AI Leadz – Privacy Policy

Effective Date: February 24, 2026

Last updated: February 24, 2026

Welcome to AI Leadz ("AI Leadz," "we," "us," or "our"). Protecting your privacy is core to our mission. This Privacy Policy explains how we collect, use, disclose, and protect your Personal Data when you use our websites, APIs, and any related services (collectively, the "Services"). Capitalised terms not defined here have the meanings set out in our Terms of Service.

This product is part of Speed AI Labs. For any information, contact [email protected] or [email protected].

1. Key Points – Quick Summary

We collect only what we need – account details, search queries, payment tokens, and the lead data you request through our Services.
No ad-tech resale – we never sell or rent your Personal Data. Limited sharing happens only with trusted sub‑processors that help us run the Services.
Global rights respected – GDPR, CPRA, and India's DPDP 2023 rights are built in. You can access, correct, delete, or port your data from your dashboard or by emailing us.
Data stays only as long as needed – search history and lead data follow fixed retention schedules; backups and logs follow fixed schedules.
For the full details, keep reading.

2. Definitions

"Personal Data": – any information that identifies or relates to an identifiable individual.
"Search Data": – search queries, filters, and parameters you use to find leads through the Services.
"Lead Data": – contact information, LinkedIn profile data, and other professional information retrieved through the Services.
"Processing": – any operation performed on Personal Data, such as collection, storage, use, or deletion.
"Sub‑processor": – a third‑party service provider we authorise to process Personal Data on our behalf.

3. Personal Data We Collect

Category	Examples	Source
Account Data	Name, email, profile picture, auth‑provider ID	Provided by you or OAuth provider (Supabase)
Payment Data	Encrypted payment token, last 4 digits, billing address, tax ID	Stripe / payment processors; we never store raw card numbers
Search & Usage Data	Search queries, filters, keywords, search history, credits usage, feature interactions	Collected automatically when you use the Services
Lead Data	Email addresses, LinkedIn profiles, job titles, company names, phone numbers, work history	Retrieved through our lead generation Services
Usage & Device Data	IP address, device ID, browser type, OS, referring URL, timestamps, feature use metrics	Collected automatically via cookies, SDKs, server logs
Marketing Data	Campaign source, attribution tags, opt‑in preferences	From you or marketing partners (Meta Ads, Google Ads)

We do not intentionally collect sensitive Personal Data unless you voluntarily provide it in your account or search queries.

4. Purposes & Legal Bases

Purpose	Legal Basis (EEA/UK)	CPRA Category	DPDP Basis
Provide, secure & maintain the Services	Contractual necessity	Service provider processing	Performance of contract
Lead generation & verification	Contractual necessity	Service provider processing	Performance of contract
Service improvement & analytics	Legitimate interest	Internal R&D	Legitimate use
Fraud prevention & security logging	Legitimate interest	Security & integrity	Legitimate use
Billing & account management	Contractual necessity	Service provider processing	Performance of contract
Marketing communications	Consent / legitimate interest	Advertising & marketing	Consent
Legal & regulatory compliance	Legal obligation	Compliance	Compliance & lawful purpose

5. Cookies & Tracking Technologies

We use first‑party cookies and similar technologies to:

Keep you logged in
Measure product performance
Understand marketing effectiveness
Remember your preferences

You can manage non‑essential cookies in your browser settings. Essential cookies are required for the Services to function properly.

6. How We Share Personal Data

We never sell Personal Data. We disclose it only to:

Sub‑processors performing services such as cloud hosting (AWS, Vercel), authentication (Supabase), payments (Stripe), analytics, email delivery, and customer support.
Affiliates under common control and bound by this Privacy Policy.
Legal authorities when required by law or court order.
Successors in a merger, acquisition, or asset sale, provided the new entity honours this Privacy Policy.

We will provide at least 30 days notice before adding any new sub‑processor that processes Personal Data.

7. International Data Transfers

We host data primarily in cloud infrastructure that may be located in various regions including the USA, Europe, and other jurisdictions. When we transfer Personal Data outside your jurisdiction, we rely on:

Standard Contractual Clauses (SCCs) for EEA/UK data
Contractual clauses & onward‑transfer agreements for DPDP compliance
Adequacy decisions or other lawful mechanisms where available

8. Data Retention

Data Type	Default Retention	Rationale
Search history & queries	24 months	Enables search history access & account management
Retrieved lead data	24 months	Enables download history & re-export functionality
Account data	Until account deletion	Needed for account access & service delivery
Billing records	7 years	Tax & accounting obligations
Server logs	12 months	Security & abuse prevention

We may anonymise data and retain it in aggregate form for analytics purposes.

9. Your Rights & Choices

9.1 European Economic Area & United Kingdom

You have the right to access, correct, delete, restrict, or port your Personal Data, and to object to processing or withdraw consent at any time. Submit requests via your dashboard or email [email protected] or [email protected]. We respond within 30 days, extendable once by 30 days for complex requests.

9.2 California (CPRA)

California residents can request:

Categories and specific pieces of Personal Data we collected
Deletion or correction
Opt‑out of "sale" or "share" (we do not sell) and targeted advertising
Limit use of sensitive Personal Data

We verify identity via email token or logged‑in session and respond within 45 days (plus one 45‑day extension if needed).

9.3 India (DPDP 2023)

Indian users may:

Access, correct, or erase Personal Data
Nominate a data fiduciary to exercise rights on their behalf
Lodge a grievance via [email protected] or [email protected]; we resolve within 30 days

9.4 Global Opt‑Outs

Marketing emails – click unsubscribe at the bottom of any email or adjust preferences in your profile.
Account deletion – request account deletion from your dashboard settings or by contacting us.

10. Security Measures

We implement administrative, technical, and organisational safeguards, including:

Encryption at rest & TLS in transit
Role‑based access controls & authentication
Regular security audits & monitoring
Continuous monitoring for anomalous activity

No system is 100% secure, but we strive to minimise risk.

11. Children's Privacy

The Services are not directed to children under 13. We do not knowingly collect Personal Data from children. If you believe a child has provided us data, contact us and we will delete it.

12. Third-Party Services

Our Services integrate with third-party services including:

LinkedIn – for lead data retrieval (subject to LinkedIn's terms of service)
Email verification services – for verifying email addresses
Payment processors – for processing payments
Cloud infrastructure – for hosting and data storage

These third-party services have their own privacy policies. We encourage you to review them.

13. Changes to This Privacy Policy

We may update this Policy periodically. If changes are material, we will provide 30 days advance notice via email and/or in‑product banner. Your continued use after the effective date constitutes acceptance.

14. Contact Us

Speed AI Labs
Attn: Data Protection Officer
Email: [email protected] or [email protected]

If you are an EEA resident, you may lodge complaints with your local Data Protection Authority.

Thank you for trusting AI Leadz with your data.