Last updated: May 14, 2026
Account Information: When you create an account, we collect your name, email address, and payment information (processed securely through Stripe — we never store your full credit card number).
Lead Data: You upload contact data (names, phone numbers, policy types) to the Platform. This data belongs to you. We process it solely to provide the Service and do not use it for any other purpose.
Message Data: We store the content and metadata of SMS messages sent and received through the Platform to provide conversation history and analytics.
Inbound Email Replies: When a recipient replies to an email you sent through BKFlow, that reply is routed through our inbound mail server (reply.gobkflow.com) and stored alongside the original send for conversation history. We parse the reply's subject and body to (a) detect “STOP”/unsubscribe intent and automatically suppress further sends to that recipient, (b) classify the reply's tone via AI (interested / question / not interested / etc.) so we can surface hot leads in your dashboard, and (c) pause any in-progress nurture sequence so the lead doesn't receive automated follow-ups after replying. Inbound bodies are encrypted in transit and at rest and retained per the same retention schedule as outbound messages.
Email Engagement Data (Pro & Agency plans only): When an email is sent from a Pro or Agency workspace, we record whether the recipient opened the email (a 1×1 tracking pixel embedded in the message) and whether they clicked any links (rewritten through our redirect service). This data is used solely to provide engagement analytics to the agent who sent the email. We bucket Apple Mail Privacy Protection auto-fetches separately from human opens so analytics aren't inflated. Starter and Growth plan emails do NOT include tracking pixels or link rewriting — those sends are not tracked. Every email regardless of plan includes a one-click unsubscribe header and CAN-SPAM compliant footer.
Usage Data: We collect anonymized usage data including page views, feature usage, and performance metrics to improve the Service.
We do not collect or request Social Security numbers, dates of birth, policy numbers, financial account numbers, or any other sensitive personal information beyond what is necessary to provide the Service. We strongly advise you not to include such information in your uploaded data.
We do not sell, rent, or trade your data or your leads' data to any third party. We share data only with:
reply.gobkflow.com. For Pro & Agency workspaces, Resend also records open + click events via tracking pixels and link rewriting (see “Email Engagement Data” above).Your data is retained for the duration of your active subscription. Upon cancellation or termination, your data will be retained for 30 days to allow for reactivation, after which it will be permanently deleted from all systems including backups within 90 days.
If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect, the right to delete your personal information, and the right to opt out of the sale of personal information. We do not sell personal information.
The Platform is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children.
For privacy-related inquiries, contact us at bkflowconsulting@gmail.com.
You can reset your cookie consent banner here. The next time you visit BKFlow, the banner will reappear so you can review and re-confirm your choice.