Privacy Policy

Account information. When you register we collect your name, email address, and a hashed password. If you subscribe to a paid plan we also collect billing details (processed by our payment processor — we never store raw card numbers).

Usage data. We log the pages you visit, search queries you run, leads you unlock or export, and feature interactions. This data is used to operate and improve the platform.

Integration credentials. When you connect a CRM or email tool we store the OAuth tokens or API keys required to push data on your behalf. These credentials are encrypted at rest and are never logged or shared with any party other than the connected service.

Cookies. We use only essential session cookies required for authentication. We do not use advertising or tracking cookies.

• Provide, maintain, and secure the LeadLeap platform.
• Process payments and send transactional emails (receipts, alerts).
• Improve search quality, feature relevance, and platform performance.
• Send product updates and announcements (you may opt out at any time).
• Comply with legal obligations and enforce our Terms of Service.

We do not sell your personal data to third parties.

LeadLeap provides access to business contact records sourced from publicly available records and licensed data providers. This data includes professional information such as names, job titles, business email addresses, phone numbers, and company details.

Your responsibility. You are solely responsible for ensuring your use of lead data complies with all applicable laws, including CAN-SPAM, GDPR, CASL, and any other regulations that apply to your jurisdiction and outreach activities. LeadLeap provides the data as a tool — lawful use is your obligation.

We do not store the content of outreach messages you send, and we do not have access to any replies or responses from the contacts you reach out to.

We share data only in the following limited circumstances:

• Connected integrations. When you explicitly push leads to a CRM, email platform, or other tool, data is transmitted to that service according to your instructions and their own privacy policies.
• Payment processor. Billing details are handled by our PCI-compliant payment processor (currently Stripe). We receive only a non-sensitive token and subscription status.
• Analytics. We may use privacy-respecting analytics tools to understand aggregate usage patterns. No personally identifiable information is shared.
• Legal requirements. We may disclose information if required by law, court order, or to protect the rights and safety of LeadLeap and its users.

API keys, OAuth tokens, and other credentials you provide to connect third-party services are:

• Encrypted at rest using industry-standard AES-256 encryption.
• Never logged, printed to application logs, or included in error reports.
• Never shared with any party other than the integration service you authorized.
• Deleted immediately when you disconnect an integration or close your account.

Account data (profile, usage history, unlocked leads) is retained while your account is active. If you delete your account, we permanently remove your personal data within 30 days, except where retention is required by law (e.g., billing records for tax purposes, retained for up to 7 years).

Anonymized, aggregated usage statistics that cannot identify you may be retained indefinitely for product analytics.

Depending on your location you may have the right to access, correct, export, or delete the personal data we hold about you. To exercise any of these rights, contact us at [email protected]. We will respond within 30 days.

• Access. Request a copy of the data we hold about you.
• Correction. Update inaccurate or incomplete information.
• Deletion. Request erasure of your account and associated personal data.
• Export. Download your data in a portable format via the dashboard or by request.
• Opt-out. Unsubscribe from marketing communications at any time via the unsubscribe link in any email or by contacting us.

We apply industry-standard security measures including TLS in transit, encrypted storage for sensitive credentials, and access controls that limit data exposure to authorized personnel only. No system is perfectly secure; if you discover a vulnerability please disclose it responsibly to [email protected].

We may update this Privacy Policy from time to time. Material changes will be communicated by email and/or by a notice on the platform at least 14 days before taking effect. The “Last updated” date at the top of this page always reflects the current version.

For privacy-related questions, data requests, or concerns, reach us at: