Privacy Policy
Privacy Policy: Infinite Wealth Strategist Ltd Company
Infinite Wealth Strategist Ltd Company ("IWS," "we," "us," or "our") respects your privacy and is committed to handling your personal information responsibly and lawfully. This Privacy Policy explains how we collect, use, store, share, and protect the personal information you provide when you interact with our website, submit orders, or purchase our products and services, including the IWS Vortex Legacy Trust Book and related onboarding materials, and (for a limited subset of clients) insurance products offered through IWS (collectively, the "Services").
Plain-language summary. We do not sell, rent, share, or trade your personal information for advertising, profiling, or any third-party marketing purpose. We collect only what we need to deliver your purchase, communicate with you, comply with the law, and protect ourselves and you from fraud. This Privacy Policy explains the details.
This Privacy Policy is incorporated by reference into our Terms of Service and any Purchasing Agreement you execute with IWS. It applies to all visitors of www.liveiws.com (the "Site") and to all customers and prospective customers of the Services.
1. Scope and Categories of Persons Covered
This Privacy Policy applies to four categories of natural persons whose information IWS may process:
- Prospective Customers and Site Visitors – individuals who browse the Site, fill out a contact or interest form, or correspond with IWS without completing a purchase.
- Customers – individuals or entities who complete a purchase of the IWS Vortex Legacy Trust Book or any other Service offered by IWS.
- Insurance Applicants – the limited subset of Customers who additionally apply for and are approved for an insurance policy facilitated through IWS.
- Designated Trust Persons – the Trustees, Beneficiaries, Custodian, and other persons named by a Customer for inclusion in the personalized Trust Book ("Designated Trust Persons"). Where IWS processes the personal information of a Designated Trust Person, that information is treated as the Customer's submission for purposes of this Policy, and the Customer represents that the Customer has any authority required under applicable law to provide that information to IWS.
Where any provision of this Policy depends on the category of person, that provision will say so expressly.
2. Information We Collect
We are committed to data minimization: we collect only the information we reasonably need to deliver the Services, communicate with you, comply with applicable law, and protect ourselves and you from fraud, abuse, and disputes. We do not collect sensitive categories of information (such as Social Security numbers, government identification numbers, biometric data, or health information) unless you voluntarily provide them and they are necessary for trust personalization, insurance underwriting, or a specific legal compliance purpose. IWS is not a HIPAA covered entity or business associate, and this Policy does not represent that any information you provide is governed by HIPAA.
We collect the following categories of personal information:
- Contact and Identification Information: Full name, email address, phone number, and mailing/shipping address. For trust personalization, we also collect the names and any limited identifying details that you provide for the Settlor, Trustees, Beneficiaries, or Custodian.
- Payment Information: We do not collect or store payment card numbers, bank account numbers, or routing numbers for the standard purchase of our Services. Payment is processed by Stripe, Inc. ("Stripe") on a Stripe-hosted checkout page. After a transaction completes, we receive limited transactional metadata from Stripe (typically the customer's email address, transaction identifier, payment status, payment method type, amount, and timestamp), which we use for receipts, order fulfillment, accounting, fraud prevention, and chargeback defense.
- Insurance Premium ACH Information (Approved Insurance Applicants Only): If you apply for and are approved for an insurance policy through IWS, we will collect your bank account number and bank routing number for the limited purpose of setting up ACH premium payments with your carrier. This category is subject to the heightened safeguards described in Section 6 and applies only to approved insurance applicants, not to customers of our standard Services.
- Order and Trust-Specific Information: All details you submit on our order forms or onboarding intake forms to personalize and fulfill the Trust Book and Onboarding Program, including any optional information you provide about your assets, family structure, or estate-planning objectives that you choose to share with our coaching staff.
- Coaching Portal and Account Information: Username, login credentials (stored only in hashed form), portal activity logs, and progress through onboarding modules.
- Technical Information: IP address, device and browser information, referring URLs, page-level usage analytics, and timestamps associated with form submissions, payments, access to materials, and communications. This information supports identity verification, fraud prevention, chargeback defense, and audit trails.
- Communication Records: Emails, SMS messages, voicemails, recorded coaching session audio or video (where you have consented), and support inquiries.
- Marketing-Activity Information: Email open and click-through events, SMS delivery and opt-in/opt-out status, and similar engagement data tied to communications we send you.
We use Formstack's enterprise-level encrypted form-collection platform to collect form submissions. Data entered through Formstack is encrypted in transit (TLS) and at rest.
3. How We Collect Information
We collect information directly from you when you:
- Submit an order, contact, or onboarding form on the Site or via Formstack;
- Complete a purchase on Stripe's hosted checkout page;
- Apply for and are approved for an insurance policy and submit ACH details on a separate Formstack form;
- Communicate with our team by email, phone, SMS, or video conference;
- Access onboarding materials, the Coaching Portal, or the private learning community.
We also collect limited information automatically when you visit the Site, through cookies, server logs, and similar technologies as described in Section 9.
We do not buy personal information from data brokers, and we do not enrich your information with data acquired from third-party advertising networks.
4. How We Use Your Information
We use your information only for the following purposes (each of which corresponds to a recognized legal basis under applicable U.S. state privacy laws):
- To process and fulfill your order, including printing and delivering your personalized Trust Book and providing access to the Onboarding Program and Materials;
- To communicate with you about your order (confirmations, shipping/delivery notifications, fulfillment SMS alerts) and respond to your inquiries;
- To set up and administer ACH premium payments for clients who have applied for and been approved for an insurance policy through IWS, as described in Section 6;
- To send you marketing communications from IWS about new products, services, offers, or updates that may be of interest to you. You can opt out of marketing email at any time by clicking "unsubscribe" in any marketing email, or out of marketing SMS by replying STOP. Opting out of marketing does not affect transactional communications;
- To verify your identity and the authenticity of your purchase in the event of disputes, chargebacks, ACH reversals, erroneous claims, or suspected fraud;
- To maintain accurate records for accounting, tax, and legal compliance, including responding to subpoenas, court orders, and lawful regulatory requests;
- To enforce the Purchasing Agreement, Terms of Service, and our intellectual-property rights, including pursuing claims for infringement, misappropriation, or breach;
- To improve our Services, troubleshoot technical issues, secure our systems, and analyze usage in the aggregate;
- To respond to your requests to exercise privacy rights described in Section 10.
We do not use your data for cross-context behavioral advertising, third-party advertising, third-party profiling, automated decision-making that produces legal or similarly significant effects about you, training of generative AI models, or any unrelated purpose.
5. How We Share Your Information
We share your information only with the minimum parties reasonably necessary, and only under written contractual or legal controls. Our service providers act as our processors and are contractually bound to use your information only for the purposes we instruct, to maintain confidentiality, and to apply reasonable security safeguards.
5.1 Internal Team
Authorized internal IWS team members (including order processing, fulfillment, accounting, coaching, and compliance personnel) access your information on a need-to-know basis. Internal team members are bound by written confidentiality obligations as a condition of access.
5.2 Service Providers (Sub-Processors)
If we engage a new sub-processor that materially expands the categories of data shared, we will update this list and, where required by law, notify affected customers.
5.3 Legal and Protective Disclosures
We may disclose information when we reasonably believe disclosure is required or permitted by law, including in response to subpoenas, court orders, or lawful requests by government authorities; to enforce or apply the Purchasing Agreement or our Terms of Service; to protect the rights, property, or safety of IWS, our customers, or others; to investigate fraud, defend chargebacks, address breaches of our agreements, or pursue intellectual-property enforcement.
5.4 Business Transfers
If IWS is involved in a merger, acquisition, financing, reorganization, bankruptcy, or sale of all or part of its assets, your information may be transferred as part of that transaction, subject to the recipient's commitment to honor commitments made in this Policy or to provide you with notice and an opportunity to opt out where required by law.
5.5 No Other Sharing
We do not share your personal information with affiliates, partners, advertisers, or any other third party for marketing, advertising, or cross-context behavioral advertising purposes, and we do not sell your personal information.
6. Insurance Premium ACH Information: Heightened Safeguards (Approved Insurance Applicants Only)
Scope. This Section applies only to clients who have applied for and been approved for an insurance policy through IWS. It does not apply to customers of our standard Services, including purchasers of the IWS Vortex Legacy Trust Book. Most IWS customers will never go through this flow.
We treat your bank account number and bank routing number ("ACH Information") with heightened sensitivity and apply the following specific safeguards:
- Collection. ACH Information is collected through a Formstack form delivered over an encrypted (TLS) connection. The form is presented only after policy approval and only for the purpose of setting up ACH premium payments.
- Storage. ACH Information is stored in Google Drive in folders configured with explicit per-user access (not link-shared and not domain-wide). Google Workspace audit logging is enabled to record access and modification events involving these folders.
- Manual processing. When the insurance policy goes live, a licensed insurance agent who is an internal IWS employee retrieves the ACH Information from Google Drive and manually enters it into the carrier's bank-setup system to configure premium ACH deductions. The ACH Information is not transmitted electronically from IWS systems to the carrier or bank. It is entered manually by the licensed agent.
- Internal-only handling. No third-party broker, managing general agent (MGA), or carrier-side personnel receives ACH Information from IWS. The only IWS personnel with access are the licensed insurance agent performing the setup and other authorized internal staff whose duties require access (e.g., compliance, audit).
- No use beyond payment setup. ACH Information is used solely to authorize and configure premium payments for your insurance policy. It is not used for marketing, profiling, training of any model, or any unrelated purpose.
- Retention. ACH Information is retained only as long as necessary to complete the policy ACH setup and to satisfy applicable financial record-keeping obligations. After the ACH setup is complete and any reasonable hold period has elapsed, the source record in Google Drive is securely deleted or redacted unless an active legal or regulatory matter requires longer retention.
- Incident response. If we become aware of a security incident that we reasonably believe has compromised your ACH Information, we will, without unreasonable delay and in any event consistent with applicable state breach-notification statutes (typically within thirty (30) to sixty (60) days of confirmation, and where feasible no later than seventy-two (72) hours of confirmation for notice to IWS leadership and law enforcement where appropriate), investigate, take appropriate containment and remediation steps, and notify affected customers and applicable regulators.
If you are an insurance applicant and have questions about this flow before submitting ACH Information, you may contact us using the information in Section 16.
7. Data Storage, Security, and Vendor Confidentiality
We store your information in:
- Formstack: order forms and personalization details (and, for approved insurance applicants, the ACH-setup form). Formstack does not hold standard-purchase payment data.
- GoHighLevel (GHL): order, communication, and client-management records.
- Google Workspace (Drive and Gmail): trust documents, related records, and (where applicable) Insurance Premium ACH Information stored under explicit per-user access controls. Google Workspace audit logging is enabled to record access and modification events.
Stripe holds standard-purchase payment data on its own infrastructure under its own privacy and security program; that data is not stored within IWS-controlled systems.
Access to IWS-controlled systems is restricted to authorized internal team members on a need-to-know basis. Each team member is bound by written confidentiality obligations as a condition of access. We use commercially reasonable technical, administrative, and physical safeguards, including encryption in transit and at rest where supported by the relevant platform, role-based access, multi-factor authentication for administrative accounts, audit logging, and periodic credential review.
Each material sub-processor identified in Section 5.2 is bound by a written agreement (or the vendor's standard data-processing addendum, where applicable) requiring confidentiality, purpose-limited use of personal data, and reasonable security safeguards.
No method of electronic transmission or storage is 100% secure, and we therefore cannot guarantee absolute security. By using the Services you acknowledge this inherent limitation.
7.1 Security Incident Notification
If we confirm a security incident affecting your personal information that triggers a notification obligation under applicable law, we will notify you and any required regulator without unreasonable delay and within the timeframe required by the applicable statute (commonly thirty (30) to sixty (60) days from confirmation, and in some states sooner). Where the incident affects ACH Information, our targeted timeline is to deliver written notice to affected individuals as promptly as reasonably practicable consistent with completing a meaningful investigation, but in no event later than the period required by the most stringent applicable state breach-notification statute.
8. Data Retention
We retain your personal information only as long as necessary to fulfill the purposes described in this Policy or as required by law. In most cases:
- Transactional metadata and order records are retained for approximately seven (7) years following completion of the transaction to support accounting, tax obligations, dispute resolution, and legal defense;
- Trust formation documentation and personalization information are retained for at least seven (7) years following formation, and may be retained longer to facilitate later trust administration support if you remain an active client;
- Communication records (email, SMS, support tickets) are retained for approximately seven (7) years;
- Marketing-activity information (open/click events, opt-in/opt-out logs) is retained for as long as you remain on our marketing list and for a reasonable period thereafter to evidence compliance with anti-spam and TCPA-related opt-out obligations;
- Insurance Premium ACH Information is retained on the schedule described in Section 6.
When personal information is no longer needed, it is securely deleted, anonymized, or, where deletion is not technically feasible, isolated from further active processing pending eventual deletion.
You may request earlier deletion as described in Section 10, subject to legal exceptions (for example, where retention is required by tax, accounting, anti-money-laundering, or chargeback-defense rules).
9. Cookies, Tracking Technologies, and Do Not Track / Global Privacy Control
Our Site may use cookies and similar technologies for basic site functionality, analytics, form processing, security, and fraud prevention. We do not use these technologies for cross-context behavioral advertising, profiling for sale, or building advertising audiences.
9.1 Categories of Cookies
- Strictly necessary cookies that enable the Site to function (for example, load balancing, security, and form submission).
- Functional cookies that remember your preferences and improve your experience.
- Analytics cookies that help us understand how visitors use the Site in the aggregate.
You can manage cookies through your browser settings. Disabling certain cookies may impair Site functionality.
9.2 Do Not Track
Some browsers offer a "Do Not Track" ("DNT") setting. There is no industry consensus on how DNT signals should be interpreted, and we do not respond to Do Not Track signals at this time. This disclosure is provided pursuant to California Business and Professions Code § 22575.
9.3 Global Privacy Control
We honor recognized Global Privacy Control ("GPC") signals as an opt-out of any "sale" or "sharing" of personal information for cross-context behavioral advertising purposes, as those terms are defined under CCPA/CPRA. Because IWS does not sell or share personal information for cross-context behavioral advertising in the first place, the practical effect of a GPC signal on your browser is that we continue our existing no-sale, no-share posture and do not initiate any such activity with respect to you.
10. Your Privacy Rights
This Section explains the rights available to consumers under U.S. state privacy laws, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act ("CCPA/CPRA"), the Colorado Privacy Act ("CPA"), the Virginia Consumer Data Protection Act ("VCDPA"), the Texas Data Privacy and Security Act ("TDPSA"), the Connecticut Data Privacy Act ("CTDPA"), the Utah Consumer Privacy Act ("UCPA"), the Oregon Consumer Privacy Act ("OCPA"), the Montana Consumer Data Privacy Act, the Iowa, Tennessee, Indiana, Delaware, New Jersey, New Hampshire, Kentucky, Minnesota, Maryland, Rhode Island, and other comprehensive state privacy laws as they take effect, and the Nevada online privacy notice statute (NRS 603A). We extend the rights described below to all U.S. residents, regardless of state of residence, except where a right is expressly limited to a particular state by law.
10.1 Do Not Sell, Share, or Process for Targeted Advertising
IWS does not sell your personal information, and IWS does not share or process your personal information for cross-context behavioral advertising or targeted advertising, as those terms are defined under CCPA/CPRA, CPA, VCDPA, CTDPA, OCPA, and TDPSA. Because we do not engage in these activities, there is no "Do Not Sell or Share" choice for you to make with us. If our practices ever change, this Policy will be updated and an opt-out mechanism will be provided before any such activity begins.
For Nevada residents, this serves as notice under NRS 603A.340 that we do not sell "covered information" as defined in that statute.
10.2 Rights Available to U.S. Residents
Subject to verification and applicable legal exceptions, you have the right to:
- Know / Access the categories and specific pieces of personal information we have collected about you, the sources, the purposes for collection, and the categories of recipients;
- Correct inaccurate personal information we maintain about you;
- Delete personal information we have collected from you;
- Portability: receive a copy of your personal information in a portable, readily usable format where technically feasible;
- Opt out of Sale, Sharing, and Targeted Advertising (as noted above, IWS does not engage in these activities, but the right is preserved);
- Opt out of Profiling that produces legal or similarly significant effects; IWS does not engage in such profiling;
- Limit Use of Sensitive Personal Information (California residents), to the extent we ever process sensitive personal information beyond what is necessary to provide the Services;
- Non-Discrimination: we will not deny Services, charge different prices, or provide a different level or quality of Services because you exercised any of these rights.
10.3 Texas-Specific Notice (TDPSA § 541.107)
As required by the TDPSA, we disclose the following: "NOTICE: We may collect your sensitive personal data." We collect sensitive personal data only where you voluntarily provide it for trust personalization or insurance underwriting, and only as needed for that purpose. We do not sell sensitive personal data and do not process it for targeted advertising.
10.4 California-Specific Disclosures
Pursuant to the CCPA/CPRA, we provide the following additional disclosures:
- Categories of personal information collected in the prior 12 months: identifiers (name, email, phone, mailing address, IP address); commercial information (purchase records); internet/network activity (Site usage); financial information (limited transactional metadata; ACH Information for approved insurance applicants only); audio/visual information (recorded coaching sessions, where consented); and inferences that are limited to the operational uses described in Section 4.
- Sources of personal information: directly from you, from cookies and Site-usage logs, and from sub-processors (e.g., Stripe transactional metadata).
- Business purposes for collection: as described in Section 4.
- Categories of recipients: as described in Section 5.
- Sale or share of personal information: none.
- Retention: as described in Section 8.
10.5 How to Submit a Request
You may submit a request to exercise any right by contacting us using the information in Section 16. Please clearly state which right(s) you are exercising and provide enough information for us to verify your identity and locate your records.
10.6 Verification
To protect your information, we will take reasonable steps to verify your identity before responding to a request. The verification method will depend on the type of request and the sensitivity of the information involved. We may decline a request or redact information where we cannot reasonably verify the requester. For requests involving sensitive personal information or deletion of substantive records, we may require a higher level of verification.
10.7 Authorized Agents
You may use an authorized agent to submit a request on your behalf. We may require:
- written, signed authorization from you designating the agent;
- verification of the agent's identity; and
- direct verification of your identity, except where you have provided the agent with a valid power of attorney under applicable state law.
10.8 Response Window
We will acknowledge receipt of a verifiable request within ten (10) business days where required by law. We will substantively respond within forty-five (45) days of receipt. Where reasonably necessary, we may extend the response period by an additional forty-five (45) days and will notify you of the extension and the reason within the initial 45-day window.
10.9 Right to Appeal (Colorado, Virginia, Connecticut, Oregon, and Other Applicable States)
If we decline to take action on your request, we will notify you of the reason within the response period above. You may appeal that decision by replying to our response or by contacting us using the information in Section 16 and stating that you are submitting an appeal. We will review the appeal and respond in writing within sixty (60) days of receipt, explaining the action taken or the reason for any continued denial. If your appeal is denied, you may contact your state Attorney General to submit a complaint:
- Colorado: coag.gov/file-complaint
- Virginia: oag.state.va.us
- Connecticut: portal.ct.gov/AG
- Oregon: doj.state.or.us/consumer-protection
- Texas: texasattorneygeneral.gov
- California: oag.ca.gov/contact/consumer-complaint-against-business-or-company
10.10 Non-Discrimination
We will not deny Services to you, charge you different prices, or provide a different level or quality of Services because you exercised any right under this Section.
11. SMS, Voice, and Marketing Communications
By providing your phone number and completing a purchase, you consent to receive (i) transactional SMS related to your order (such as fulfillment confirmations, shipping/delivery notifications, account-security alerts, and customer-service responses) and (ii) occasional marketing SMS from IWS about new offerings, events, and updates. Marketing SMS are sent only after express written consent under the Telephone Consumer Protection Act ("TCPA") and applicable state mini-TCPA statutes. Our SMS program is registered under the A2P 10DLC framework with the messaging carriers.
- Frequency. Message frequency varies. You will not receive more than approximately ten (10) marketing SMS per month under ordinary operating conditions.
- Charges. Message and data rates may apply.
- HELP. Reply HELP to any IWS SMS, or contact us at the number in Section 16, for assistance.
- STOP. Reply STOP to opt out of marketing SMS at any time. We will honor opt-outs promptly. Transactional SMS related to an active order may continue as reasonably necessary to fulfill the order.
- Re-Subscription. If you opt back in after opting out, you affirmatively re-consent to receive marketing SMS.
- Not Required. Consent to marketing SMS is not a condition of any purchase.
Marketing Email. Marketing email contains an "unsubscribe" link in every message. You may also email us to be removed from any marketing list. We comply with the CAN-SPAM Act and applicable state email-marketing laws.
We retain SMS consent and opt-out logs for as long as you are subscribed and for a reasonable period thereafter to evidence compliance.
12. Recorded Coaching Sessions
Onboarding calls, coaching sessions, and group community calls may be recorded for quality, training, and member-replay purposes. You will be notified at the start of any recorded session. By participating in a recorded session, you consent to the recording in accordance with applicable federal and state wiretap and consent statutes. If you do not wish to be recorded, please notify the host before the session begins; a non-recorded alternative may be available depending on the format.
13. Children's Privacy
Our Services are intended for use by adults aged 18 or older and are not directed to individuals under 18. We do not knowingly collect personal information from children under 13 (or, to the extent applicable, under the age of 16 under certain state laws). If you believe a child has provided us personal information, please contact us using the information in Section 16 and we will take appropriate steps to delete it.
14. Changes to This Privacy Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, the Services, or applicable law.
Material changes. If we make a material change that adversely affects your rights, we will notify customers with an active relationship by email at the address we have on file at least thirty (30) days before the change takes effect, and the revised Policy will be posted on the Site with an updated "Effective Date."
Non-material changes (such as clarifications, formatting, vendor list updates that do not expand sharing, or contact-information updates) will be posted on the Site with a revised "Last Updated" date and will take effect on posting.
No retroactive reduction. Changes to this Policy will not retroactively reduce the privacy or data-handling commitments that applied to a customer at the time that customer completed their purchase. Information collected under a prior version of this Policy will continue to be governed by the version in effect at the time of collection, except where a change is required by law or where the change provides equal or greater protection to you.
15. Governing Law
This Privacy Policy is governed by the laws of the State of New Mexico, without regard to its conflict-of-laws rules, except to the extent that a state privacy law of your state of residence (such as CCPA/CPRA, CPA, VCDPA, CTDPA, OCPA, TDPSA, UCPA, or other applicable comprehensive state privacy law) provides rights or remedies that apply to you by operation of law.
16. Contact Us
For questions about this Privacy Policy, to exercise any right described above, or to submit an appeal:
Infinite Wealth Strategist Ltd Company122 Rose Lane
Frisco, TX 75036
Phone: +1 (918) 574-6765
Email: [email protected]
This Privacy Policy describes IWS's current data-handling practices as of the Effective Date shown above. Please review it periodically for updates, and contact us at the information above if you have any questions.
