ParFlow

Privacy Policy

Last updated: 2026-07-01

This Privacy Policy explains how ParFlow collects, uses, and protects information in connection with the ParFlow AI Website Agent and related services. It is written for visitors who interact with an agent on a business's website, and for the insurance agencies, mortgage brokers, and other businesses that use ParFlow to power that agent.

Please read the "Our role" section below carefully. In most cases the business whose website you are visiting — not ParFlow — decides how your information is used and is responsible for its own privacy obligations.

Our role: technology provider, not the licensed business

ParFlow is a technology provider. We provide software that a business (for example, an insurance agency or a mortgage broker) uses to run an AI website agent, capture inquiries, and organize them in a CRM.

When you interact with an agent on a business's website, that business is the party responsible for deciding what information is collected and how it is used. In privacy terms, that business generally acts as the “business” or “controller” for the lead information you provide.

ParFlow generally acts as a service provider or processor that handles that information on the business's behalf and under its instructions, to provide and support the service.

ParFlow is not a licensed insurance agency, insurance producer, mortgage broker, mortgage lender, or financial advisor, and does not make coverage, lending, underwriting, or eligibility decisions. Those decisions are made by the licensed business you are working with.

Financial privacy (GLBA)

Some businesses that use our service — such as mortgage brokers and certain insurance or financial-services providers — may be “financial institutions” under the U.S. Gramm-Leach-Bliley Act (GLBA). Information you share with those businesses may be considered nonpublic personal information.

  • ParFlow processes this information only to provide the service to the business you are working with, and does not use it for unrelated purposes.
  • The business you are working with is responsible for its own GLBA obligations, which may include giving you its own privacy notice describing how it shares and protects your information.
  • Regulators such as the U.S. Federal Trade Commission expect GLBA-covered financial institutions to explain their information-sharing practices and to safeguard sensitive information.

This policy does not itself constitute a GLBA privacy notice, and ParFlow does not represent that any particular business is or is not GLBA-compliant. If you have questions about a specific business's financial-privacy practices, contact that business directly.

Information we collect

The information handled through the AI Website Agent typically includes:

  • Contact details you provide, such as your name, email address, and phone number.
  • The content of your conversation or message — for example, the type of insurance or mortgage help you are looking for, your general situation, timeline, and questions.
  • High-level qualifying details you choose to share, such as your state, coverage or loan goal, and rough ranges (for example, an approximate home-price or coverage range). We ask for ranges and general information, not exact financial figures.
  • Consent records, including the consent text shown to you, its version, the language, the page URL where you submitted, the channel, and a timestamp.
  • Limited technical information needed to operate and secure the service, such as IP address, browser/user-agent, and basic session information.

Notice at Collection

This short notice summarizes what we collect at the point you provide information (for example, in the chat or a contact form). It is provided for transparency and for residents of states such as California that expect a notice at collection.

  • Categories collected: identifiers (name, email, phone), the content of your message, general qualifying details, consent records, and limited technical/usage information.
  • Purposes: to respond to you, answer questions, qualify your inquiry, route it to the appropriate business, document it in that business's CRM, and operate, secure, and improve the service.
  • Categories of recipients: the business whose website you are using, and service providers that help operate the service (see “Service providers”).
  • Sale or sharing: we do not sell your personal information, and we do not share it for cross-context behavioral (targeted) advertising.

For full details, read the rest of this Privacy Policy. Where you enter personal information, a link to this policy is provided.

How we use information

  • To respond to your inquiry and hold a helpful conversation.
  • To qualify your inquiry and route it to the appropriate business and its team.
  • To document your inquiry in that business's CRM so they can follow up.
  • To operate, maintain, secure, debug, and improve the service and prevent abuse.
  • To comply with legal obligations and enforce our terms.

You may be interacting with an AI agent

The website agent is powered by artificial intelligence. Your conversation may be processed by AI systems to understand your question, answer from the business's approved information, and qualify your inquiry.

  • AI can make mistakes. Please verify anything important with a person before relying on it.
  • The agent does not provide legal, financial, insurance, mortgage, tax, or medical advice.
  • Final decisions and any binding advice come from licensed professionals at the business you are working with.

See our separate AI Disclosure for more detail on how the agent works and its limits.

No binding advice — speak with a licensed professional

The AI Website Agent is an informational and lead-qualification tool. It does not bind coverage, issue policies, approve loans, quote final rates or premiums, or make underwriting decisions.

For anything binding — coverage, quotes, rates, eligibility, applications, or approvals — you should speak with a licensed insurance agent, mortgage broker, lender, or other qualified professional at the business you are working with.

Sensitive information we do not collect in chat

The public website chat is designed not to ask for or collect sensitive information. Please do not enter the following into the chat:

  • Social Security number or other government ID numbers.
  • Full date of birth.
  • Driver's license number.
  • Bank account, card, or other financial account numbers.
  • Uploaded financial or identity documents.
  • Detailed medical history, diagnoses, medications, or genetic or biometric information.
  • Precise geolocation, unless it is clearly necessary and disclosed to you.

If sensitive information is needed later in the process, the business you are working with should collect it through a secure, human-handled intake process — not through ordinary chat.

Cookies and similar technologies

The site uses only essential cookies and local storage — for example, to keep you signed in, keep your session working, and remember that you dismissed a cookie notice.

We do not currently use analytics, advertising, or tracking-pixel technologies on this surface. If we introduce them in the future, we will update this policy and, where required, offer you choices.

Service providers

We use trusted third-party service providers to run the service. They are engaged under contract, given only the access they need, and are not permitted to use your information for their own unrelated purposes. We disclose the categories of providers rather than individual vendors:

  • Hosting and infrastructure
  • Database and storage
  • AI model processing
  • Email and communications
  • Calendar integrations
  • Payment and billing providers
  • Security, logging, and analytics

How we protect information

We use administrative and technical safeguards designed to protect the information we handle. These include:

  • Authenticated accounts with role-based access controls.
  • Per-workspace isolation, so each business's data is scoped to that business.
  • Encryption of data in transit (HTTPS/TLS).
  • Encryption of sensitive stored tokens and secrets where we implement it.
  • Least-privilege access, with privileged server-side credentials used only on the server.
  • Logging of administrative actions to support accountability.
  • Contractual safeguards with the service providers we use.

No method of transmission or storage is perfectly secure. We do not claim any formal certification (such as SOC 2 or HIPAA) or GLBA certification, and we describe our safeguards honestly rather than overstating them.

Data retention and deletion

  • CRM lead records are retained by the business you contacted, for its own business and legal purposes and under its control.
  • Anonymous website chat sessions that are not linked to a lead are retained for a limited period (by default about 90 days, and configurable) and then purged.
  • Consent records may be retained as evidence of compliance.
  • We retain other operational and security logs for as long as needed to run and protect the service.

You can ask the business you contacted, or us, to delete your information. Deletion may be limited or delayed where we or the business must keep information for legal, fraud-prevention, security, or transaction-record reasons.

International data processing

ParFlow is operated from outside the United States, and your information may be processed in the United States and in other locations where our infrastructure and service providers operate.

Where information is transferred across borders, the safeguards that apply depend on our providers' contractual commitments and on applicable law.

US state privacy rights

Depending on your state of residence and applicable law, you may have some or all of the following rights regarding your personal information:

  • The right to know about and access the personal information collected about you.
  • The right to correct inaccurate personal information.
  • The right to delete personal information, subject to exceptions.
  • The right to opt out of the sale or sharing of personal information and of targeted advertising.
  • The right to limit the use of sensitive personal information, where applicable.
  • The right not to be discriminated against for exercising your privacy rights.

To exercise a right, contact us at Lior@parflow.cc, or contact the business you interacted with, which may be the party responsible for your information. We will verify your request as required by law. Where a request is denied, you may appeal by replying to our response; we will inform you of the outcome. Not all rights apply to every person, and thresholds under some state laws mean a given law may not apply.

Texas residents

If you are a Texas resident, the Texas Data Privacy and Security Act may give you rights over your personal data. To the extent it applies:

  • Categories of personal data we process include identifiers, the content of your inquiry, general qualifying details, consent records, and limited technical/usage data.
  • We process this data to respond to you, qualify and route your inquiry, document it for the business you contacted, and operate and secure the service.
  • We share personal data only with the business you contacted and with the categories of service providers described above.
  • You may exercise rights to access, correct, delete, and obtain a copy of your data, and to opt out of targeted advertising, the sale of personal data, and certain profiling.
  • We do not sell personal data, and we do not sell sensitive personal data.

To exercise Texas rights, contact us at Lior@parflow.cc.

Florida residents

The Florida Digital Bill of Rights applies only to certain large businesses that meet specific thresholds. We do not represent that it applies to us or to the business you contacted. Regardless of whether it applies, we aim to follow clear principles of notice, data minimization, and security described in this policy, and Florida residents may contact us with privacy questions.

Your privacy choices

  • We do not sell your personal information and do not share it for targeted advertising, so no “Do Not Sell or Share” action is currently needed.
  • You can opt out of further contact by calls, texts, or email as described above.
  • You can request access to, correction of, or deletion of your information, subject to legal limits.

Contact us

For privacy questions or to make a privacy request, contact ParFlow at Lior@parflow.cc. If your question is about how a specific business uses your information, please also contact that business directly.

Changes to this policy

We may update this Privacy Policy from time to time. When we do, we will change the “Last updated” date above and, where appropriate, provide additional notice.