Privacy Policy

Last updated: April 13, 2026

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, and payment information (processed securely through Stripe — we never store your full credit card number).

Lead Data: You upload contact data (names, phone numbers, policy types) to the Platform. This data belongs to you. We process it solely to provide the Service and do not use it for any other purpose.

Message Data: We store the content and metadata of SMS messages sent and received through the Platform to provide conversation history and analytics.

Usage Data: We collect anonymized usage data including page views, feature usage, and performance metrics to improve the Service.

2. How We Use Your Information

  • To provide, maintain, and improve the Service
  • To process your subscription payments
  • To send you service-related communications (account updates, billing notices)
  • To provide customer support
  • To detect and prevent fraud or abuse
  • To comply with legal obligations

3. Data We Do NOT Collect

We do not collect or request Social Security numbers, dates of birth, policy numbers, financial account numbers, or any other sensitive personal information beyond what is necessary to provide the Service. We strongly advise you not to include such information in your uploaded data.

4. Data Sharing

We do not sell, rent, or trade your data or your leads' data to any third party. We share data only with:

  • Twilio: To send and receive SMS messages on your behalf
  • Stripe: To process your subscription payments
  • Supabase: To securely store your data (hosted on AWS infrastructure)
  • Clerk: To manage authentication and account security
  • Law Enforcement: If required by law, subpoena, or court order

5. Data Security

  • All data is encrypted in transit (TLS/SSL) and at rest
  • Row-Level Security (RLS) ensures each agent can only access their own data
  • Access controls limit employee access to production data
  • Regular security audits and monitoring are conducted
  • We use industry-standard authentication and session management through Clerk

6. Data Retention

Your data is retained for the duration of your active subscription. Upon cancellation or termination, your data will be retained for 30 days to allow for reactivation, after which it will be permanently deleted from all systems including backups within 90 days.

7. Your Rights

  • Access: You can access all your data through the Platform at any time
  • Export: You can export your lead data and message history at any time
  • Deletion: You can request deletion of your account and all associated data by contacting support
  • Correction: You can update your account information and lead data at any time through the Platform

8. CCPA Compliance (California Residents)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.

9. Children's Privacy

The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.

10. Contact

For privacy-related inquiries, contact us at privacy@bkflow.com.