Privacy Policy

We collect information that you provide directly, that is generated through your use of our Services, and that we receive from third-party sources. **Information You Provide:** - Account registration details (name, email address, password, company name) - Billing and payment information (processed securely through Stripe; we do not store full credit card numbers) - Profile information (job title, phone number, profile photo) - Content you create within the platform (contacts, deals, notes, emails, documents) - Communications with our support team (chat transcripts, emails, phone call recordings if disclosed) - Survey responses and feedback **Information Collected Automatically:** - Device and browser information (IP address, browser type, operating system, device identifiers) - Usage data (features accessed, pages viewed, clicks, time spent, search queries) - Log data (access times, error logs, referring URLs) - Location data (country and city level, derived from IP address) - Cookie and tracking data (see our Cookie Policy for details) **Information from Third Parties:** - Single Sign-On providers (Google, Microsoft, Okta) when you choose to authenticate through them - Data enrichment services that supplement your contact records with publicly available business information - Payment processors that confirm transaction status

We use the information we collect for the following purposes: - **Providing and operating the Services:** To create and manage your account, process transactions, deliver features, and provide customer support. - **Improving our platform:** To analyze usage patterns, diagnose technical issues, develop new features, and optimize performance and user experience. - **Personalization:** To customize your experience, including AI-powered recommendations, lead scoring, and predictive analytics within the platform. - **Communication:** To send service-related notifications (billing confirmations, security alerts, product updates), and — with your consent — marketing communications about new features, events, and offers. - **Security and fraud prevention:** To detect, investigate, and prevent fraudulent transactions, unauthorized access, and other illegal activities. - **Legal compliance:** To comply with applicable laws, regulations, legal processes, or enforceable governmental requests. - **AI model training:** We may use aggregated and anonymized usage data to improve our AI models. We never use your proprietary business data (contacts, deals, customer records) to train models accessible to other customers.

We do not sell your personal information. We share your information only in the following circumstances: - **Service Providers:** We work with trusted third-party companies that process data on our behalf (cloud hosting, payment processing, email delivery, analytics). These providers are contractually bound to use your data only as instructed and to maintain appropriate security measures. - **Integration Partners:** When you enable third-party integrations (e.g., Slack, Google Workspace, Zapier), data is shared with those platforms as necessary to provide the integration functionality. This sharing is initiated and controlled by you. - **Legal Requirements:** We may disclose information if required by law, subpoena, court order, or governmental regulation, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others. - **Business Transfers:** In the event of a merger, acquisition, or sale of assets, your information may be transferred. We will notify you of any such change and any choices you may have regarding your information. - **With Your Consent:** We may share information with third parties when you have explicitly consented to such sharing. We require all third parties to respect the security of your data and to treat it in accordance with applicable law.

We implement industry-leading security measures to protect your information: - **Encryption:** All data is encrypted at rest using AES-256 and in transit using TLS 1.3. - **Infrastructure:** Our platform runs on SOC 2 Type II certified cloud infrastructure with redundant data centers. - **Access Controls:** We enforce role-based access controls, multi-factor authentication, and principle of least privilege across our organization. - **Monitoring:** We maintain 24/7 security monitoring, automated threat detection, and regular penetration testing by independent security firms. - **Incident Response:** We have a documented incident response plan and commit to notifying affected customers within 72 hours of confirming a data breach. - **Certifications:** Leadify Labs is SOC 2 Type II certified and GDPR compliant. We conduct annual third-party security audits. While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure. We encourage you to use strong passwords and enable multi-factor authentication on your account.

We use cookies and similar tracking technologies to operate and improve our Services. These include: - **Essential Cookies:** Required for the platform to function (authentication, session management, security). - **Analytics Cookies:** Help us understand how users interact with our platform so we can improve the experience. - **Preference Cookies:** Remember your settings and preferences (language, timezone, display options). - **Marketing Cookies:** Used with your consent to deliver relevant advertisements and measure campaign effectiveness. You can manage your cookie preferences through your browser settings or our cookie consent banner. For more details, please see our [Cookie Policy](/cookies).

Depending on your location, you may have the following rights regarding your personal information: - **Access:** Request a copy of the personal data we hold about you. - **Rectification:** Request correction of inaccurate or incomplete data. - **Erasure:** Request deletion of your personal data (subject to legal retention requirements). - **Portability:** Request your data in a structured, machine-readable format. - **Restriction:** Request that we restrict the processing of your data in certain circumstances. - **Objection:** Object to the processing of your data for direct marketing purposes. - **Withdraw Consent:** Where processing is based on consent, withdraw that consent at any time. **For EU/EEA/UK residents (GDPR):** You have the right to lodge a complaint with your local data protection authority. **For California residents (CCPA/CPRA):** You have the right to know what personal information we collect, request deletion, opt out of the sale of personal information (we do not sell your data), and not be discriminated against for exercising your rights. To exercise any of these rights, please contact us at privacy@leadifylabs.com. We will respond to your request within 30 days.

We retain your personal information for as long as your account is active or as needed to provide you with our Services. When you close your account, we will delete or anonymize your data within 90 days, unless we are required to retain it for legal, accounting, or audit purposes. Backup copies may persist for up to 30 additional days after deletion from our primary systems. Aggregated, anonymized data that cannot be used to identify you may be retained indefinitely for analytical purposes.

Leadify Labs is headquartered in the United States. If you are accessing our Services from outside the United States, your information may be transferred to and processed in the United States or other countries where our service providers operate. We ensure appropriate safeguards are in place for international transfers, including Standard Contractual Clauses (SCCs) approved by the European Commission and adherence to the EU-US Data Privacy Framework. Enterprise customers may choose specific data residency regions (US, EU, or APAC) to keep their data within a designated geography.

Our Services are not directed to individuals under the age of 16, and we do not knowingly collect personal information from children. If we learn that we have collected information from a child under 16, we will take steps to delete that information promptly. If you believe we have collected information from a child, please contact us at privacy@leadifylabs.com.

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. We will notify you of material changes by posting a notice on our website, sending an email to your registered address, or through an in-app notification at least 30 days before the changes take effect. Your continued use of the Services after the effective date of the updated policy constitutes your acceptance of the changes.

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us: - **Email:** privacy@leadifylabs.com - **Mail:** Leadify Labs Inc., 548 Market Street, Suite 36879, San Francisco, CA 94104, USA - **Data Protection Officer:** dpo@leadifylabs.com For EU-specific inquiries, you may also contact our EU representative at eu-representative@leadifylabs.com.