Sign In Start Free Trial

Privacy Policy

Last Updated: 1 December 2025

At Leadsy, we take your privacy seriously. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our sales intelligence platform and related services.

1. Information We Collect

1.1 Information You Provide

We collect information that you voluntarily provide when using our services:

  • Account Information: Name, email address, phone number, company name, job title, and billing information
  • Profile Data: User preferences, profile photos, and account settings
  • Content Data: Email templates, campaign content, prospect lists, notes, and communications you create through our platform
  • Communication Data: Messages sent to us, customer support enquiries, and feedback
  • Payment Information: Credit card details and billing addresses (processed securely through third-party payment processors)

1.2 Information Collected Automatically

When you access our platform, we automatically collect certain information:

  • Usage Data: Pages visited, features used, time spent on platform, click patterns, and navigation paths
  • Device Information: IP address, browser type and version, operating system, device identifiers, and time zone settings
  • Log Data: Access times, error logs, and system activity
  • Location Data: Approximate geographic location based on IP address

1.3 Information from Third Parties

We may receive information about you from:

  • B2B Data Providers: Business contact information from providers such as KnowFirst (Australian B2B database), including company data, contact details, and publicly available professional information
  • CRM Integrations: Contact and company data from HubSpot CRM (with your authorisation)
  • Gmail Integration: When you connect your Gmail account via OAuth2, we access email sending capabilities and inbox monitoring to track replies. We store encrypted OAuth tokens (access and refresh tokens) to maintain this connection
  • CSV/File Imports: Contact data you upload directly to our platform
  • Authentication Services: Google OAuth for Gmail integration and single sign-on

1.4 Email Tracking Data

When you send emails through our platform, we collect engagement data:

  • Email Opens: We use a tracking pixel (a 1x1 transparent image) embedded in emails to detect when recipients open your emails
  • Link Clicks: Links in your emails may be rewritten to pass through our tracking service, allowing us to record when recipients click links
  • Reply Detection: We monitor your connected Gmail inbox to detect replies to campaign emails
  • Unsubscribe Requests: We track when recipients use unsubscribe links in your emails

2. How We Use Your Information

We use collected information for the following purposes:

2.1 Service Provision

  • Provide, operate, and maintain our sales intelligence platform
  • Process your transactions and manage subscriptions
  • Deliver email campaigns and manage prospect communications
  • Enable integrations with third-party services
  • Provide customer support and respond to enquiries

2.2 Platform Improvement

  • Analyse usage patterns to improve features and functionality
  • Develop new products and services
  • Conduct research and development
  • Test and monitor platform performance

2.3 Communication

  • Send service-related notifications and updates
  • Provide technical notices and security alerts
  • Respond to customer service requests
  • Send marketing communications (with your consent)

2.4 Security and Compliance

  • Detect, prevent, and address fraud and security issues
  • Enforce our Terms of Service and other policies
  • Comply with legal obligations and regulatory requirements
  • Protect the rights and safety of our users and others

3. Data Sharing and Disclosure

We may share your information in the following circumstances:

3.1 Service Providers

We share data with third-party vendors who perform services on our behalf:

  • Cloud Infrastructure: Supabase (PostgreSQL database hosting), Vercel (application hosting)
  • Email Services: Gmail API (prospect emails sent from your connected Gmail account), SendGrid (system notifications only)
  • Payment Processing: Stripe (subscription billing and payments)
  • B2B Data Enrichment: KnowFirst (Australian business database for contact enrichment)
  • CRM Integration: HubSpot (when you choose to connect your HubSpot account)
  • Analytics: Google Analytics (website usage statistics)

3.2 Gmail Integration Disclosure

When you send emails to prospects through Leadsy, those emails are sent directly from your connected Gmail account using the Gmail API. This means the email appears to come from your personal or business Gmail address, not from Leadsy. We require Gmail OAuth permissions (gmail.send, gmail.readonly, gmail.modify) to facilitate this functionality. Your Gmail credentials (OAuth tokens) are encrypted using AES-256-GCM encryption before storage.

3.3 Business Transfers

If we are involved in a merger, acquisition, sale of assets, or bankruptcy, your information may be transferred as part of that transaction.

3.4 Legal Requirements

We may disclose information when required by law or in response to:

  • Legal processes (court orders, subpoenas)
  • Government or regulatory requests
  • Enforcement of our terms and policies
  • Protection of our rights, privacy, safety, or property

3.5 With Your Consent

We may share information with third parties when you explicitly consent to such sharing.

4. Cookies and Tracking Technologies

We use cookies and similar tracking technologies to collect and track information:

4.1 Types of Cookies

  • Essential Cookies: Required for platform functionality and security
  • Performance Cookies: Collect anonymous usage statistics
  • Functional Cookies: Remember your preferences and settings
  • Marketing Cookies: Track effectiveness of advertising campaigns

4.2 Your Cookie Choices

You can control cookies through your browser settings. Note that disabling cookies may affect platform functionality. Most browsers allow you to refuse cookies, delete existing cookies, and set preferences for specific websites.

5. Data Retention

We retain your information for as long as necessary to:

  • Provide our services and maintain your account
  • Comply with legal obligations and resolve disputes
  • Enforce our agreements and policies
  • Backup and disaster recovery purposes

Upon account deletion, we will delete or anonymise your personal information within 90 days, except where retention is required by law or legitimate business purposes (e.g., fraud prevention, financial records).

6. Your Privacy Rights

Depending on your location, you may have the following rights:

6.1 GDPR Rights (European Users)

  • Access: Request copies of your personal data
  • Rectification: Correct inaccurate or incomplete data
  • Erasure: Request deletion of your data ("right to be forgotten")
  • Restriction: Limit how we use your data
  • Portability: Receive your data in a structured, machine-readable format
  • Objection: Object to processing based on legitimate interests
  • Withdraw Consent: Withdraw consent for data processing at any time

6.2 CCPA Rights (California Users)

  • Know: What personal information is collected and how it's used
  • Access: Request copies of your personal information
  • Delete: Request deletion of your personal information
  • Opt-Out: Opt out of the sale of personal information (we do not sell personal data)
  • Non-Discrimination: Equal service regardless of privacy rights exercise

6.3 Australian Privacy Rights

Under the Australian Privacy Act 1988, you have the right to access and correct your personal information, make complaints about privacy breaches, and request that we stop sending you marketing communications.

6.4 Exercising Your Rights

To exercise these rights, contact us at privacy@leadsy.com. We will respond within 30 days and may require identity verification to protect your information.

7. International Data Transfers

Leadsy operates globally. Your information may be transferred to and processed in countries other than your country of residence, including Australia, the United States, and the European Union.

When we transfer data internationally, we implement appropriate safeguards:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Data Processing Agreements with third-party processors
  • Adequacy decisions where applicable
  • Encryption and security measures during transfer

8. Data Security

We implement industry-standard security measures to protect your information:

8.1 Technical Safeguards

  • TLS/SSL encryption for all data in transit (HTTPS enforced)
  • AES-256-GCM authenticated encryption for sensitive data at rest, including OAuth tokens
  • Secure key derivation using PBKDF2 with random salts
  • JWT-based authentication with secure session management
  • CSRF protection on all state-changing API endpoints
  • Rate limiting to prevent brute force attacks

8.2 Organisational Safeguards

  • Role-based access controls (Admin, Campaign Manager, Sales Manager, Sales Rep)
  • Multi-tenant data isolation with organisation-scoped access
  • Multi-factor authentication (TOTP) support
  • Automatic OAuth token validation and refresh
  • Incident response and breach notification procedures
  • Regular security policy reviews and updates

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security but continuously work to improve our safeguards.

9. Children's Privacy

Our services are not directed to individuals under 18 years of age. We do not knowingly collect personal information from children. If we discover that a child has provided us with personal information, we will delete it immediately. Parents or guardians who believe their child has provided information should contact us at privacy@leadsy.com.

10. Third-Party Links

Our platform may contain links to third-party websites, applications, and services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any information.

11. Updates to This Policy

We may update this Privacy Policy periodically to reflect:

  • Changes in our practices or services
  • Legal or regulatory requirements
  • Industry best practices
  • User feedback and suggestions

We will notify you of material changes via email or platform notification. Your continued use of our services after changes become effective constitutes acceptance of the updated policy. The "Last Updated" date at the top indicates when the policy was last revised.

12. Contact Information

For questions, concerns, or requests regarding this Privacy Policy or our data practices, contact us:

Leadsy Privacy Team

Email: privacy@leadsy.com

Address: [Company Address]

Phone: [Phone Number]

We will respond to your enquiry within 30 days. If you're not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.

Data Protection Officer

For GDPR-related enquiries, you may contact our Data Protection Officer at dpo@leadsy.com.

Supervisory Authority

If you are located in the European Economic Area, you have the right to lodge a complaint with a supervisory authority. In Australia, privacy complaints can be directed to the Office of the Australian Information Commissioner (OAIC):

  • Website: www.oaic.gov.au
  • Phone: 1300 363 992
  • Email: enquiries@oaic.gov.au

By using Leadsy's services, you acknowledge that you have read and understood this Privacy Policy and agree to the collection, use, and disclosure of your information as described herein.