The Frank Plan

Privacy Policy

Last updated: August 15, 2025

1. SCOPE

This policy explains how we collect, use, disclose, and protect personal information when you use thefrankplan.com and our related landing pages, forms, ads, and communications ("Services"). It applies to visitors in Canada, the United States, and other regions where we operate.

2. BROWSING AND CHOICES

You may visit the Site without directly giving us your name, email, or phone; however, cookies and similar technologies may still collect technical data (see Section 6). Some features (e.g., submitting a quote request) require personal information.

3. WHAT WE COLLECT

We collect the following categories of personal information:

Contact information: such as your name, email, phone number, mailing address, or similar details you choose to provide.

Demographic and application information: such as your age range, insurance interests, responses to form or quiz questions, or other details you provide when requesting a quote or completing surveys.

Verification and consent data: including timestamps, IP address, user agent, page/form version, and TrustedForm certificate URL/ID.

Technical data: such as device/browser type, pages viewed, referrer/UTM parameters, approximate location from IP, cookies, or similar technologies.

Communications: including the content of messages you send us and your opt-in/opt-out preferences.

Lead routing data: including which partner(s) we sent your inquiry to, delivery status, and outcome feedback (e.g., appointment booked).

We may update the types of questions asked in our forms or surveys from time to time, but we will always collect only the information necessary to connect you with insurance providers and operate our Services.

4. SOURCES

We collect data directly from you (forms, email), automatically via cookies/SDKs, and from service providers who help us secure traffic and document consent (e.g., ActiveProspect/TrustedForm). We may also receive limited feedback from third-party providers we connect you with.

5. PURPOSES (WHY WE USE DATA)

Provide, secure, and improve the Services.

Verify that you are a real person and prevent abuse/fraud.

Create and store proof of consent for compliance (TCPA, CASL, GDPR).

Respond to requests, route your inquiry to appropriate third-party providers, and track outcomes.

Personalize content/ads and measure performance.

Maintain business records, defend legal claims, and comply with law.

6. COOKIES AND SIMILAR TECHNOLOGIES

We use cookies and similar tech for core functionality, analytics, personalization, and advertising measurement. Manage cookies via your browser and any cookie controls we provide. California users may treat some advertising cookies as "sharing" (see Section 11). We honor the Global Privacy Control (GPC) signal to the extent required by law.

7. DISCLOSURES (HOW WE SHARE INFORMATION)

We disclose personal information to:

  • Service providers/processors (hosting, forms, analytics, security, storage, automation). Key vendors: ActiveProspect/TrustedForm (consent certificates), Google Sheets/Drive (lead storage and consent artifacts), n8n (automation).
  • Licensed insurance brokers, providers, and their agents ("Authorized Partners"): We sell or share your personal information with Authorized Partners so they may contact you about insurance quotes and related offers.
  • Advertising/analytics partners to measure performance and manage reach/frequency, including Google/YouTube and Meta (e.g., Custom Audiences/Lookalike).
  • Authorities when required by law or to protect rights, safety, and security.

We sell or share lead information with Authorized Partners in exchange for compensation. We do not sell personal information for money to unrelated third parties.

Processors & Data Processing Agreements

We use service providers under written data processing terms that require them to follow our instructions, implement appropriate security, and prohibit using your personal information for any other purpose.

8. THIRD-PARTY SITES AND ADS

Links and ads may take you to third-party websites/apps we do not control. Their practices are governed by their own terms and privacy policies. We are not responsible for their content, policies, or services.

9. TRUSTEDFORM CONSENT CAPTURE

We use ActiveProspect's TrustedForm to document your express consent. TrustedForm may record your visit (date/time, IP address, user agent, page URL) and capture a snapshot of the lead form. A TrustedForm Certificate is associated with your submission to prove when/how you consented.

Canadian users: We maintain consent evidence as required under CASL.

10. YOUR PRIVACY RIGHTS AND CHOICES

Canada (PIPEDA & provincial laws):

Right to access and correction; withdraw consent to marketing at any time.

California (CPRA/CCPA):

Right to know/access, delete, correct, opt-out of sale/share, and limit use of sensitive personal information. To exercise rights or opt-out of "sale/share," email us with "California Privacy Request" and use cookie controls where available. We honor GPC signals.

EEA/UK (GDPR):

Rights to access, rectify, erase, restrict, object, and data portability; withdraw consent where consent is the basis; complain to your local authority.

Other U.S. states (CO, CT, VA, UT):

Residents may also have the right to opt out of sale or targeted advertising.

How to exercise rights:

Email Info@thefrankplan.com with (1) your request, (2) the email/phone you used, and (3) your region. We may verify identity before acting.

Data Subject Access Requests (DSAR): We will acknowledge requests within 5 business days and respond within 30 days (with lawful extensions explained).

Your Privacy Choices:

If you opt out of "sale/share," we will no longer share your new data with Authorized Partners. Insurance providers who already received your information act as independent businesses and are responsible for honoring unsubscribe or privacy requests directly.

11. DATA RETENTION

We retain lead records and consent evidence (timestamps, IP address, user agent, TrustedForm certificates) for up to five (5) years to comply with legal obligations and defend against potential claims. After that, we securely delete or de-identify data. Backup copies may be retained for disaster recovery only.

12. INTERNATIONAL TRANSFERS

We operate from Canada and use providers in the United States and elsewhere. When data is transferred internationally, we rely on safeguards (e.g., Standard Contractual Clauses for EEA/UK transfers) and supplementary measures where required.

13. SECURITY

We use administrative, technical, and physical safeguards such as encryption in transit, access controls, IP/UA rate-limiting, honeypot protection, least-privilege permissions, and monitoring. No method is 100% secure; residual risk remains.

Breach Notification:

If a security incident creates a real risk of significant harm, we will notify affected individuals and, where required, regulators.

14. CHILDREN

The Services are intended for adults age 18 and older. We do not knowingly collect personal information from children under 13. If you believe a child has provided information to us, please contact us and we will delete it.

15. DO NOT TRACK

We do not respond to browser "Do Not Track" signals. We do respond to GPC as noted above.

16. CHANGES TO THIS POLICY

We may update this policy from time to time. The "Last updated" date shows when changes took effect. Material changes will be posted here; continued use after changes means you accept the updated policy.

17. CONTACT

To exercise rights or ask questions, email: Info@thefrankplan.com. Mailing address available on request. You may also complain to a privacy regulator in your jurisdiction.

APPENDIX — NOTICE AT COLLECTION (CALIFORNIA)

Categories collected:

identifiers (name, email, phone, IP, device IDs), customer records (contact details you submit), internet activity (pages viewed, referrer/UTM, session/cookie data), geolocation (approximate from IP), inferences (audience segments), verification/consent data (TrustedForm).

Sources:

you, your devices, our service providers.

Purposes:

see Section 5.

Sale/Sharing:

We sell or share lead information with licensed insurance brokers, providers, and their agents in exchange for compensation. We do not sell data for unrelated purposes.

Retention:

see Section 11.

Sensitive data:

We do not intentionally collect sensitive characteristics.

Vendor Transparency Notes:

We use trusted service providers under written agreements. Key vendors include:

  • ActiveProspect (TrustedForm)
  • Google (Sheets/Drive, Gmail)
  • Twilio
  • n8n

We also use other service providers, such as cloud hosting platforms, email delivery services, and analytics providers. Vendors are required to follow our instructions, maintain appropriate security, and may not use your information for their own purposes.