This Privacy Policy (“Policy”) describes how Consently LLC (“Consently,” “we,” “us,” or “our”) collects, uses, discloses, retains, and protects Personal Information when you access or use our web-based platform, tools, applications, software, or related services (collectively, the “Services”).

By accessing or using the Services, you agree to the terms of this Policy. If you do not agree, you must discontinue use of the Services.

1. DEFINITIONS

Capitalized terms not defined here have the meaning in the Terms of Service.

1.1 “Personal Information”

Information that identifies, relates to, describes, or could reasonably be linked to an identified or identifiable individual.

1.2 “Sensitive Personal Information”

Includes but is not limited to:

• Social Security Numbers
• driver’s license or state ID numbers
• financial account information
• biometric identifiers (used for identity verification)
• health/lifestyle disclosures voluntarily provided by a Client
• precise location information

1.3 “Client Information”

Personal Information relating to an Agent’s client that an Agent inputs or uploads to the Services.

1.4 “Agent”

A licensed U.S. life insurance producer authorized to create an account and intake Client Information.

1.5 “User”

Any person accessing or using the Services.

1.6 “Third-Party Service Providers”

External vendors used to support and operate the Services:

• Identity Verification:
  Stripe Identity
• Payment Processing:
  Stripe Payments
• SMS/Phone Communications:
  Twilio
• Email Delivery:
  SendGrid
• Cloud Hosting & Storage:
  Amazon Web Services (AWS)
• Web & Usage Analytics:
  Google Analytics

These entity references will not repeat elsewhere in this Policy, though the services may be referenced by name.

1.7 “Applicable Law”

Includes U.S. federal and state laws governing privacy, insurance, and data protection.

2. GEOGRAPHIC & INDUSTRY LIMITATIONS

2.1 U.S.-Only Usage

The Services may be used only within the United States, excluding:

• New York
• U.S. territories
• Canada
• Mexico
• All international locations

Consently blocks and prohibits access from these jurisdictions.

2.2 Industry Limitations

Consently does not provide or support medical insurance services.

The platform is built exclusively for life insurance intake and related workflows.

3. CATEGORIES OF INFORMATION WE COLLECT

3.1 Information You Provide Directly

• Full legal name
• Email address
• Phone number
• Mailing address
• Agent licensing details (NPN, state, license class)
• Government-issued ID (processed through Stripe Identity)
• Payment information (processed through Stripe Payments)
• Client Information voluntarily provided to support life insurance intake, including:

• Social Security Numbers
• address history
• date of birth
• beneficiary details
• income/financial information
• lifestyle/health disclosures voluntarily provided by a Client

Biometric Data

Biometric identifiers used for identity verification are processed by Stripe Identity and never stored by Consently.

4. INFORMATION WE COLLECT AUTOMATICALLY

We automatically collect technical and behavioral information, including:

• IP address
• browser type
• operating system
• device identifiers
• time of access
• pages viewed
• session duration
• cookie identifiers
• usage and activity logs

This helps with fraud prevention, security, analytics, and improving platform functionality.

5. INFORMATION FROM THIRD PARTIES

Consently may receive:

• licensing data from state Departments of Insurance,
• payment data from Stripe Payments,
• analytics data from Google Analytics,
• communications metadata from Twilio or SendGrid.

6. HOW WE USE PERSONAL INFORMATION

Consently Processes Personal Information to:

• operate and maintain the Services
• authenticate Agents
• verify identity using Stripe Identity
• deliver Client intake workflows
• store data and documents securely
• prevent fraud and security threats
• handle subscription billing through Stripe
• comply with legal and regulatory obligations
• communicate updates, alerts, and support responses
• analyze and improve product functionality

Consently does not sell or share Personal Information for cross-context behavioral advertising.

7. LEGAL BASIS FOR PROCESSING (GLOBAL STANDARD DISCLOSURE)

Processing is based on:

• Consent
• Contractual necessity
• Legal obligation
• Legitimate business interests

8. COOKIES & TRACKING TECHNOLOGIES

We use:

• session cookies
• authentication cookies
• analytics cookies
• performance logs

Google Analytics may collect device and usage data.

You may disable cookies, but core platform features may not function correctly.

9. DISCLOSURE OF PERSONAL INFORMATION

Consently may disclose Personal Information to:

9.1 Third-Party Service Providers

Including Stripe Identity, Stripe Payments, Twilio, SendGrid, AWS, and Google Analytics.

9.2 Regulatory Authorities

When legally required, such as during investigations or subpoenas.

9.3 Corporate Transactions

If Consently undergoes a merger, acquisition, restructuring, or asset sale.

10. DATA RETENTION

Consently retains Personal Information for:

• 10 years,
• unless:

• the User requests deletion,
• a longer period is legally required, or
• data must be retained for regulatory or legal defense purposes.

Consently may anonymize or archive data where immediate deletion is not technically feasible.

11. SECURITY MEASURES

Consently uses industry-standard safeguards:

• encryption at rest (AES-256) and in transit (TLS 1.2+)
• AWS cloud infrastructure security
• access control and permissioning
• audit logs
• intrusion detection
• role-based access
• internal security reviews
• vulnerability scanning
• physical security of AWS facilities

No system can guarantee 100% security, but Consently follows strong security practices.

12. HIPAA-ALIGNED SECURITY PRACTICES

Consently:

• is not a HIPAA-covered entity,
• may operate as a Business Associate only where a BAA is executed,
• follows HIPAA-aligned safeguards,
• does not store raw biometric data.

Agents must ensure appropriate client disclosures required by insurance laws.

13. CALIFORNIA PRIVACY RIGHTS (CCPA / CPRA)

For California residents (accessing from permitted locations only):

13.1 Right to Know

Categories of Personal Information collected, disclosed, and retained.

13.2 Right to Access

Request specific pieces of Personal Information.

13.3 Right to Delete

Subject to legal exemptions.

13.4 Right to Correct

Fix inaccurate Personal Information.

13.5 Right to Opt-Out

Consently does not sell or share data, so opt-out is not required.

13.6 Sensitive Personal Information

Consently does not use SPI for profiling or cross-context advertising.

13.7 Non-Discrimination

Consently will never penalize users for exercising privacy rights.

Requests must be submitted via privacy@consently.org.

14. MINORS

The Services are not for individuals under 18.

If we learn we have collected data from a minor, we will delete it promptly.

15. INTERNATIONAL DATA TRANSFERS

Consently does not intentionally collect or store data from outside the United States.

All processing occurs in U.S.-based AWS data centers.

16. ENFORCEMENT OF GEOGRAPHIC & INDUSTRY RESTRICTIONS

Consently may suspend or terminate accounts used:

• from restricted jurisdictions
• for medical insurance workflows
• for fraudulent activity
• in violation of licensing requirements

No refunds will be issued for terminated accounts.

17. “DO NOT SELL OR SHARE MY PERSONAL INFORMATION” STATEMENT

Consently does not:

• sell Personal Information
• share Personal Information for cross-context behavioral advertising
• use Personal Information for targeted ads

18. USER RIGHTS & REQUESTS (UPDATED)

Users may request:

• access
• deletion
• correction
• data portability

All privacy rights requests must be submitted to:

privacy@consently.org

Consently will verify your identity before responding.

We respond within 30 days unless legally extended.

19. BREACH NOTIFICATION

Consently will notify affected Users within 72 hours of discovering a confirmed Personal Information breach, consistent with Applicable Law.

20. CHANGES TO THIS PRIVACY POLICY

Consently may revise this Policy periodically.

Material changes will be communicated via:

• email
• dashboard notifications
• website banner

Continued use of the Services constitutes acceptance of the updated Policy.

21. CONTACT INFORMATION

Consently LLC

30500 Van Dyke Ave, Suite 800

Warren, MI 48093

Email: support@consently.org