Privacy Policy

1. Who we are and how to reach us

Setr LLC operates Setr, an AI-assisted appointment-setting and customer-communication platform built for independent life and health insurance agents. For privacy questions, requests, or notices, contact us at hello@setrpro.io.

2. Scope and our role (controller vs. processor)

Our role under data-protection laws depends on whose data is involved:

• When we act as a controller. For the personal information of account holders — the agents, agencies, and team members who sign up for and administer Setr — we determine how and why that information is processed, and this Policy governs it directly.
• When we act as a processor (service provider). When you, as a customer, upload or generate information about your own contacts, leads, and clients and send communications through Setr, we process that information on your behalf and under your instructions to provide the Services. You are the controller of that data and are responsible for having a lawful basis and any required consent for it. If you are a contact, lead, or client of a Setr customer and want to access, correct, or delete your information, please contact the agent or agency you are working with; we will support their response as required.

3. Information we collect

Information you provide when creating and using an account

• Account and profile data: name, email address, password (stored only as a salted hash), and optional profile details such as job title, agency, carrier, personal phone number, time zone, avatar, and message sign-off.
• Authentication data: if you sign in with Google, the Google account identifier, email, and basic profile described in Section 5. We also keep security logs (login events, IP address, and browser/user-agent) and multi-factor authentication settings.
• Billing data: subscription status and usage records. Card payments are processed by Stripe; we do not store full payment-card numbers.
• Support and other communications: the content of messages you send us.

Customer content (information about your contacts and clients)

To deliver the Services, Setr stores and processes the information you import or generate about your contacts, including: names, phone numbers, email and mailing addresses, geographic and time-zone data, marketing/attribution fields, consent and opt-out status (with the source, timestamp, IP address, and user-agent captured at consent), custom fields, notes, tags, lead status and scores, opportunity and policy-related details you choose to record, appointment details, and the content of messages and calls exchanged through the platform (including SMS/MMS bodies, call metadata, and call recordings or voicemails where enabled).

Information collected automatically

• Usage and device data: when you use the Services or visit our website, we and our analytics provider may collect IP address, device and browser information, pages viewed, and interaction events.
• Cookies and similar technologies: we use strictly necessary cookies to keep you signed in and, on our marketing site, product-analytics cookies (PostHog) to understand site usage. You can control non-essential cookies through your browser settings.

4. How we use information

We use personal information to:

• provide, operate, secure, and improve the Services;
• authenticate you, maintain your account, and provide customer support;
• send, receive, classify, and route messages and calls, schedule and remind on appointments, and generate AI-assisted drafts and replies at your direction;
• enforce consent, opt-out (STOP), quiet-hours, and do-not-contact controls, and maintain compliance audit trails;
• process billing and meter usage;
• detect, prevent, and respond to fraud, abuse, security incidents, and violations of our terms; and
• comply with legal obligations.

Our legal bases (where the GDPR or similar laws apply) are performance of a contract, our legitimate interests in operating and securing the Services, your consent where required, and compliance with legal obligations.

5. Google user data and API services

If you choose to sign in with Google or connect Google Calendar, Setr requests access to a limited set of Google account information through Google’s OAuth process. We request only the scopes we need:

We do not request access to your Gmail, Google Drive, or any other Google service. We store Google authorization tokens encrypted at rest and use them solely to provide the features you enabled.

Consistent with those requirements, we do not use Google user data for advertising, we do not sell it, we do not transfer it to third parties except as necessary to provide or improve the features you requested, to comply with applicable law, or as part of a merger or acquisition, and we do not allow humans to read it except with your affirmative consent for specific messages, where necessary for security or to comply with applicable law, or in aggregated/anonymized form for internal operations. We do not use Google user data to develop, improve, or train generalized or non-personalized AI and/or machine-learning models.

You can disconnect Google Calendar at any time in your Setr settings, and you can review or revoke Setr’s access in your Google Account permissions.

6. SMS, voice, and mobile information

Setr is built on a “bring-your-own-Twilio” model: you connect your own Twilio account and phone numbers, and you maintain your own A2P 10DLC registration. Messages and calls you send to your contacts originate from your Twilio account, and you are the sender responsible for obtaining consent and complying with the TCPA, CTIA guidelines, carrier rules, and applicable law. Setr provides the tools to capture and store consent, honor opt-outs, and enforce quiet hours and do-not-contact lists.

Separately, we may send you (the account holder) service-related text messages such as verification codes and account or appointment notifications. For those messages:

• message frequency varies based on your activity and settings;
• message and data rates may apply;
• reply STOP to opt out and HELP for help; and
• carrier support and message delivery are not guaranteed.

7. AI processing of your content

Our AI assistant (“Samantha”) classifies inbound replies and drafts or sends responses at the autonomy level you configure. To do this, relevant contact details and message content are sent to our AI model providers (currently Anthropic, with OpenAI available as an alternative) for processing. We use these providers under commercial terms that do not permit them to use your content to train their general-purpose models, and the content is processed only to generate the output you requested. AI output can be imperfect; you remain responsible for reviewing communications and for the messages sent from your account.

8. How we share information & subprocessors

We do not sell your personal information. We share it only as described below:

• Service providers / subprocessors that process data on our behalf to run the Services, under contractual confidentiality and security obligations (see the table).
• At your direction — for example, syncing an appointment to your Google Calendar or sending a message through your Twilio account.
• Legal and safety — to comply with law, valid legal process, or enforceable governmental requests, and to protect the rights, property, and safety of Setr, our users, and others.
• Business transfers — in connection with a merger, acquisition, financing, or sale of assets, subject to this Policy.

Our current categories of subprocessors are:

We update this list as our providers change. To request the current list of subprocessors, email hello@setrpro.io.

9. We do not sell your personal information

Setr LLC does not sell personal information and does not share it for cross-context behavioral advertising, as those terms are defined under U.S. state privacy laws. As stated above, mobile opt-in and consent information is never sold or shared with third parties for their marketing.

10. Data retention

We retain personal information for as long as your account is active and as needed to provide the Services, then for the period required to meet legal, tax, accounting, dispute-resolution, and compliance obligations — for example, retaining consent and opt-out records to evidence messaging compliance. When you delete a contact or close your account, we delete or de-identify the associated personal information within a commercially reasonable period, except where retention is required by law or for legitimate business records. You can request deletion as described in Section 12.

11. Security

We use technical and organizational measures designed to protect personal information, including encryption in transit, encryption at rest for credentials and integration tokens, access controls, and audit logging. No method of transmission or storage is completely secure, so we cannot guarantee absolute security. If we become aware of a breach affecting your personal information, we will notify you and regulators as required by law.

12. Your privacy rights

Depending on where you live, you may have the right to access, correct, update, port, restrict, or delete your personal information, to object to certain processing, and to withdraw consent. To exercise these rights for information we control, email hello@setrpro.io. We will verify your request and respond within the time required by applicable law. You will not be discriminated against for exercising your rights. If your information was provided to us by a Setr customer (for example, because you are their contact or client), please direct your request to that customer, who controls the data; we will assist them as their processor.

13. U.S. state privacy rights

Residents of California and other U.S. states with comprehensive privacy laws have rights to know/access, correct, delete, and obtain a portable copy of their personal information, and to opt out of the “sale” or “sharing” of personal information and certain profiling. We do not sell or share personal information for cross-context behavioral advertising, so no opt-out is necessary, but you may still exercise your other rights using the contact above. You may use an authorized agent to submit a request, and you may appeal a decision by replying to our response.

14. International data transfers

We operate in the United States, and our service providers may process information in the United States and other countries. Where we transfer personal information across borders, we rely on appropriate safeguards (such as standard contractual clauses) where required by applicable law.

15. Children’s privacy

The Services are intended for business use by adults and are not directed to children. We do not knowingly collect personal information from children under 16. If you believe a child has provided us personal information, contact us and we will delete it.

16. Changes to this policy

We may update this Policy from time to time. When we make material changes, we will update the effective date above and, where appropriate, provide additional notice. Your continued use of the Services after an update means you accept the revised Policy.

17. Contact us

Questions, requests, or complaints about this Policy or your personal information can be sent to Setr LLC at hello@setrpro.io.