, in your colors. The distributor of record, the documents and the support remain HelloSafe.

API

Your UI, our rails

Even with quotes rendered in your interface, binding happens on HelloSafe's side, with the regulatory documents issued by us. Your product stays a product, not a brokerage.

Rules vary by market. Every partner is reviewed at signup: we flag anything specific to your country before you go live.

Data & privacy

Private by default

The program keeps personal data where it belongs: with the traveler and the insurer, not scattered across your systems.

Privacy by design

Consent-first analytics, minimal collection and documented processing, from the click to the certificate.

No card data on your side

Payment runs on HelloSafe's hosted checkout. Card numbers never touch your stack: your PCI surface stays at zero.

Reporting without PII

Your dashboard works on clicks, quotes, sales and Sub-IDs. You receive neither identity documents nor insurance policy files.

Scoped, revocable access

API keys are scoped per caller and revocable one by one. Access to conversion data follows the same boundaries.

Fraud & integrity

An attribution chain you can audit

Commissions only move on signed, verified events. The controls that protect HelloSafe protect your revenue too.

Signed postbacks

Every conversion is signed with a per-caller HMAC-SHA256 key and rejected outside a 5 minute replay window.

Ownership guards

A ref must match the link's real owner. Forged or mismatched refs are refused, never silently accepted.

A strict state machine

pending, validated, cancelled: forbidden transitions return an error instead of overwriting the ledger.

Ceilings and audit trails

Per-conversion amount ceilings, FX rates frozen at ingest and an auditable trail on every state change.

Read the API security model →

Marketing rules

Promote hard, promote clean

The program protects travelers and partners alike. The rules fit in two lists.

What works

  • Your own content, comparisons and reviews
  • The partner kit: banners, badges and approved brand mentions
  • Deep links, Sub-IDs and the embeddable widget
  • Newsletters, social posts and client messages (with consent)

What gets accounts closed

  • Bidding on the HelloSafe brand in paid search
  • Misleading claims about prices or coverage
  • Unsolicited messaging and spam
  • Cashback mechanics and forced browser extensions

Compliance, in questions

What partners check before they sign.

Do I need an insurance license to join the program?

No. HelloSafe runs the insurance distribution and carries the regulated obligations. You recommend and route; the regulated sale happens on our rails.

Who handles claims and complaints?

HelloSafe and the insurer. The traveler gets a dedicated support team 7 days a week and a formal complaints path. Your role ends at the recommendation, and your dashboard keeps the commission visible.

Do my systems ever touch card data?

No. Payment runs on HelloSafe's hosted checkout. Your stack never sees a card number, which keeps your PCI exposure at zero.

What personal data do I receive as a partner?

Practically none. Reporting is built on clicks, quotes, sales and the Sub-IDs you define. Identity documents and policy files stay between the traveler, HelloSafe and the insurer.

Is the white-label journey compliant too?

Yes. White-label changes the brand on the journey, not the distributor of record. Regulatory documents, advice obligations and support remain HelloSafe's responsibility.

Which marketing practices are prohibited?

Brand bidding on HelloSafe in paid search, misleading claims, spam, cashback mechanics and unsolicited extensions. The full list ships with the program terms; accounts that cross it are closed.

Which countries can my audience be in?

Coverage spans 190+ destinations, and one link routes each visitor to the journey localized for their market. At signup we review your audience and flag anything specific to your country.

A compliance question we didn't cover? Contact us

Zero licensing, full speed

Distribute insurance, skip the brokerage

Tell us where your audience is and how you want to integrate. We confirm the compliant path for your market within 24 hours.