Privacy Policy

1. Introduction

Leadaro (“we,” “our,” or “us”) is committed to protecting the privacy of teams that rely on our revenue operations platform. This Privacy Policy describes the information we collect, how we use it, and the options you have to manage your personal data.

2. Scope

This policy applies to the Leadaro web application, mobile experiences, APIs, and support channels. Supplemental notices may describe privacy practices for specific beta features or integrations; those notices prevail where they provide additional detail.

3. Information We Collect

3.1 Information You Provide

• Account Information: Name, business email, password, job role, and workspace preferences collected when you register or update a profile.
• Billing Details: Payment instruments processed by Razorpay; Leadaro receives limited tokens and metadata required for invoicing and fraud prevention.
• Lead Records: Contact and company data that you upload, import, or create while using the platform.
• Support Correspondence: Information shared through chat, email, or product feedback when you request assistance.

3.2 Automatically Collected Information

• Usage Data: Feature interactions, session timestamps, referring URLs, and configuration states that help us maintain service reliability.
• Device Data: IP address, browser type, operating system, locale, and device identifiers captured through standard server logs.
• Cookies and Local Storage: Authentication tokens, session preferences, and analytics identifiers controlled through workspace and browser settings.

3.3 Optional Integrations

• CRM Connectors: If you connect a CRM such as Salesforce or HubSpot, we sync only the fields you map during setup.
• Productivity Tools: Calendar, email, or task integrations persist meeting metadata and task status to power dashboards and automations.
• Integrations can be disabled at any time. When you disconnect a tool, no new data is imported; previously synced information stays under your workspace ownership until you delete it.

3.4 Data We Do Not Collect

• We do not purchase or resell third-party contact databases.
• We do not ingest call recordings or transcripts by default.
• We do not track end users for behavioral advertising.

4. How We Use Your Information

We use collected information to:

• Provide, maintain, and secure the Leadaro platform.
• Configure lead routing, scoring, and automation that you request.
• Process payments, manage billing cycles, and send transactional notices.
• Deliver support, investigate issues, and comply with legal obligations.
• Improve product performance through aggregated analytics with identifiers removed whenever feasible.
• Send product updates or marketing communications in line with your preferences and applicable law.

5. Legal Bases for Processing

Where required by law (including GDPR), we rely on the following legal bases:

• Contractual necessity: Processing needed to deliver services under our agreement with you or your organization.
• Legitimate interests: Protecting the security of the platform, preventing fraud, and improving features.
• Consent: Optional features like marketing emails or certain cookies that you may enable or disable.
• Legal obligations: Compliance with accounting, tax, and regulatory requirements.

6. Data Ownership and Workspace Controls

You retain ownership of all customer and lead data uploaded to Leadaro. We act as a processor on your behalf, maintain logical separation between workspaces, and provide administrative controls so you can manage access, retention, and export permissions.

7. AI and Automated Processing

Leadaro offers optional machine learning features-such as lead scoring, duplicate detection, and suggested segments-that operate on data within your workspace. These models do not train on cross-customer datasets. Automated outputs remain subject to user review, and you can disable them at any time.

8. Information Sharing and Disclosure

We do not sell personal information. We share it only in the circumstances below.

8.1 Service Providers

We engage vetted subprocessors bound by confidentiality, security, and data processing obligations that mirror this policy, including:

• Razorpay: Subscription billing and payment management.
• Cloud Infrastructure: Hosting, storage, log management, and monitoring providers located in the United States and European Union.
• Email and Messaging: Transactional email, SMS, and in-app notification services.
• Analytics: Privacy-centric analytics used to monitor uptime and feature adoption, aggregated whenever possible.

8.2 Legal Requirements

We may disclose information if required by law, subpoena, or court order, or when necessary to protect our rights, customers, or the public.

8.3 Business Transfers

If Leadaro undergoes a merger, acquisition, restructuring, or sale of assets, we may transfer personal information subject to confidentiality obligations and advance notice where feasible.

9. Data Security

We apply organizational and technical safeguards to protect personal information, including:

• Encryption: TLS 1.2+ for data in transit and AES-256 encryption for critical data at rest.
• Access Controls: Role-based permissions, least-privilege access, enforced multi-factor authentication, and quarterly access reviews.
• Security Testing: Routine vulnerability scanning, penetration testing, and third-party assessments aligned with industry frameworks.
• Operational Safeguards: Secure development practices, incident response procedures, and encrypted backups with tested recovery processes.

No method of transmission or storage is fully secure. We continually assess our controls and remediate issues promptly.

10. International Data Transfers

We may process data in the United States or other countries where we or our subprocessors operate. When transferring personal information internationally, we rely on Standard Contractual Clauses or other legally recognized safeguards and require subprocessors to implement equivalent protections.

11. Data Retention

We retain personal information for as long as necessary to provide services and fulfill legitimate business or legal obligations. When you close a workspace:

• Account data is deleted within 30 days unless retention is required by law.
• Workspace owners can export leads and activity logs in CSV or JSON before deletion.
• Aggregated analytics without personal identifiers may be retained to improve reliability.

12. Marketing Communications

We send product announcements, onboarding tips, and promotional messages to the extent permitted by law. You can update your preferences in your profile or opt out via the unsubscribe link in any marketing email. Transactional messages related to your account are required to deliver the service.

13. Cookies and Tracking Technologies

We use cookies, local storage, and similar technologies to authenticate users, remember preferences, and measure product performance. Workspace administrators can manage optional analytics cookies within the privacy settings. Most browsers allow you to block or delete cookies, though doing so may affect certain features.

14. Your Rights and Choices

Depending on your location, you may exercise the rights below by adjusting workspace settings or contacting us at hello@leadaro.io.

14.1 Access and Portability

Export your workspace data at any time from the admin console or by submitting a request.

14.2 Correction

Update user profiles, lead records, and configuration settings directly within the product.

14.3 Deletion

Request account deletion or manually remove data. Verified deletion requests are fulfilled within 30 days unless longer retention is legally required.

14.4 Marketing Preferences

Opt out of marketing emails via the unsubscribe link or profile settings. You will continue to receive transactional notices necessary to deliver the service.

14.5 Cookies and Tracking

Configure browser-level controls or disable analytics cookies in workspace settings. Some features rely on essential cookies to function.

15. Children’s Privacy

Leadaro is intended for business use and not directed to individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us information, please contact us so we can remove it.

16. Third-Party Links

Our platform may include links to third-party websites or services. Their privacy practices are governed by their own policies, which we recommend reviewing before providing information.

17. California Privacy Rights (CCPA/CPRA)

California residents may request to know, access, delete, or correct personal information and can opt out of the sale or sharing of personal data. Leadaro does not sell or share personal information for cross-context behavioral advertising, and we honor opt-out requests by confirming that status and limiting optional analytics tools. Authorized agents may submit requests with proof of authority.

18. GDPR/UK GDPR/Swiss FDPIC Rights

Individuals in the European Economic Area, United Kingdom, and Switzerland have rights to access, rectify, erase, restrict, or object to processing, as well as the right to data portability and to lodge a complaint with a supervisory authority. Leadaro acts as a data processor for customer-submitted lead data and as a controller for account metadata needed to run the service.

19. Changes to This Privacy Policy

We may update this policy to reflect regulatory developments or product enhancements. We will post revisions here, update the “Last updated” date, and provide advance notice via email or in-product alerts if changes are material.