What we collect, and what we never do with it.

We collect the minimum data we need to run Frontier for you. We never sell it. We use sub-processors only where necessary (Supabase for database, Anthropic for AI, Stripe for billing, Twilio for SMS where configured). You own your data, you can export it any time, and you can delete it on cancellation.

When you import a lead or receive one via webhook, we store the lead's name, phone, email, property address, motivation notes, and any details you record. These people did not sign up for Frontier. You are the data controller for this information and are responsible for your lawful basis to hold and use it (see Terms §5 and §7). Contacts can request deletion of their data at any time by emailing us; we will remove the record from your team and notify you.

• Call & conversation data: call logs, notes, SCQS stage, objections, and — when you choose to record — call recordings and transcripts, plus a recording-consent flag and timestamp. Washington is a two-party-consent state; you must obtain consent before recording.
• Skip-trace / consumer data: if you use skip-trace, we store owner names, additional phones/emails, mailing addresses, and Do-Not-Call / litigator flags returned by third-party providers. This data may be regulated under FCRA, GLBA, and DPPA.
• Messaging & consent data: SMS/email records, consent flags and timestamps, and opt-out flags (sms_opt_out, do_not_contact) with timestamps.

• To deliver the Service you signed up for.
• To prevent abuse, fraud, and unauthorized access.
• To improve Frontier — bug fixes, performance, AI quality.
• To comply with legal obligations (court orders, subpoenas).

We do not use your data to train AI models. We do not sell, rent, or trade your data to third parties.

We use a small number of trusted vendors:

• Supabase — database hosting (US-based).
• Anthropic — Claude AI for content generation and analysis. Per Anthropic's policy, your prompts are not used to train models.
• Stripe — payment processing.
• Vercel — frontend hosting + CDN.
• Twilio / Sinch — SMS / voice, only if you configure your own account.
• Resend — transactional email to you (welcome, password reset).
• SendGrid — email delivery for your lead campaigns, only if you configure it.

Each sub-processor is bound by its own privacy obligations to us.

When you use an AI feature, the relevant lead/deal/text fields are sent to Anthropic for that single request. The output is returned to you and stored in your account. Anthropic does not retain your prompts beyond their operational needs and does not use them to train models. We do not log AI prompt content beyond what is necessary to debug errors.

We retain your account data for as long as your account is active. Upon cancellation, we give you 30 days to export. After 30 days, your data is permanently deleted from production systems. Backup copies are purged within 90 days.

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data ("right to be forgotten").
• Export your data in a portable format.
• Object to certain uses of your data.

To exercise these rights, email info@scsfrontier.com. We will respond within 30 days.

We use industry-standard practices: HTTPS everywhere, row-level security on every tenant table, encrypted backups, principle of least privilege for staff access. No system is perfectly secure; if a breach affects your data we will notify you within 72 hours of confirming it.

We use only the cookies required to keep you logged in (session cookies from Supabase Auth). We do not use third-party analytics or advertising cookies on the authenticated app surface.

Frontier is not intended for users under 18. We do not knowingly collect data from minors.

We may update this Policy from time to time. Material changes will be posted with a new effective date and announced inside the app at least 30 days before they take effect.

Privacy questions: info@scsfrontier.com or via the Support page.