Privacy Policy

Last Updated: December 11, 2025

1. Introduction

VIA Flow ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our insurance agency management platform ("the Service"). Please read this privacy policy carefully.

2. Information We Collect

2.1 Information You Provide to Us

  • Account Information: Name, email address, phone number, agency name, and profile photo
  • Authentication Data: Passwords (encrypted), OAuth tokens from Google sign-in
  • Profile Information: Agent license numbers, agency details, role information
  • Client Data: Information you input about your clients and policies (names, contact information, policy details)
  • Form Data: Custom forms and submissions created through our form builder
  • Communication Data: Messages sent through our messaging system
  • Payment Information: Billing details processed through our payment provider

2.2 Information Automatically Collected

  • Usage Data: Pages visited, features used, time spent on the Service
  • Device Information: IP address, browser type, operating system, device identifiers
  • Cookies and Similar Technologies: Session cookies, authentication tokens, preferences
  • Log Data: Error logs, access times, pages viewed

3. How We Use Your Information

We use the information we collect to:

  • Provide, operate, and maintain the Service
  • Process your transactions and manage your subscription
  • Send you account-related emails (welcome, approval, notifications)
  • Improve and personalize your experience
  • Develop new features and functionality
  • Monitor and analyze usage patterns and trends
  • Detect, prevent, and address technical issues and security threats
  • Comply with legal obligations and enforce our Terms of Service
  • Send you administrative information and service updates
  • Respond to your requests and provide customer support

4. Legal Basis for Processing (GDPR)

If you are from the European Economic Area (EEA), our legal basis for collecting and using your information depends on the data and context:

  • Contract Performance: Processing necessary to provide the Service you requested
  • Consent: You have given us explicit permission to use your information
  • Legitimate Interests: Processing necessary for our legitimate business interests (fraud prevention, security)
  • Legal Obligation: Processing required to comply with legal requirements

5. How We Share Your Information

5.1 Within Your Agency: Information is shared with other members of your agency based on their role and permissions.

5.2 Service Providers: We may share your information with third-party vendors who perform services on our behalf:

  • Supabase (database and authentication services)
  • Vercel (hosting and deployment)
  • Email service providers (for transactional emails)
  • Payment processors (for billing)

5.3 Legal Requirements: We may disclose your information if required by law or in response to valid requests by public authorities.

5.4 Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred.

5.5 With Your Consent: We may share your information with third parties when you give us permission.

We do NOT sell your personal information to third parties.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information:

  • Encryption in transit (HTTPS/TLS) and at rest
  • Secure authentication with OAuth 2.0 and encrypted passwords
  • Row-Level Security (RLS) policies in our database
  • Regular security audits and monitoring
  • Access controls and role-based permissions
  • Secure backup and disaster recovery procedures

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to use commercially acceptable means to protect your information, we cannot guarantee absolute security.

7. Data Retention

We retain your personal information only for as long as necessary to fulfill the purposes outlined in this Privacy Policy, unless a longer retention period is required by law. When you delete your account, we will delete or anonymize your personal information within a reasonable timeframe, except where we are legally required to retain it.

8. Your Rights and Choices

8.1 Access and Portability: You can access and export your data from your account settings.

8.2 Correction: You can update your account information at any time.

8.3 Deletion: You can request deletion of your account and associated data by contacting us.

8.4 Opt-Out: You can opt out of marketing communications, but will still receive transactional emails.

8.5 GDPR Rights (EEA Users):

  • Right to be informed about data collection and use
  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Rights related to automated decision-making

8.6 CCPA Rights (California Users):

  • Right to know what personal information is collected
  • Right to know if personal information is sold or disclosed
  • Right to say no to the sale of personal information
  • Right to access your personal information
  • Right to equal service and price
  • Right to delete personal information

9. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to:

  • Essential Cookies: Required for authentication and core functionality
  • Preference Cookies: Remember your settings and preferences
  • Analytics Cookies: Help us understand how you use the Service

You can control cookies through your browser settings. Disabling essential cookies may affect Service functionality.

10. Third-Party Services

Our Service integrates with third-party services (e.g., Google OAuth, payment processors). These services have their own privacy policies. We encourage you to review their policies before providing information.

11. Children's Privacy

Our Service is not intended for users under the age of 18. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure that such transfers comply with applicable data protection laws and implement appropriate safeguards, such as Standard Contractual Clauses approved by the European Commission.

13. Do Not Track

We do not currently respond to "Do Not Track" signals from browsers as there is no industry standard for compliance. We will continue to monitor developments in this area.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a notice on our Service. Your continued use of the Service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or wish to exercise your privacy rights, please contact us:

Email: viaflow.co@gmail.com

Phone: (714) 472-4097

For GDPR-related inquiries, you may also contact your local data protection authority.

16. Your California Privacy Rights

California Civil Code Section 1798.83 permits California residents to request information regarding disclosure of personal information to third parties for direct marketing purposes. We do not share personal information with third parties for their direct marketing purposes.

← Back to Home