What does Jon Lynch Financial Group do?

JLFG (operating as Pillar) is a veteran-owned small business holding company headquartered in Florida; its SDVOSB certification is in progress. We operate seven products: insurance (Bask), insurance-agent intelligence (Velo), B2B lead data (Forge), merchant-cash-advance underwriting intelligence (Comet), MCA pipeline management (Vault), autonomous trading research (Quorum), and macOS productivity utilities (Sweep).

How do I contact JLFG?

Call (786) 777-8869 or email jonlynchfinancialgroup@gmail.com. For specific products, visit the relevant subdomain — each has its own contact path.

Privacy Policy

Last updated: May 17, 2026

This Privacy Policy explains how Jon Lynch Financial Group ("JLFG", "we", "us") and its subsidiaries (JLIG Insurance, JLFT Premium, Velo, Lending by JLFG, Sweep) collect, use, and protect your information when you use our websites and services (collectively, the "Services").

1. Information we collect

1.1 Information you provide

Account info: name, email, password (hashed), phone (optional)
Subscription info: plan, billing cycle, payment status (handled by Stripe; we do NOT store card numbers)
Insurance applications (JLIG): contact info, state, age (when you request a quote)
MCA applications (Lending by JLFG): merchant business info, bank statements (when you submit pre-approval)
Referral partner info (JLFG): business name, EIN, address (for 1099 reporting)

1.2 Information we collect automatically

Usage data: pages visited, features used, errors encountered
Device data: browser, OS, IP address (truncated for analytics)
Cookies: session cookie (HttpOnly, required); analytics + advertising cookies (only if you opt in via the consent banner)

1.3 Information from third parties

Stripe: subscription status, payment events (we receive webhooks from Stripe; Stripe holds card data)
Public records: Florida Department of Financial Services agent licensing registry (used by Velo + JLIG)

2. How we use your information

Provide the Services + fulfill your requests (quotes, applications, subscriptions)
Process payments + manage subscriptions
Send transactional emails (confirmations, password resets, billing notifications)
With your consent, send marketing emails (you can unsubscribe at any time)
Measure traffic + improve the Services
Detect + prevent fraud, abuse, security incidents
Comply with legal obligations (tax reporting, regulatory requests)

3. Sharing your information

Recipient	Purpose
Stripe	Payment processing (your card data goes directly to Stripe)
Cloudflare	Hosting, CDN, edge security
Insurance carriers (JLIG)	Quote requests + policy issuance, only when you initiate
MCA funders (Lending by JLFG)	Funding decisions on applications you submit
Email providers	Transactional + marketing email delivery
Tax authorities	1099-MISC for referral partners (mandatory if ≥$600/year)
Law enforcement / courts	When required by law (subpoena, court order)

We do not sell personal information.

4. Your rights

4.1 All users

Access: request a copy of the personal data we hold about you
Correction: update inaccurate information
Deletion: ask us to delete your account + associated data (some records retained for legal compliance — e.g., tax records for 7 years)
Marketing opt-out: unsubscribe from any marketing email via the link in the message
Cookies: change your consent choice anytime (clear localStorage or use the banner)

4.2 California residents (CCPA/CPRA)

You have the right to know what we collect, request deletion, opt out of sale (we don't sell), and not be discriminated against for exercising these rights. Submit requests to [email protected].

4.3 EU/UK residents (GDPR/UK GDPR)

You have the right to access, rectify, erase, restrict, object, and port your data. The lawful basis is contract performance (Services), legitimate interest (analytics), and consent (marketing). Contact [email protected].

5. Data retention

Account records: while your account is active + 90 days after deletion
Transaction records: 7 years (tax + audit)
Activity logs: 180 days (then auto-deleted from KV)
Marketing engagement: 24 months

6. Security

We use HTTPS for all traffic, hash passwords with PBKDF2 (100k iterations + 32-byte salt), sign session tokens with HMAC-SHA256, and store secrets in Cloudflare's encrypted secret store. No system is perfectly secure; report vulnerabilities to [email protected].

7. Children's privacy

The Services are not intended for users under 18 (or 16 in EU). We do not knowingly collect data from children.

8. International transfers

JLFG is based in the United States. If you use the Services from outside the US, your data will be processed in the US, including by our subprocessors (Stripe, Cloudflare).

9. Changes to this policy

We will post material changes here + update the "Last updated" date. Continued use of the Services after changes constitutes acceptance.

10. Contact

Privacy questions: [email protected]
Mail: Jon Lynch Financial Group, [address on request]