Privacy Policy

1. SCOPE

This policy explains how we collect, use, disclose, and protect personal information when you use thefrankplan.com and our related landing pages, forms, ads, and communications ("Services"). It applies to visitors in Canada, the United States, and other regions where we operate.

2. BROWSING AND CHOICES

You may visit the Site without directly giving us your name, email, or phone; however, cookies and similar technologies may still collect technical data (see Section 6). Some features (e.g., submitting a quote request) require personal information.

3. WHAT WE COLLECT

a) Information you provide:

name, email, phone, postal code/state, age range, insurance interests, free-text you submit.

b) Verification/consent data:

timestamps, IP address, user agent, page/form version, and TrustedForm certificate URL/ID.

c) Technical data:

device and browser type, pages viewed, referrer/UTM parameters, session timestamps, approximate location from IP, cookies or similar tech.

d) Communications:

email/SMS content you send us, opt-in/opt-out preferences.

e) Lead routing data:

which partner(s) we sent your inquiry to, delivery status, and limited outcome feedback (e.g., appointment booked).

f) Survey/quiz responses

if you choose to complete them.

First-Party Analytics

We collect first-party analytics such as UTM parameters, IP address, device and browser information, referrer, and pages viewed to operate and improve our site, measure campaign performance, and prevent fraud. We do not disclose this analytics data to ad networks for cross-site behavioral advertising.

Limited Health Information

We may collect limited health-related information that you provide directly in our form (for example, whether you smoke or whether you have health conditions). We use this information only to connect you with licensed insurance providers for quotes. We do not collect detailed medical records and do not use sensitive information for unrelated purposes.

4. SOURCES

We collect data directly from you (forms, email), automatically via cookies/SDKs, and from service providers who help us secure traffic and document consent (e.g., ActiveProspect/TrustedForm). We may also receive limited feedback from third-party providers we connect you with.

5. PURPOSES (WHY WE USE DATA)

• Provide, secure, and improve the Services.
• Verify that you are a real person and prevent abuse/fraud (rate-limiting, honeypot protection).
• Create and store proof of consent for compliance (TCPA/CASL/GDPR).
• Respond to requests, route your inquiry to appropriate third-party providers, and track outcomes.
• Personalize content/ads and measure performance.
• Maintain business records, defend legal claims, and comply with law.

6. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar tech for core functionality, analytics, personalization, and advertising measurement. Manage cookies via your browser and any cookie controls we provide. California users may treat some advertising cookies as "sharing" (see Section 11). We honor the Global Privacy Control (GPC) signal to the extent required by law.

7. DISCLOSURES (HOW WE SHARE INFORMATION)

We disclose personal information to:

• Service providers/Processors (hosting, forms, analytics, security, file storage, automation). Key vendors: ActiveProspect/TrustedForm (consent certificates), Google Sheets/Drive (lead storage and consent artifacts), and n8n (automation).
• Third-party providers you ask us to connect you with (e.g., licensed insurance agents/agencies).
• Advertising/analytics partners to measure performance and manage reach/frequency (pseudonymous where feasible), including platforms such as Google/YouTube and Meta (e.g., Custom Audiences/Lookalike).
• Authorities or others when required by law or to protect rights, safety, and security.

We do not sell personal information for money. We may "share" identifiers and internet activity with ad partners for cross-context behavioral advertising as defined under the California Privacy Rights Act (opt-out options in Section 11).

Processors & Data Processing Agreements

We use trusted service providers under written data processing terms that require them to follow our instructions, implement appropriate security, and prohibit using your personal information for any other purpose.

8. THIRD-PARTY SITES AND ADS

Links and ads may take you to third-party websites/apps we do not control. Their practices are governed by their own terms and privacy policies. We are not responsible for their content, policies, products, or services. Review their privacy notices before engaging.

9. TRUSTEDFORM CONSENT CAPTURE

We use ActiveProspect's TrustedForm to document your express consent. TrustedForm may record your visit (date/time, IP address, user agent, page URL) and capture a snapshot of the lead form. A TrustedForm Certificate is associated with your submission to prove when/how you consented. You may request that we or ActiveProspect disable association of your visit with your certificate, subject to legal requirements.

11. YOUR PRIVACY RIGHTS AND CHOICES

Canada:

access and correction rights; withdraw consent to marketing at any time.

California (CPRA/CCPA):

right to know/access, delete, correct, opt-out of sale/share, and limit use of sensitive personal information (we do not use sensitive data to infer characteristics). To exercise rights or opt-out of "sale/share," email us with "California Privacy Request" and use cookie controls where available; we honor GPC signals.

EEA/UK (GDPR):

rights to access, rectify, erase, restrict, object, and data portability; withdraw consent where consent is the basis; complain to your local authority (e.g., ICO in the UK).

How to exercise: email Info@thefrankplan.com with (1) your request, (2) the email/phone you used, and (3) your region (e.g., California, Ontario, EU). We may verify identity before acting. Authorized agents may submit requests with proof of authority.

We do not charge a fee for rights requests unless permitted by law (e.g., manifestly unfounded or excessive requests).

Data Subject Access Requests (DSAR)

Timelines & verification: We will acknowledge your request within 5 business days and respond within 30 days (with any lawful extensions explained). We may request reasonable proof of identity (e.g., confirming control of your email or phone) before acting. Authorized agents may submit requests with proof of authority.

Your Privacy Choices

We use first-party analytics to operate and improve our site and we may "sell" or "share" (as defined under the California Consumer Privacy Act / CPRA) certain personal information that you provide in our forms with licensed insurance providers and their agents to connect you with insurance offers. We do not disclose our internal analytics logs (e.g., UTM, IP, device) to ad networks for cross-site behavioral advertising.

California residents (CCPA/CPRA)

If you are a California resident, you may opt out of the sale or sharing of your personal information by emailing Info@thefrankplan.com with the subject "California Privacy Request" and the email or phone number you used on our form. We will record your request and ensure your information is no longer shared with new providers. We also honor the Global Privacy Control (GPC) signal sent by your browser.

For your browser on this device, you may additionally apply a preference that limits ad tags on our site:
Apply Browser Opt-Out

Note: Insurance providers who already received your information act as independent businesses and are responsible for honoring your unsubscribe or privacy requests directly.

If you previously opted out but later submit the form and check the consent box again, we will treat that as a new consent and may resume sharing your information at your request.

Other U.S. states with privacy laws (e.g., CO, CT, VA, UT)

Residents of certain states may also have the right to opt out of the sale of personal information or targeted advertising. You may use the same methods above to make your request, and we will apply your preference going forward.

Canada

Canadian residents may withdraw consent at any time by emailing Info@thefrankplan.com. We comply with PIPEDA and applicable provincial privacy laws. If your information has already been shared with an insurance provider, please contact that provider directly to manage their communications.

Data Retention

We retain lead records and consent evidence (including timestamps, IP address, user agent, and TrustedForm certificates where applicable) for up to five (5) years to comply with legal obligations and to defend against potential claims. After that period, we securely delete or de-identify the data. Backup copies may be retained on a rolling basis for disaster recovery only.

13. INTERNATIONAL TRANSFERS

We operate from Canada and use providers in the United States and elsewhere. When personal information is transferred internationally, we rely on appropriate safeguards (e.g., Standard Contractual Clauses for EEA/UK transfers) and implement supplementary measures where required.

14. SECURITY

We use administrative, technical, and physical safeguards such as encryption in transit, access controls, IP/UA rate-limiting, honeypot protection, least-privilege permissions, and monitoring. No method is 100% secure; residual risk remains.

Security & Breach Notification

We implement safeguards such as encryption in transit and at rest, access controls, and monitoring to protect your information. If a security incident creates a real risk of significant harm, we will notify affected individuals and, where required, regulators as soon as feasible, including a description of the incident, what information was involved, and steps you can take.

15. CHILDREN

The Services are not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child provided information, contact us to delete it.

16. DO NOT TRACK

We do not respond to browser "Do Not Track" signals. We do respond to GPC as noted above.

17. CHANGES TO THIS POLICY

We may update this policy from time to time. The "Last updated" date shows when changes took effect. Material changes will be posted here; continued use after changes means you accept the updated policy.

18. CONTACT

To exercise rights or ask questions, email: Info@thefrankplan.com. Mailing address available on request. You may also complain to a privacy regulator in your jurisdiction (e.g., Office of the Privacy Commissioner of Canada, a provincial commissioner, your EEA authority, or the UK ICO).