Legal
Privacy Policy
This policy explains what information we collect, how we use it, and the choices you have.
Klynk is a customer relationship and support platform for insurance organizations (managing general agents and brokerages), operated by Klynk Technologies Inc. (“Klynk”, “we”, “us”). You can reach us at support@klynk.ca.
This policy explains what information we collect, how we use it, and the choices you have. It applies to the Klynk application at klynk.ca and to our marketing website.
1. The two kinds of data we handle
Klynk handles personal data in two distinct roles:
- Data about our customers (Klynk as “controller”). Information about the people who create and use Klynk accounts — the staff of the insurance organizations that subscribe to Klynk.
- Data our customers put into Klynk (Klynk as “processor”). Information that a subscribing organization (“tenant”) stores in Klynk about their clients, agents, and business — for example an insured person’s contact details or a policy document. This data belongs to the tenant. We process it only to provide the service, on the tenant’s instructions, under our Data Processing Agreement.
If you are a client of one of our customers (for example, you hold an insurance policy managed by an agency that uses Klynk), that agency is responsible for the data it stores about you. Contact them directly for privacy requests; we will assist them in fulfilling those requests.
2. Information we collect about our users
- Account information: name, email address, password (stored only as a secure hash), role, and the organization you belong to. If you were invited, we store the email address the invitation was sent to.
- Connected email accounts: if you connect a Gmail or Microsoft mailbox, we store revocable access tokens (via our email infrastructure provider, Nylas) and your mailbox address. We never see or store your email password.
- Usage and log data: server logs (IP address, browser type, pages requested, timestamps) and security audit records.
3. Information our customers store in Klynk
Tenants use Klynk to manage their insurance business. Depending on how a tenant uses the product, this can include:
- Contact records for customers, agents, and brokerages: names, email addresses, phone numbers, postal addresses, dates of birth, license numbers and license expiry dates.
- Policy information: policy numbers, premiums, effective and expiry dates, policy status, and uploaded policy documents (PDFs, scans, spreadsheets, correspondence).
- Support tickets and email conversations, including the full content of emails synced from connected mailboxes, and attachments.
- Uploaded files: policy documents, ticket attachments, knowledge-base documents, and bulk data imports (CSV files and document archives) performed during onboarding or migration.
- Marketing data: communication consent records, suppression (do-not-email) lists, and email preferences of the tenant’s contacts.
4. Google user data
This section applies when a user connects a Google (Gmail) account to Klynk.
What we access. With your explicit consent through Google’s sign-in flow, Klynk accesses your Gmail messages and metadata (sender, recipients, subject, body, attachments, labels and read state), and can send email from your address.
Why we access it — each permission maps to a feature:
- Read and modify Gmail messages (
gmail.modify): to synchronize incoming client emails into Klynk support tickets, keep conversation threads up to date, and reflect read/archive status between Klynk and your mailbox. - Send email (
gmail.send): so that you and your team can reply to your clients from your own connected mailbox, directly inside Klynk. - Basic profile information (
openid,userinfo.email,userinfo.profile): to identify which mailbox has been connected and label it in the app.
Limited Use disclosure. Klynk’s use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.
What we never do with Google user data:
- We do not sell it.
- We do not use it for advertising.
- We do not allow humans to read it, except (a) with your explicit permission, (b) as necessary for security or abuse investigation, (c) to comply with applicable law, or (d) when it has been aggregated and anonymized for internal operations.
- We do not use it to develop or train generalized artificial-intelligence or machine-learning models. (See Section 6 for how AI is used inside the product.)
Microsoft accounts. The same commitments in this section apply to mailboxes connected through Microsoft (Outlook / Microsoft 365).
Revoking access. You can disconnect your mailbox at any time in Klynk (Settings → Email), which stops all synchronization. You can also revoke Klynk’s access directly in your Google Account security settings or your Microsoft account settings.
5. How we use information
- To provide, operate, and maintain the service (creating tickets from synced email, storing records, sending notifications, running tenant-configured automations).
- To secure the service: authentication, tenant isolation, fraud and abuse prevention, audit logging.
- To support you: responding to requests, investigating issues.
- To send transactional email (notifications, invitations, password resets) and, where the tenant has configured it, marketing email on the tenant’s behalf (see Section 9).
- To comply with legal obligations.
We do not sell personal data. We do not use customer data for advertising.
6. Artificial intelligence features
Klynk includes AI features that process tenant data inside the product:
- Incoming synced emails may be processed by AI models to classify them (for example, filtering marketing noise from genuine support requests).
- Ticket content may be used to generate draft replies for human review.
- Tenant-configured automations may use AI steps that read record data.
- Uploaded documents are converted into numerical embeddings to power search within the tenant’s own workspace.
AI processing is performed by the providers listed in Section 7 (currently Anthropic for language models and Voyage AI for embeddings) under agreements that prohibit using our customers’ content to train their models. Klynk does not use your data, or your clients’ data, to train AI models. AI outputs are suggestions; a human user reviews and sends any AI-drafted communication.
7. When we share information
We share personal data only with the service providers (“subprocessors”) we use to run Klynk, listed with their purposes in our Subprocessor List. The current categories are:
| Provider | Purpose |
|---|---|
| Supabase | Database, file storage, authentication (hosted in the United States) |
| Vercel | Application hosting |
| Railway | Background job processing |
| Nylas | Email synchronization and sending infrastructure |
| Postmark (ActiveCampaign) | Email delivery, including open/click tracking for marketing email |
| Anthropic | AI language-model processing |
| Voyage AI | Search embeddings |
| Google Maps | Address autocomplete (text you type into address fields is sent to Google Places) |
All subprocessors are bound by contractual confidentiality and data-protection obligations, and receive only the data needed for their function.
Tenant-controlled sharing. Two features let tenant administrators send data out of Klynk under their own control: (a) workflow webhooks, where a tenant configures automations that send record data to external URLs the tenant chooses, and (b) integrations the tenant connects. Data shared through tenant-configured destinations is governed by the tenant’s own policies.
Other disclosures. We may disclose information if required by law, to protect the rights and safety of Klynk and its users, or as part of a merger or acquisition (in which case this policy continues to apply until amended).
8. Data retention and deletion
- Tenant data is retained while the tenant’s account is active. Tenants can delete individual records at any time; deleted records are removed or anonymized in line with the product’s retention behavior.
- Connected mailboxes: disconnecting a mailbox revokes the access token and stops synchronization immediately. Emails already synced into tickets remain part of the tenant’s business records until the tenant deletes them.
- Bulk import staging files (CSV files and document archives uploaded during data migration) are deleted from staging storage automatically when the import completes or is cancelled.
- Removed team members: when a tenant removes a user, business records are preserved for continuity; on permanent deletion the person’s identity is anonymized (shown as “Deleted user”) and their login is deleted.
- Deletion requests: email support@klynk.ca and we will complete verified deletion requests within 30 days, except where retention is required by law.
9. Email we send, and email tracking
- Transactional email (notifications, invitations, resets) is sent through Postmark.
- Marketing email is sent by tenants to their own contacts through Klynk’s campaign features. These messages may contain open and click tracking (a tracking pixel and wrapped links) so the sending tenant can measure engagement. Every marketing email includes an unsubscribe link; unsubscribes are enforced through suppression lists and consent records, and Klynk will not send further marketing email to suppressed addresses.
- Tenants are responsible for having a lawful basis (consent where required) to email their contacts; Klynk provides the consent and suppression tooling.
10. Cookies
Klynk uses only the cookies necessary to operate the service — session and authentication cookies. We use no analytics, advertising, or cross-site tracking cookies. If this changes, we will update this policy first.
11. Security
- All traffic is encrypted in transit (TLS); data is encrypted at rest.
- Every tenant’s data is isolated: database access is enforced with row-level security so that queries are always scoped to the requesting tenant.
- Access by Klynk platform staff to a tenant’s workspace is limited to support and data-migration purposes, is visible to the staff member as an explicit “viewing as” mode, and is recorded in a full audit trail (who accessed which tenant, when, and what they changed).
- Backups, least-privilege access controls, and audit logging are in place across our infrastructure providers.
No system is perfectly secure; if we learn of a breach affecting your personal data we will notify affected customers without undue delay (see the DPA for contractual notification terms).
12. Where data is stored
Klynk is hosted in the United States. If you access the service from elsewhere, you consent to your data being processed in the United States. Where we process personal data protected by EU/UK law, we rely on appropriate safeguards such as Standard Contractual Clauses with our subprocessors.
13. Your rights
Depending on where you live (for example under Canada’s PIPEDA, GDPR, or the CCPA/CPRA), you may have the right to access, correct, export, restrict, or delete your personal data, and the right not to be discriminated against for exercising these rights. To exercise them, email support@klynk.ca. If your data is stored in Klynk by one of our customers, we will refer your request to them and assist them in responding. We do not sell personal data, so there is no need for a “do not sell” opt-out.
14. Children
Klynk is a business tool and is not directed at anyone under 18. We do not knowingly collect data from children.
15. Changes to this policy
We will post any changes on this page and update the “Last updated” date. For material changes we will notify account owners by email before the change takes effect.
16. Contact
Klynk Technologies Inc.
Vancouver, British Columbia, Canada
support@klynk.ca
Run insurance distribution from one connected platform.
See how Klynk connects MGA operations, broker CRM, marketplace discovery, workflows, and AI-assisted service in one operating system.