Privacy Policy

Last Updated: March 23, 2026

InsuranceGrokBot ("we," "us," or "our") operates insurancegrokbot.click and the associated AI-powered sales automation platform (the "Service"). We are committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, dashboard, AI assistant, demo chat, or any connected integrations.

By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.

1. Information We Collect

a. Information You Provide

Email address and password (hashed using industry-standard algorithms) when you register or log in
CRM configuration details (location ID, OAuth access/refresh tokens (encrypted at rest using Fernet symmetric encryption), calendar ID, CRM user ID, bot name, timezone, initial message) when you configure your bot
Optional profile info (full name, phone, bio) if you choose to provide it
AI Assistant conversations and commands you submit via text or voice input
Demo chat messages (stored temporarily under a demo-specific session ID)
Support chat messages submitted via the website support bot
White-label branding preferences (company name, logo URL, accent color, font)
Contracted carrier selections and bot configuration settings

b. Information Automatically Collected

Device/browser data: IP address, browser type, operating system, pages visited, referral URL, time/date of access
Usage data: interactions with dashboard, dialer usage, call history, message history, AI Assistant usage, workflow executions
Call recordings and AI-generated transcripts (stored for accounts with active voice features)
AI Intelligence analysis data: temperature ratings, engagement scores, summaries generated by AI for your contacts
Phone number health data: spam scores, carrier status, rotation state
Cookies and similar technologies for session management, authentication, and analytics
Web Speech API audio (processed locally in your browser for speech-to-text — audio is NOT transmitted to our servers)

c. Information from Third Parties

GoHighLevel / LeadConnector: OAuth access/refresh tokens, location ID, company ID, CRM user ID, calendar ID, contact data (name, phone, email, address, DOB, tags, custom fields), conversation history, pipeline/opportunity data, and phone numbers via API
HubSpot: OAuth access/refresh tokens, hub ID, contact data, deal data, communication history, and webhook events via HubSpot API
Stripe: Payment data (customer ID, subscription status, plan details, payment method metadata — we do not store card numbers, CVV, or full card details)
Google Calendar: Calendar event data (event titles, dates/times, attendees, descriptions) via Google Calendar API using OAuth 2.0 (see Section 5)
Discord: OAuth tokens, server/guild information, channel lists, and messages you access through our embedded panel
Slack: OAuth tokens, workspace information, channel lists, and messages you access through our embedded panel
Telecommunications providers: Call detail records, recording files, transcription data, and delivery status for SMS messages

2. How We Use Your Information

To provide and operate the Service (AI SMS conversations, AI voice calls, AI Assistant actions, dialing, appointment booking, workflow automation, lead intelligence)
To authenticate users, manage sessions, and enforce role-based access control
To process payments and manage subscriptions via Stripe
To sync and store your CRM configuration and contact data
To generate AI responses and execute AI actions using xAI Grok — conversation data and contact context are sent to the AI provider during active requests only
To generate AI Intelligence analysis (temperature, score, summary, actions) for your contacts
To execute AI Assistant commands on your behalf (calling, texting, booking, searching, reporting)
To display your Google Calendar events in our dashboard calendar view to prevent scheduling conflicts
To generate agency reports, coaching insights, and performance analytics
To process and store call recordings and AI transcripts for your review and training purposes
To manage phone number health, spam protection registrations, and carrier compliance
To provide white-label branding for agency dashboards
To analyze usage (aggregated/anonymized) and debug issues
To communicate about your account, service updates, or support
To create scheduled reminders via the AI Assistant
For legal compliance, fraud prevention, and enforcing our Terms of Service

3. Information Shared with Third Parties

We do not sell your personal information or your contacts' personal information. We share data only as necessary to provide the Service:

GoHighLevel / LeadConnector: Messages, contacts, bookings, and pipeline updates are processed through their APIs using your OAuth tokens
HubSpot: Contact data, deal data, and activity logs are synced through HubSpot APIs using your OAuth tokens
xAI (Grok): Conversation messages, contact context, and AI Assistant commands are sent to xAI to generate responses and execute tool calls. Data is processed in real-time and is not used by xAI to train their models per their data processing terms
Stripe: Payment processing and subscription management
Telecommunications providers: Phone numbers, call routing, SMS delivery, call recordings, and carrier registration data
Google Calendar API: Calendar event data accessed solely for dashboard display. Not shared with any other third party (see Section 5)
Discord / Slack: Messages you send through our embedded panels are delivered to your connected Discord servers or Slack workspaces
Infrastructure providers: Hosting (Railway), database (PostgreSQL), caching (Redis), background job processing (RQ) — with appropriate data processing practices
Legal obligations: If required by law, subpoena, court order, or to protect the rights, property, or safety of InsuranceGrokBot, our users, or the public

4. AI and Data Processing Disclosure

We use xAI's Grok models to generate SMS replies, voice conversations, AI Intelligence analysis, AI Assistant responses, weekly reports, coaching insights, and workflow AI builders.
AI may produce errors, hallucinations, inaccurate information, or take unintended actions. Always verify important details independently and review AI actions taken on your behalf.
Conversation data, contact context, and user commands sent to xAI are processed in real-time for the purpose of generating responses. We do not store data on xAI's infrastructure beyond the duration of the API request.
We do not use your data to train xAI Grok or any other AI model.
The AI Dashboard Assistant can execute real actions (send SMS, make calls, book appointments, modify contacts, enroll in workflows) using your authenticated CRM credentials. These actions are taken on your behalf as the authorized account holder.
Voice input via the AI Assistant uses the Web Speech API, which processes audio locally in your browser. Audio data is handled by your browser's speech recognition engine (typically Google's servers for Chrome) and is not transmitted to or stored by InsuranceGrokBot's servers.

5. Google Calendar Data (Google API Services)

If you choose to connect your Google account, InsuranceGrokBot accesses your Google Calendar data through the Google Calendar API. Our use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

a. What We Access

Calendar event details: event titles, start/end times, attendees, descriptions, and event status
We use the calendar.events.readonly scope — we can only read your calendar data
We cannot create, modify, or delete any events on your Google Calendar

b. How We Use Google Calendar Data

To display your existing calendar events in our dashboard calendar view
To help you avoid scheduling conflicts and double-booking when setting appointments with insurance leads
Calendar data is used solely for displaying events to you — it is not used for AI training, advertising, analytics, or any other purpose

c. Storage and Retention

Calendar event data is cached in our database to provide a responsive calendar view
Cached data is refreshed periodically to stay in sync with your Google Calendar
If you disconnect your Google account or delete your InsuranceGrokBot account, all cached Google Calendar data is deleted

d. Sharing and Disclosure

Your Google Calendar data is never sold, shared with third parties, or used for advertising
Calendar data is displayed only to you (the authenticated user) within your dashboard
No Google Calendar data is sent to any AI model, analytics service, or external system
Google Calendar data is never sent to xAI (Grok) or any other AI service. Google Calendar and our AI systems are completely separate.

e. Revoking Access

You can disconnect your Google Calendar at any time from your dashboard settings
You can also revoke access directly from your Google Account permissions page
Upon revocation, all cached calendar data is deleted from our systems

6. Data Security

OAuth tokens are encrypted at rest using Fernet symmetric encryption
Passwords are hashed using industry-standard algorithms (Werkzeug/bcrypt)
All data in transit is encrypted via TLS/HTTPS
API key authentication uses constant-time comparison (hmac.compare_digest) to prevent timing attacks
PII (phone numbers, email addresses) is redacted from application logs
Database connections use connection pooling with semaphore queuing and timeout controls
Webhook signatures are verified using HMAC-SHA256 to prevent forgery
CSRF protection is enforced on all user-facing form submissions
No system is 100% secure — we cannot guarantee absolute protection against all threats

7. Data Retention

Demo chat: Deleted automatically after 30 minutes of inactivity
Support chat: Conversations are not stored persistently after the session ends
Registered users: Account configuration, profile data, and subscription information retained until account deletion or 90 days after subscription cancellation
Conversation history: SMS conversation history retained as needed for the Service. You control retention via your CRM settings
Call recordings: Stored for the duration of your subscription plus 90 days after cancellation
AI Intelligence cache: Contact analysis data retained with 24-hour TTL, automatically refreshed
Reminders: Redis-backed reminders expire automatically after their scheduled time plus a buffer period
Activity logs: Retained for 90 days for debugging and compliance purposes
Anonymized, aggregated usage data may be kept indefinitely for analytics and service improvement

8. Your Rights and Choices

Access: You can request a copy of the personal data we hold about you
Correction: You can update your account information through the dashboard or by contacting support
Deletion: You can request deletion of your account and associated data by contacting support. Deletion will be processed within 30 days, subject to any legal retention requirements
Data portability: You can export your call recordings and transcripts via the Training API
Opt-out: You can opt out of marketing emails using the unsubscribe link in any email
Revoke integrations: You can disconnect CRM, Google Calendar, Discord, or Slack integrations at any time from your dashboard settings
California residents (CCPA): You have the right to know what personal information we collect, request deletion, and opt out of the sale of personal information (we do not sell personal information)
EU/EEA residents (GDPR): If applicable, you have rights under the General Data Protection Regulation including the right to access, rectification, erasure, restriction of processing, data portability, and objection. Contact us to exercise these rights

9. Cookies and Tracking

Essential cookies: Used for session management, authentication, and CSRF protection. Required for the Service to function
Analytics: We use Meta Pixel for conversion tracking on marketing pages. You can opt out via browser privacy settings or ad blockers
Affiliate tracking: We use Rewardful for affiliate/referral program tracking
We do not use cookies for behavioral advertising or cross-site tracking within the dashboard

10. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 18, we will delete it promptly.

11. International Data Transfers

Data may be processed and stored in the United States or other countries where our infrastructure providers operate. By using the Service, you consent to the transfer of your information to the United States and other jurisdictions that may have different data protection laws than your jurisdiction of residence.

12. Third-Party Links and Services

The Service may contain links to third-party websites or services (GoHighLevel, HubSpot, Stripe, Google, Discord, Slack). We are not responsible for the privacy practices or content of these third-party services. We encourage you to review their privacy policies independently.

13. Changes to This Policy

We may update this Privacy Policy at any time. Material changes will be communicated via email and/or dashboard notification. The "Last Updated" date at the top will reflect the most recent revision. Continued use of the Service after changes are published constitutes acceptance of the updated policy.

14. Contact Us

For questions about this Privacy Policy, your data, or to exercise your privacy rights, contact us at:

Email: support@insurancegrokbot.com
Dashboard: Use the support chat or support form in your dashboard

← Back to Home