The insurance company can not log in as you. If your private data is marked as only accessible by you, the insurance company can’t see it, no matter what app they use. If you have a personal app that only logs in as you, what is the problem if that app can see the whole pod?