PRIVACY POLICY

  • LAST UPDATED: September 16, 2025

    1. Introduction

    This Privacy Policy (“Policy”) describes how LYNC, LLC (“LYNC,” “we,” “us,” or “our”) and Pinnacle Financial Services, Inc. (“Pinnacle”) collect, use, disclose, and protect Personal Information in connection with the BOSS 4 Agents by LYNC CRM solution and related sites, pages, and apps that link to this Policy (collectively, the “Services”). The Services are marketed by Pinnacle as “BOSS 4 Agents by LYNC CRM” and operated on LYNC’s white-labeled platform built on HighLevel technology.

    This Policy applies to visitors and users, including insurance agencies, their personnel, and their clients whose data may be processed through the Services (“you”). “Personal Information” means information that identifies or can reasonably be linked with a particular person or household.

    Relationship clarity. Pinnacle is an affiliated, authorized reseller/white-label marketer of the LYNC platform. This arrangement is an approved offering but not a legal partnership or joint venture. Unless stated otherwise, LYNC is the platform operator. Depending on context, insurance agencies are the “controllers” of data they input into the CRM; LYNC acts as a “processor” to those agencies. Pinnacle may act as: (i) an independent controller for its own marketing site(s) and communications; and (ii) in some cases, a processor to agencies when performing implementation or support under their direction.

    By using the Services, you acknowledge this Policy.

    1.1 Brands and Scope

    • Product brand: BOSS 4 Agents by LYNC CRM (marketed by Pinnacle; operated by LYNC).

    • Operator: LYNC, LLC.

    • Representative site(s): boss.lynccrm.com and applicable subdomains, product pages, and web/mobile apps that link here.

    • Optional integrations: phone AI features provided by 3rd Party AI Providers (see §11.9) and other integrations you enable.

    2. Information We Collect

    2.1 Personal Information you provide

    • Contact & Account Data: name, email, phone, address; login credentials; role; preferences.

    • Business/Agency Data: company name, license numbers, product lines, and related details.

    • Billing Data: limited payment/billing info handled by payment processors; we do not store full card numbers.

    • Client/Policyholder Data (Agency CRM Content): client contact details, policy info, notes, files, communications, and CRM activity you input or sync. Agencies are responsible for having a lawful basis to process this data.

    2.2 Data collected automatically

    • Usage & Device Data: IP address, device/browser type, OS, pages viewed, features used, timestamps, diagnostic logs, and coarse location derived from IP.

    • Cookies/Tracking: as described in §9.

    2.3 Optional phone AI data (if enabled)

    • Call Metadata & Recordings (where permitted by law and with appropriate notice/consent).

    • Transcriptions & AI Insights (e.g., summaries, keyword tags, sentiment). See §11.9.

    2.4 From third parties/integrations

    • Data from tools you connect (e.g., email, telephony, calendars, quoting tools), public sources, referrals, or marketing partners, consistent with law and your settings.

    2.5 Legal bases (EEA/UK where applicable)

    We process Personal Information based on contract performance, legitimate interests, consent (where required), and legal obligations.

    3. How We Use Personal Information

    • Provide & operate the Services (CRM features, communications, workflows, analytics, dashboards).

    • Support & security (troubleshooting, incident prevention, fraud/abuse detection).

    • Product improvement (usage analytics, feature development, quality and performance).

    • Communications (service notices, account updates; marketing with your consent/where permitted).

    • Compliance & enforcement (legal obligations, terms enforcement, rights protection).

    • De-identified/aggregated analytics that do not identify individuals.

    We use Agency CRM Content only per the agency’s instructions and our agreement with the agency. If we need to repurpose data in a way that is materially different, we will provide notice and, where required, obtain consent.

    4. How We Share Information

    • Service Providers/Sub-processors. We use vetted vendors under confidentiality and data-protection terms to host, process, and support the Services (e.g., HighLevel as the core platform infrastructure; analytics; email/SMS delivery; cloud hosting; payments).

    • Integrations you enable. If you connect third-party systems, we share necessary data per your instructions and the third party’s privacy terms.

    • Legal/Compliance. To comply with law, lawful requests, enforce terms, or protect rights, safety, and security.

    • Business transfers. In a merger, acquisition, or sale of assets, data may transfer subject to this Policy.

    • Aggregated/De-identified data. Shared for insights and benchmarking without identifying individuals.

    • Within your organization. Admins and designated users may access data consistent with role-based permissions.

    We do not “sell” Personal Information as that term is defined under the CPRA. We also do not “share” Personal Information for cross-context behavioral advertising. If that changes, we will update this Policy and provide required opt-out mechanisms.

    International transfers. We may transfer data to the United States and other countries with appropriate safeguards (e.g., EU SCCs/UK IDTA), see §8.

    5. Security and Retention

    • Security. We employ administrative, technical, and organizational safeguards (encryption in transit and at rest where applicable; access controls; logging; vulnerability management; employee training). No system is 100% secure.

    • Breach notice. We will notify affected parties and regulators as required by law.

    • Retention. We retain Personal Information as needed to provide the Services, meet legal obligations, resolve disputes, and enforce agreements. Agency CRM Content is retained per the agency’s instructions and our agreement. We may retain de-identified/aggregated data for analytics.

    6. Your Rights & Choices

    Depending on your location, you may have rights to access, correct, delete, port, restrict, or object to certain processing, and to withdraw consent where we rely on consent. Exercise these rights via your account settings or by contacting us (§13). We will verify requests as required by law. We do not discriminate for exercising privacy rights.

    Marketing choices. You can opt out of marketing emails via the unsubscribe link. We may still send essential service communications.

    SMS/MMS Compliance (A2P/TCPA).

    No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. Text message originator opt-in data and consent will not be shared with third parties. You may opt out at any time by replying STOP. Message/data rates may apply. See your campaign disclosures for specific program details.

    Do Not Track. Our Services currently do not respond to DNT signals.

    7. U.S. State Privacy Notices

    Residents of California, Colorado, Connecticut, Utah, and Virginia have additional rights. We honor the rights to know/access, correct, delete, portability, and to opt out of sales, targeted advertising, and certain profiling where applicable. Submit requests via §13. We will respond within the timelines required by law and provide an appeals process where required (e.g., CO/CT/VA). We do not sell or share Personal Information as defined by CPRA.

    8. International Data Transfers

    Where Personal Information is transferred internationally, we implement appropriate safeguards such as Standard Contractual Clauses (and UK addenda, where applicable) and conduct transfer assessments as needed. You may request information about these measures via §13.

    9. Cookies & Tracking

    We use cookies and similar technologies to operate the Services, remember preferences, and analyze usage. You can manage cookies via browser settings and, where provided, our cookie banner/tool. For details, see our Cookie Policy.

    10. Children’s Privacy

    The Services are intended for business users and are not directed to children. We do not knowingly collect Personal Information from individuals under 18. If we become aware that a child under 13 has provided Personal Information, we will delete it. Parents/guardians may contact us (§13).

    11. Insurance & Regulated Data Considerations

    • GLBA/HIPAA. Agencies are responsible for ensuring that any regulated data (e.g., NPI under GLBA; PHI under HIPAA) is collected and processed lawfully and consistent with their own privacy notices, consents, and retention schedules.

    • Business Associate status. LYNC is not a Business Associate under HIPAA unless and until a separate Business Associate Agreement (BAA) is executed with the covered entity/agency.

    • Data minimization. Agencies should limit CRM intake to necessary data, configure consent capture, and maintain appropriate notices to their clients.

    • Audit/Reporting. The platform provides role-based access and logging capabilities inherited from HighLevel; agencies should configure them to support compliance.

    11.9 Optional Phone AI Integration

    If you enable various AI calling features, call content and metadata may be processed by the provider under its own privacy terms as a sub-processor or integration partner. Agencies must obtain any required consents (including one-party vs. two-party call recording) and provide legally adequate call disclosures.

    12. Changes to this Policy

    We may update this Policy from time to time. We will update the “Last Updated” date and, where changes are material, provide prominent notice and/or seek consent where required. Your continued use of the Services after an update signifies acceptance.

    13. Contact Us

    For agency CRM operations (platform operator):

    LYNC, LLC
    Mailing Address: 400 Travis Street, #930 BLDG, Shreveport, LA 71101


    Email: [email protected]

    For marketing brand inquiries (reseller/white-label brand):

    Pinnacle Financial Services, Inc.

    We will respond within applicable legal timeframes. Authorized agents may submit requests with proof of authority. We may need to verify your identity before acting on a request.

    14. Glossary (short form)

    • Controller: Determines purposes/means of processing (typically the agency for its CRM content).

    • Processor: Processes on behalf of a controller (LYNC for Agency CRM Content).

    • Sell/Share (CPRA): Sale or cross-context behavioral advertising—we do neither.

    • Sensitive Personal Information: Data subject to heightened protections (e.g., precise geolocation, health data).

    • SCCs: Standard Contractual Clauses for international transfers.

BOSS 4 AGENTS. All Rights Reserved. LYNC Approved Partner.

(833) 679-9775 - AI SUPPORT AGENT LINE