Legal // Privacy Policy
Privacy Policy
This Privacy Policy explains how Flying Goat Leads ("we", "us", or "our") collects, uses, shares, and retains personal information in connection with the Flying Goat Leads marketplace (the "Marketplace"). It covers both the consumers whose insurance inquiry records ("Leads") we handle and the insurance agents who buy them.
1. Personal information we collect
We collect the following categories of personal information (PII):
- Consumer contact and identity data submitted through insurance inquiry forms or provided by our lead sources, which may include name, phone number, email address, postal address, age or date of birth, and the type of insurance the consumer is interested in.
- Consumer inquiry metadata, such as the date and source of the inquiry and, where available, records evidencing the consumer's consent to be contacted.
- Agent account data for buyers, including name, business name, email address, password credentials, licensed states, product selections, wallet and payment records, and IP address at the time of key actions such as agreement acceptance.
- Technical and log data, such as IP address, device and browser information, and audit records of actions taken in the Marketplace.
2. How we use personal information
We use personal information to operate the Marketplace, to provide Leads to insurance agent buyers, to run consumer inquiry intake and routing, to process wallet top-ups and lead purchases, to maintain security and audit trails, to comply with legal obligations, and to communicate with agents and consumers as permitted by law.
3. Sale and sharing of consumer leads (disclosure)
We want to be clear and direct: our business model involves selling and sharing consumer Leads. A Lead contains consumer personal information, and we sell and share that personal information with insurance agent buyers so that those agents can contact the consumer about insurance products. Under laws such as the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA), this constitutes a "sale" and a "sharing" of personal information. We do not sell or share the sensitive login credentials of agent accounts.
4. Your right to opt out (Do Not Sell or Share)
Consumers have the right to direct us not to sell or share their personal information. To exercise this right, a consumer may submit a Do Not Sell or Share My Personal Information request using the contact method in the "How to exercise your rights" section below. When we receive a valid opt-out, we will stop making that consumer's Lead available for sale or sharing and will add the consumer to our suppression list. Opting out does not require creating an account, and we will not discriminate against a consumer for exercising this right.
5. Data retention
We retain personal information for as long as needed for the purposes described in this Policy and as required by law. Specifically:
- Unsold Leads: a Lead that has not been sold expires and is removed from active availability ninety (90) days after we receive it.
- Sold Leads: once a Lead has been sold or shared with an agent buyer, the associated record is retained indefinitely. We keep it, and the related consent and provenance records, to evidence the transaction and consumer consent and to meet legal and compliance obligations, including record retention consistent with a four (4) year TCPA-oriented retention practice. Deletion requests are honored subject to these legal retention exceptions.
6. Your privacy rights
Depending on where you live, you may have rights to know what personal information we hold about you, to access a copy of it, to correct it, to delete it, and to opt out of the sale or sharing of it. These rights are subject to legal exceptions, including the retention exceptions described above for sold Leads and for records we must keep by law.
7. How to exercise your rights (DSAR)
To exercise any of these rights, including access, correction, deletion, or an opt-out of sale or sharing, submit a data subject access request (DSAR) to our privacy contact. We verify the identity of the requester before acting and respond within the timeframes required by applicable law. Requests are processed through our internal DSAR workflow, which records the request, the verification, and the action taken. Final contact details for privacy requests will be confirmed before launch.
8. Security (GLBA safeguards)
We treat consumer financial and insurance inquiry data as nonpublic personal information and maintain an information security program with administrative, technical, and physical safeguards designed to protect it, consistent with the Gramm-Leach-Bliley Act (GLBA) Safeguards Rule. Safeguards include access controls and row-level access restrictions, encryption of credentials, audit logging of sensitive actions, and least-privilege access for staff. No system is perfectly secure, and we cannot guarantee absolute security, but we work to protect personal information against unauthorized access, use, and disclosure.
9. Agent buyer obligations
Agents who buy Leads are independent data controllers for the personal information they receive and must handle it in compliance with all applicable privacy, consent, and marketing laws, including honoring any consumer opt-out or revocation they receive. The Lead Purchase Agreement governs those obligations.
10. Changes to this Policy
We may update this Privacy Policy from time to time. Material changes will be posted here with an updated version marker.