Privacy Policy

Effective date: April 24, 2026

This Privacy Policy describes how InsertLead, a sole proprietorship operating as “InsertLead” (“InsertLead,” “we,” “us,” or “our”), collects, uses, and discloses information in connection with the InsertLead software-as-a-service platform available at insertlead.com and related subdomains (the “Service”). The Service is a Compliance Wrapper around your own Twilio and Anthropic accounts: you bring the credentials, we orchestrate. By accessing or using the Service, you acknowledge that you have read and understood this Privacy Policy.

The Service is offered only to users located in the United States. We do not knowingly collect personal information from individuals outside the United States. If you are accessing the Service from outside the United States, please do not provide personal information to us.

1. Information We Collect

1.1 Information You Provide Directly (Account Holders)

  • Account information. When you request access or create an account, we collect your full name, email address, telephone number (optional), a short description of your business, and your selected onboarding path (Self-Serve, Assist, or Full Setup). Your password is stored only as a salted bcrypt hash; we never store or have access to your plaintext password.
  • Bring-Your-Own-Twilio (BYOT) credentials. To send and receive SMS through the Service, you supply your own Twilio Account SID, Auth Token, and one or more phone numbers. These credentials are encrypted at rest using symmetric authenticated encryption (Fernet / AES-128-CBC with HMAC-SHA256) before being written to our database. They are decrypted in application memory only at the moment a Twilio API call is made on your instructions, and are never logged or displayed back to you in plaintext.
  • Bring-Your-Own-Key (BYOK) AI credentials. If you enable AI features (autoresponder, campaign generator, reply suggester), you supply your own Anthropic (or, where supported, OpenAI) API key. This key is stored under the same Fernet-encrypted scheme as your Twilio credentials and is used only to call the AI provider on your behalf. Anthropic and OpenAI bill you directly; InsertLead never charges you for tokens.
  • Subscription and billing data. If you subscribe to a paid plan, billing is handled by Stripe. We receive a Stripe customer identifier and subscription status; we do not receive your full payment-card data. Stripe processes payment data under its own privacy policy.
  • Customer Data (leads, messages, notes). You may upload contact records (names, addresses, telephone numbers, property data, custom fields) through CSV import. The Service stores these records, plus inbound and outbound SMS conversation history, AI-extracted qualification fields (motivation, condition, timeline, price), CRM stage transitions, and any notes you write. This is referred to as “Customer Data.”
  • Forum posts. If you post to the public forums, your post body, post category, and a snapshot of your first name (taken at post time) are visible to all visitors. Forum posts are immutable by users.

1.2 Information from Visitors (No Account Required)

  • Public AI demo bot. Our home page hosts a small AI chat demo at /api/demo-bot. When a visitor sends a message to that demo, we process the message text and a Cloudflare Turnstile challenge token. The visitor's message is sent to Anthropic using a platform-owned API key (the only place on the Service where Anthropic processing is not done with a user-provided key). We retain only aggregate token counts and cost figures per UTC day in a global usage ledger; we do not retain individual visitor message content beyond the duration of the request unless required for abuse investigation. Visitor IP addresses pass through standard server logs (see 1.3).
  • Cloudflare Turnstile. The demo bot uses Cloudflare Turnstile to distinguish humans from bots. Cloudflare receives signals from the visitor's browser (request headers, behavioral metrics) for that purpose under Cloudflare's privacy policy. Turnstile does not place persistent identifiers on the visitor's device for tracking purposes.
  • Forum reading. Anyone may read public forum posts without creating an account. We collect only standard server logs from those visits.

1.3 Information Collected Automatically

  • Session cookies. We use a single session cookie (set by Flask-Login) to keep you signed in, and a Flask session cookie that holds short-lived state for the demo bot (turn count, history). We do not use advertising, analytics, cross-site tracking, or marketing cookies.
  • Server logs. Our hosting provider records standard HTTP access logs, including IP address, timestamp, request path, status code, and user agent, for security, debugging, and abuse-prevention purposes. These logs are retained per Railway's standard retention.
  • Rate limiting. The demo bot is rate-limited per IP address (10 requests per hour, 30 per day) using an in-memory counter. The counter holds the IP address and a recent-request timestamp during the active window and is not persisted to disk.

2. How We Use Information

We use the information described above to:

  • Provide, maintain, and improve the Service;
  • Authenticate you and secure your account, including by decrypting your BYOT and BYOK credentials in memory only at the moment of each outbound request you initiate;
  • Send and receive SMS on your instructions, by relaying the necessary content to Twilio using your BYOT credentials, and by receiving inbound replies Twilio webhooks deliver to us;
  • Generate AI-drafted message content by relaying prompts to Anthropic (or the AI provider you select) using your BYOK credentials — or, for the public demo bot only, using our platform-owned API key;
  • Enforce opt-out signals (STOP keywords, semantic opt-out classifiers, manual DNC flags) across six layered defenses, including the platform-wide global DNC list described in Section 4;
  • Apply quiet-hours holds (9 PM-8 AM in the recipient's local timezone) so that outbound traffic respects TCPA and state telemarketing rules;
  • Respond to support requests and communicate with you about the Service;
  • Detect, investigate, and prevent fraud, abuse, and security incidents, including unusual traffic patterns at the demo bot;
  • Comply with applicable law and enforce our Terms of Service.

3. AI Processing Disclosure

When you enable AI features, the Service sends prompts to Anthropic (or your selected AI provider) over HTTPS using your BYOK credentials. Those prompts include the conversation history and the lead's qualification context that Claude needs to draft a reply or extract qualification fields. Anthropic processes those prompts under its own terms and privacy policy and bills you directly. We never see, retain, or use your conversation content for any purpose other than orchestration of the immediate request.

When a visitor sends a message to the public demo bot, we use a platform-owned Anthropic API key (the demo bot is the only AI feature where we pay for tokens). The system prompt + visitor message are sent to Anthropic over HTTPS; we retain only aggregate token counts and cost figures.

4. The Global DNC List (Cross-Tenant Exception)

The Service deliberately maintains one cross-tenant data set: the global DNC list. This list contains only phone numbers that have opted out of receiving SMS from any InsertLead customer (via STOP keyword, semantic opt-out detection, manual flag, or carrier-side STOP handling). When a phone number is added to the global list, every subsequent outbound message from every InsertLead account is blocked from sending to that number.

The global DNC list contains only the phone number — it does not contain names, addresses, conversation history, or any other Customer Data. The purpose is to protect the platform's overall sender reputation with carriers (T-Mobile, AT&T, Verizon) and to honor recipients' opt-out requests consistently across the platform. Once a phone number is on the global list, it stays on the list; clearing a per-user DNC entry does not remove the number from the global list.

Aside from this single list, every other piece of Customer Data is scoped to the user account that produced it. Other users of the Service have no visibility into your leads, conversations, campaigns, AI usage, or notes.

5. Disclosure of Information

We do not sell your personal information or Customer Data, and we do not share it with third parties for their own marketing purposes. We disclose information only in the following limited circumstances:

  • Subprocessors. We rely on third-party service providers to operate the Service: Railway (application hosting and managed PostgreSQL database), Cloudflare (DNS and Turnstile bot challenge), Stripe (payment processing), and Anthropic (platform-owned key for the public demo bot only). These providers process information on our behalf under their own terms and privacy policies.
  • Your designated providers. When you send an SMS or request an AI-generated reply through the Service, the necessary content is transmitted to Twilio and to your selected AI provider using your credentials. Your relationship with those providers, and the data you send to them, is governed by their respective terms and privacy policies, not ours.
  • Legal process. We may disclose information if we believe in good faith that disclosure is required by law, subpoena, court order, or other valid legal process, or is necessary to protect the rights, property, or safety of InsertLead, our users, or the public.
  • Business transfers. If the InsertLead business is involved in a merger, acquisition, or sale of all or part of its assets, information may be transferred as part of that transaction, subject to a successor's agreement to honor the commitments made in this Policy.

6. Customer Data and Multi-Tenant Isolation

Customer Data you upload or generate through the Service is scoped to your account at the database-query level. Multi-tenant isolation is the security boundary we test most carefully, and the global DNC list described in Section 4 is the only documented exception. Authorized personnel of InsertLead may access Customer Data solely to operate, troubleshoot, or secure the Service.

7. Data Retention

We retain account information, BYOT/BYOK credentials, Customer Data, and messaging history for as long as your account is active. When you cancel your subscription, your account moves to a read-only state for 60 days so you can log in, export Customer Data, and reactivate by re-subscribing. After 60 days of inactivity post-cancellation, account-level personal information, Customer Data, and encrypted credential fields are permanently deleted.

Phone numbers in the global DNC list (Section 4) are retained indefinitely because their purpose is to ensure ongoing opt-out enforcement.

Aggregated, non-identifying data (such as daily token-cost figures for the public demo bot) may be retained beyond account closure for operational purposes.

8. Security

We implement reasonable administrative, technical, and physical safeguards designed to protect the information we process, including:

  • At-rest encryption of BYOT and BYOK credentials (Fernet);
  • HTTPS in transit on all routes;
  • Bcrypt password hashing;
  • Per-user query scoping enforced at the database query layer;
  • CSRF protection on all state-changing routes;
  • Cloudflare Turnstile bot challenge on the public demo bot;
  • Per-IP rate limiting on the demo bot;
  • Audit logging of sensitive operations (AI decision log, opt-out events).

No method of electronic storage or transmission is completely secure, and we cannot guarantee absolute security.

9. Your California Privacy Rights

If you are a California resident, the California Consumer Privacy Act (“CCPA”) provides you with rights regarding your personal information, including the right to request access to, deletion of, or correction of personal information we have collected about you, and the right not to be discriminated against for exercising these rights. We do not sell or share personal information as those terms are defined under the CCPA. To exercise any CCPA right, contact us using the information in Section 13.

10. Children’s Privacy

The Service is intended for business use by adults and is not directed to children under the age of 13. We do not knowingly collect personal information from children under 13. If you believe a child has provided us with personal information, please contact us and we will take steps to delete it.

11. Third-Party Links and Services

The Service contains links to and integrates with third-party websites and services, including Twilio (your account), Anthropic (your account or, for the public demo bot, our account), Stripe (billing), Cloudflare (Turnstile + DNS), and Railway (hosting). We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with information.

12. Changes to This Policy

We may update this Privacy Policy from time to time. If we make material changes, we will provide notice by posting the updated Policy at this URL and revising the “Effective date” above. Your continued use of the Service after an update constitutes your acceptance of the revised Policy.

13. Contact

Questions, requests, or complaints regarding this Privacy Policy should be directed to:

InsertLead (sole proprietorship)
Email: insrtlead@gmail.com
State of organization: Wisconsin, United States

See also our Terms of Service.