Privacy Policy

Effective January 1, 2026

1. Who we are

Leadality is a product of Opervex, LLC ("Leadality," "we," "us"). We operate a platform that helps licensed life insurance agencies ("Agency Customers") source, capture consent from, and contact U.S. consumers ("Consumers") who have requested an insurance quote.

Postal address: 123 Main St, Tampa, FL 33602 (placeholder — update before launch). Contact: privacy@leadality.ai.

2. What information we collect

From Consumers (people who submit quote requests)

  • Identity: first name, last name
  • Contact: phone number (E.164), email address, ZIP code
  • Public-records context: property address, mortgage amount, lender name, recording date (sourced from publicly recorded county filings)
  • Optional enrichment: date of birth (from state voter files or third-party providers)
  • Consent evidence: the exact disclosure shown, version, timestamp, IP address, browser user agent, and (where available) a TrustedForm certificate from ActiveProspect, Inc.

From Agency Customers

  • Business identity (agency name, legal entity name, postal address, contact email)
  • Authentication identifiers (email, magic-link session tokens)
  • Billing information processed by Stripe (we don't store card numbers)

3. How we use it

  • To deliver the requested service — match Consumer quote requests to the Agency that operates the landing page where the request was submitted.
  • To honor opt-outs — maintain suppression lists for DNC + complaints + revocations.
  • To prevent misuse — fraud detection, rate limiting, security investigations.
  • To improve the platform — aggregated analytics; never sold to third parties.

4. How we share it

We share Consumer information only with the specific Agency named in the consent disclosure at the time of submission. We do not share leads across Agencies. We do not sell personal information in the traditional sense, although limited sharing with the specific Agency you opted in to may constitute a "sale" or "sharing" under the California Consumer Privacy Act.

Service providers who process data on our behalf: Supabase (database + auth), Vercel (hosting), Stripe (payments), Resend (transactional email), Twilio (SMS), Anthropic (AI personalization — no PII names), ActiveProspect (consent witness certificates). Each is bound by a data-processing agreement.

5. Your rights

California (CCPA / CPRA)

  • Right to know: request a copy of personal information we hold about you.
  • Right to delete: request deletion. Email privacy@leadality.ai or use the unsubscribe link in any email — we honor within 10 business days.
  • Right to correct: request correction of inaccurate data.
  • Right to opt out of sale/sharing: use the "Do Not Sell or Share My Personal Information" link in our footer (to be added) or email us.
  • Right to limit sensitive personal information: we do not use sensitive PI for any purpose beyond delivering the requested service.
  • Right to non-discrimination: exercising these rights will never result in different pricing or service quality.

Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA)

Residents of these states have similar rights — access, deletion, correction, and opt-out of targeted advertising. Submit any request to privacy@leadality.ai and we will process within the statutory timeframe.

Texas (TDPSA), Oregon (OCPA), and other state laws

We honor opt-out requests from residents of any U.S. state with equivalent privacy legislation.

6. TCPA and consent

We rely on prior express written consent for telephone, SMS, and email contact. Consent is captured per-Agency on the branded landing page (one-to-one with the named seller). You may revoke consent at any time by:

  • Replying STOP to any SMS
  • Clicking the unsubscribe link in any email
  • Asking the Agency's representative to remove you

Revocation is processed immediately (technically) and within the legal window in all cases. See our TCPA addendumfor the full consent + suppression mechanics.

7. Data retention

Consent records (the opt_ins ledger) are retained indefinitely as evidence of consent, as required by TCPA defense practice. Other personal data is retained as long as the Agency relationship is active plus 3 years for limitation periods, then deleted.

8. Security

All data in transit is TLS-encrypted. Database access is gated by Postgres row-level security policies enforcing tenant isolation. Only a small set of trusted server-side processes can read across tenants. Authentication uses magic-link OTP — no passwords stored.

9. Children

Leadality is not directed at children under 18. We do not knowingly collect data from minors.

10. Changes to this policy

We will post material changes here at least 14 days before they take effect, and notify Agency Customers by email. Continued use after the effective date constitutes acceptance.

11. Contact

Questions or rights requests: privacy@leadality.ai