LeadRails

Privacy Policy

Last updated: 2026-05-19

This Privacy Policy describes how LeadRails Inc. ("LeadRails", "we") collects, uses, and shares personal information when you use the LeadRails service ("Service").

1. Information we collect

  • Authentication identifiers — email address, OAuth identity (Google or Microsoft), magic-link tokens.
  • Account + tenant metadata — workspace name, agency relationship, role assignments.
  • Service telemetry — request logs, error traces, delivery outcomes, IP addresses, user-agent strings.
  • Billing information — when paid plans launch, processed by our payment provider (Stripe). We do not store full card numbers.
  • Customer Data — the lead payloads you route through the Service. We process this on your behalf as described in our DPA.

2. How we use information

  • operate, secure, and improve the Service;
  • authenticate users and prevent abuse;
  • process billing and detect fraud;
  • communicate with you about your account, security, or material changes;
  • comply with legal obligations.

3. Third parties

We share information with sub-processors who help us deliver the Service. See the sub-processor list for the current set. We do not sell personal information.

4. Cookies and similar technologies

We use a minimal set of first-party cookies and local storage for session management. We do not run third-party advertising trackers in the admin UI.

5. Retention

We retain account data for the life of your account and a reasonable wind-down window after termination. Customer Data retention is set per the DPA and your plan. Logs are retained for up to 90 days.

6. Your rights

Depending on where you live, you may have the right to access, correct, delete, or port your personal information, or to object to certain processing. Contact privacy@leadrails.dev to exercise these rights.

7. International transfers

Personal information may be processed in the United States and the European Union. Where required, we rely on Standard Contractual Clauses (SCCs) as a transfer mechanism — see the DPA.

8. Security

We use envelope encryption for secrets, HMAC signing for inbound and outbound requests, audit logs, and least-privilege access controls. No system is perfectly secure — please report suspected vulnerabilities to security@leadrails.dev.

9. Children

The Service is not directed to children under 16, and we do not knowingly collect their information.

10. Changes

We will post updates to this policy at this URL and, for material changes, notify account owners by email.

11. Contact

privacy@leadrails.dev