Privacy Policy

SteadyFlow App LLC ("SteadyFlow," "we," "us," or "our") operates a software platform that helps licensed insurance agents run their day-to-day book of business. The platform bundles a white-labeled customer relationship management (CRM) workspace — including conversations, calendars, contacts, and pipelines — provided by Go High Level/LeadConnector, together with SteadyFlow utilities for exporting leads from third-party lead portals and generating client-facing documents such as summary sheets. This Privacy Policy explains how we collect, use, and protect information submitted through our platform at steadyflowapp.com.

SteadyFlow is intended solely for use by residents of the United States. We do not offer the Service to users outside the United States and do not knowingly collect personal information from users outside the United States.

By using SteadyFlow, you agree to the collection and use of information as described in this policy.

1. Information We Collect

From Insurance Agents (Platform Users)

• Name (first and last) and email address (used for account creation, login, and to provision your GHL sub-account)
• Phone number (required for account creation; used for GHL sub-account provisioning and as the A2P brand contact-of-record submitted to The Campaign Registry)
• State insurance license number (NPN), licensed-state selections, and an attestation timestamp + IP address — collected only if and when you use the Ad Copy generation tool, which uses these fields to produce state-compliant insurance advertising disclosures
• Payment and billing information (processed by Stripe — we do not store card numbers). We retain a Stripe customer ID, subscription ID, and your subscription status so we can manage billing and feature access
• Lead portal credentials (such as your Planet portal username and password) that you save to the platform to enable automated lead exports. These are stored encrypted using AES-256-GCM and decrypted only for the duration of a scrape session you initiate
• Inputs you provide to generate client-facing documents (such as the form fields entered when creating a summary sheet)
• An audit log of each lead-portal export job — the timestamp, status (success or failure), number of leads returned, and any error message — so you have a record of when exports ran on your behalf

Lead Data Returned by Third-Party Portals

When you initiate a Planet portal export, lead records assigned to you (which may include name, contact information, and demographic fields exposed by the portal) are retrieved into a CSV file and delivered as a download. SteadyFlow does not retain a copy of the lead records themselves after the CSV is delivered to you; we retain only the audit-log entry described above. You are responsible for the lead data once it is in your possession.

Automatically Collected

• Authentication session tokens (stored in secure httpOnly cookies)
• Basic usage data (pages visited, features used) to operate and improve the platform
• IP address and browser type for security, rate limiting, and fraud prevention

2. How We Use Your Information

• To operate and provide the SteadyFlow platform to licensed agents
• To send sign-in (magic link) emails and account-related transactional emails such as email-change confirmations
• To retrieve leads from third-party lead portals (such as Planet) on your behalf using credentials you have saved to the platform
• To generate client-facing documents (such as summary sheets) as PDFs, based on inputs you provide at the time of generation
• To process subscription payments through Stripe
• To prevent fraud, abuse, and unauthorized access
• To improve the platform based on usage patterns

We do not sell your personal information to third parties. Lead data returned by third-party portals is delivered to you as a CSV download and is not transmitted to any other party by us.

3. Cookies

SteadyFlow uses cookies and similar technologies to operate the platform:

• Session cookies — used to keep you logged in. Stored as httpOnly cookies, not accessible by JavaScript. Required for the platform to function.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies. We do not respond to Do Not Track (DNT) signals because we do not engage in cross-site tracking.

4. Third-Party Services

SteadyFlow relies on the following third-party services to operate. All of them apply to every active account.

• Stripe — payment processing for agent subscriptions. Stripe collects and stores payment card information directly. We do not receive or store your full card number. See stripe.com/privacy.
• Resend — transactional email delivery for sign-in links and account emails. See resend.com/privacy.
• Turso — cloud database hosting for platform data. Data is stored in the United States. See turso.tech/privacy.
• Vercel — cloud infrastructure and hosting. See vercel.com/legal/privacy-policy.
• Sentry — application error monitoring. When errors occur in the platform, Sentry may receive technical data including error messages, page URLs, and session identifiers to help us diagnose and fix issues. See sentry.io/privacy.
• Upstash — Redis database used for rate limiting. IP addresses are stored temporarily as rate limit counters to prevent abuse. These counters expire automatically and are not linked to personal profiles. See upstash.com/privacy.
• Browserbase — hosted headless-browser service used to run automated logins to third-party lead portals on your behalf. When you initiate an export, your decrypted portal credentials are transmitted over TLS to a Browserbase session that retrieves your assigned leads, then the session terminates. Credentials are not retained by Browserbase beyond the session. See browserbase.com.
• Anthropic — provider of the Claude AI model used to generate and review insurance ad copy. Used only when you use the Ad Copy tool. The form inputs you submit (campaign topic, audience targeting, license/state context) are sent to Anthropic over TLS to produce ad variants and a compliance review. Anthropic does not use API inputs to train its models. See anthropic.com/legal/privacy.
• Pexels— stock photo service used to source images for ad creative in the Ad Copy tool. Search queries (e.g. "senior couple") are sent to Pexels; no personally identifying information about you or your contacts is shared. See pexels.com/privacy-policy.
• Go High Level / LeadConnector — provider of the white-labeled CRM workspace bundled with SteadyFlow. Sub-account creation and management requires sharing your name, email, phone number, business mailing address, and SteadyFlow subscription status with GHL/LeadConnector. GHL also collects and processes payment information directly when you add a payment method for telephony usage (SMS, voice, phone numbers); that payment information is not received by, processed by, or stored by SteadyFlow. See gohighlevel.com/privacy-policy.
• The Campaign Registry (TCR) and connected wireless carriers— to enable SMS messaging from your GHL sub-account, SteadyFlow submits A2P 10DLC brand and campaign information to TCR, which in turn shares it with downstream wireless carriers (e.g. AT&T, T-Mobile, Verizon). The submitted information includes the identity of the insurance carrier you are contracted with (e.g. American Income Life Insurance Company — its legal business name, EIN, business address, industry classification, and website), your personal contact email and phone (used as the brand contact-of-record), your business mailing address, and a description of the messaging use case. TCR and the connected carriers retain this data per their own privacy policies. See campaignregistry.com/privacy.

We will update this list before introducing additional third-party services that process personal information.

5. Children's Privacy

SteadyFlow is intended for use by licensed insurance professionals only and is not directed at children under the age of 13. We do not knowingly collect personal information from children under 13. If we become aware that we have collected personal information from a child under 13, we will delete it promptly. If you believe we have inadvertently collected such information, please contact us at privacy@steadyflowapp.com.

6. Data Retention

Agent account data is retained for the duration of the agent's subscription. Upon cancellation or termination, account data is retained for 90 days to allow for reactivation or data export requests, after which it is deleted or anonymized. Lead-portal export audit logs are retained alongside your account record.

Your white-labeled GHL sub-account is on a faster timeline than the SteadyFlow account record above: at cancellation we suspend the GHL sub-account immediately, and it is scheduled for full deletion approximately 30 days later in line with GHL's never-reuse lifecycle policy. Once the GHL sub-account is deleted, the conversations, contacts, calendars, and pipelines stored in it cannot be recovered.

Agents may request deletion of their account and all associated data at any time — either through Settings → Danger Zone in the platform, or by contacting us at privacy@steadyflowapp.com. We will fulfill deletion requests within 30 days except where retention is required by applicable law.

7. Data Security

We use industry-standard security practices to protect your data, including encrypted connections (HTTPS/TLS), AES-256-GCM encryption for stored portal credentials, secure httpOnly authentication cookies, rate-limiting on sensitive endpoints, and access controls that limit data access to the account owner. No system is completely secure, and we cannot guarantee the absolute security of your information.

8. Your Rights

You may request access to, correction of, or deletion of your personal information at any time by contacting us at privacy@steadyflowapp.com. Agents may also delete their account directly from Settings → Danger Zone in the platform.

California residentsmay have additional rights under the California Consumer Privacy Act (CCPA, as amended by the CPRA) and the California "Shine the Light" law (Civil Code §1798.83), including the right to know what personal information is collected, the right to delete personal information, the right to correct inaccurate personal information, the right to limit use of sensitive personal information, and the right to opt out of the sale or sharing of personal information. We do not sell or share personal information.

Other state privacy laws.Residents of states with comprehensive consumer privacy laws — including but not limited to Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), Oregon (OCPA), Montana (MCDPA), and other states whose laws come into effect — have the right to access, correct, delete, and obtain a copy of personal information we hold about them, as well as to opt out of profiling or targeted advertising where applicable. We do not engage in targeted advertising or sell personal data to third parties. To exercise any of these rights, contact us at privacy@steadyflowapp.com. We will respond within the timeframe required by your state's applicable law.

Automated decision-making. We do not use automated decision-making to produce legal or similarly significant effects about you. If we introduce features that involve such automated decision-making, we will update this policy and notify you in advance.

9. Changes to This Policy

We may update this Privacy Policy from time to time, including when we add or remove features. We will notify agents of material changes via email at least 14 days before they take effect. Continued use of the platform after changes take effect constitutes acceptance of the updated policy.

10. Contact

For privacy-related questions, data deletion requests, or to exercise your rights, contact us at: privacy@steadyflowapp.com

SteadyFlow App LLC
United States
privacy@steadyflowapp.com