Privacy Policy

Last updated: February 20, 2026

MyInsureFlow (“we”, “us”, or “our”) operates the MyInsureFlow platform (the “Service”). This Privacy Policy explains how we collect, use, disclose, and protect information about you when you use our Service. We are committed to complying with the Personal Information Protection and Electronic Documents Act (PIPEDA) and applicable Canadian provincial privacy laws.

By using MyInsureFlow, you consent to the practices described in this policy.

1. Who We Are

MyInsureFlow is a customer relationship management (CRM) platform designed for independent insurance advisors licensed under the Life License Qualification Program (LLQP) in Canada. The Service is operated from British Columbia, Canada.

For privacy-related questions, contact us at: support@myinsureflow.com

2. Information We Collect

2.1 Information you provide directly

  • Account registration: your name, email address, password (hashed), and agency name
  • Client records you enter: names, contact details, policy information, notes
  • Lead records: prospect names, contact details, profession, income estimates
  • Communication templates you create
  • Any notes, tasks, or documents you upload

2.2 Information collected automatically

  • IP address and approximate location (country/region)
  • Browser type and operating system
  • Pages visited and features used (via Vercel Analytics)
  • Error logs and crash reports (via Sentry)
  • Authentication session tokens (stored in secure cookies)

2.3 Billing information

Payment processing is handled by Stripe. We do not store credit card numbers on our servers. Stripe's privacy policy applies to payment data:stripe.com/privacy

3. How We Use Your Information

We use the information we collect to:

  • Provide and operate the MyInsureFlow Service
  • Send daily digest emails you have configured
  • Display reminders, tasks, and follow-up notifications
  • Process subscription payments
  • Detect and fix technical errors
  • Respond to support requests
  • Send important service announcements (not marketing, unless you opt in)
  • Comply with applicable laws

We do not sell, rent, or share your personal information or your clients' information with third parties for advertising or marketing purposes.

4. Your Clients' Data

You enter information about your clients and prospects into MyInsureFlow. You are the “data controller” of that information — you collected it from your clients, and you are responsible for having the appropriate basis (consent or legitimate interest) to store and process it.

MyInsureFlow acts as a “data processor” — we store and process this data only to provide you with the Service and will not use it for any other purpose.

You should inform your clients that their contact and policy information is stored in a CRM system, as required under PIPEDA and your provincial advisor regulations.

5. Data Storage & Security

Your data is stored on:

  • Neon (PostgreSQL) — database hosted on AWS infrastructure in the United States (us-west-2 region)
  • Vercel — application hosting, edge network

Because data is stored on US servers, cross-border transfer provisions of PIPEDA apply. Both providers maintain SOC 2 compliance and industry-standard security practices.

We protect your data by:

  • Encrypting all data in transit (TLS/HTTPS)
  • Encrypting passwords using bcrypt (we never store plaintext passwords)
  • Isolating each agency's data by agency ID — no user can see another agency's data
  • Using short-lived JWT session tokens
  • Monitoring errors and anomalies via Sentry

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account or your subscription lapses without renewal, we will:

  • Retain your data for 30 days so you can request an export
  • Permanently delete all data associated with your account after 30 days

Error logs and analytics data are retained for a maximum of 90 days.

7. Your Rights Under PIPEDA

You have the right to:

  • Access — request a copy of all personal information we hold about you
  • Correction — request correction of inaccurate information
  • Deletion — request deletion of your account and all associated data
  • Export — request a machine-readable export of your data (CSV)
  • Withdraw consent — close your account at any time

To exercise any of these rights, email support@myinsureflow.com. We will respond within 30 days, as required by PIPEDA.

8. Cookies & Tracking

We use:

  • Session cookies — required for authentication. Cannot be disabled without breaking the Service.
  • Vercel Analytics — privacy-friendly, no cross-site tracking, no fingerprinting
  • Sentry — error tracking only, not used for advertising

We do not use Google Analytics, Facebook Pixel, or any advertising trackers.

9. Third-Party Services

We share limited data with these providers solely to operate the Service:

ProviderPurposeData shared
Neon / AWSDatabase storageAll account and user data
VercelApp hosting & CDNRequest logs, IP address
ResendTransactional emailYour email address, digest content
StripePayment processingEmail, billing address (no card data stored by us)
SentryError trackingError logs, anonymized session context

10. Children's Privacy

MyInsureFlow is designed for licensed insurance professionals. We do not knowingly collect information from anyone under 18 years of age.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you by email and by displaying a notice in the application at least 14 days before any material change takes effect. Continued use after the effective date constitutes acceptance.

12. Contact Us

For privacy questions, access requests, or complaints, contact our Privacy Officer:

MyInsureFlow Privacy Officer

Email: support@myinsureflow.com

Jurisdiction: British Columbia, Canada

If you are not satisfied with our response, you may file a complaint with the Office of the Privacy Commissioner of Canada.