LeadProspecting AI LeadProspecting AI

Privacy Policy

Last updated: May 4, 2026

How we collect, use, disclose, and safeguard your information when you visit our website and use our platform.

Lead Prospecting AI, LLC ("LPAI," "we," "us," or "our") operates the website leadprospecting.ai, the application at app.leadprospecting.ai, and related services. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you visit our website and use our platform.

1. Information We Collect

1.1 Information You Provide

  • Account Information: Name, email address, phone number, business name, and password when you create an account.
  • Payment Information: Credit card details, billing address, and transaction history. Payment processing is handled by Stripe — we do not store full card numbers on our servers.
  • Business Data: Contacts, leads, appointments, quotes, invoices, email content, and other business data you enter into the CRM.
  • Communications: Messages sent through our unified inbox (SMS, email, chat), support requests, and feedback.
  • Custom Quote Requests: Company name, project details, budget range, and service selections submitted via our quote request form.

1.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, session duration, click patterns, and scroll depth.
  • Device Information: Browser type, operating system, screen resolution, and device identifiers.
  • Network Data: IP address, approximate geographic location, referring URL, and ISP.
  • Analytics: We use Google Analytics 4, Microsoft Clarity (heatmaps and session recordings), and our own self-hosted analytics to understand how visitors use our site.

1.3 Information from OAuth Sign-In

When you sign in with Google, Microsoft, Facebook, or LinkedIn, we receive your name, email address, and profile picture from the provider. This information is used to create or authenticate your LPAI account.

1.4 Information from the Lead Scraper

Our Lead Scraper collects business information from publicly available sources, including Google Maps, Google Business Profiles, and public business registries. See Section 4 for details.

1.5 Connected Account Data

When you connect third-party business accounts to LPAI, we receive and store data necessary to operate the features you've enabled. We access only the minimum data required for the features you authorize.

  • Google Business Profile: Account ID, account name, role, location IDs, business name, address, hours, categories, attributes, photos, posts you create through our Social Scheduler, reviews (text, ratings, reviewer name, response history), questions and answers, and performance metrics (calls, direction requests, profile views, post views) for the locations you authorize.
  • Facebook Pages and Instagram Business Accounts: Page IDs, page names, page access tokens, post content you create through our Social Scheduler, basic engagement metrics, and your name, email, and profile picture if you sign in with Facebook.
  • LinkedIn Company Pages: Organization IDs, organization names, post access tokens, post content you create through our Social Scheduler, and basic engagement metrics for posts you publish through LPAI.
  • Microsoft and Google Workspace (calendar, email): Calendar event metadata for availability display and event creation through our booking system. We do not read the content of your email inbox.

2. How We Use Your Information

  • Provide Services: Operate the CRM, lead scraper, email warming, content engine, social scheduler, AI receptionist, email campaigns, SEO tracking, and website design services.
  • Process Payments: Bill subscriptions, one-time purchases, and usage-based charges through Stripe.
  • Improve the Platform: Analyze usage patterns to fix bugs, improve features, and develop new products.
  • Communications: Send transactional emails (receipts, password resets, account alerts), product updates, and marketing communications (with your consent).
  • Security: Detect fraud, prevent abuse, and protect our users and systems.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.
  • AI Processing: Use AI models to generate content (blog posts, social posts, email campaigns) and provide AI receptionist services based on your configuration. We do not use your business data, Google user data, Meta user data, or LinkedIn user data to train AI models.

3. Data Sharing

We do not sell your personal information. We share data only in these circumstances:

  • Service Providers: Stripe (payments), Google (OAuth, analytics), Microsoft (OAuth, Clarity), Meta (OAuth, Pages publishing), LinkedIn (OAuth, organization publishing), Resend (transactional email), Railway (hosting), Vercel (hosting), Cloudflare R2 (file storage), and DataForSEO (rank tracking).
  • Your Integrations: When you connect third-party services, data flows to those services per their privacy policies.
  • Legal Requirements: When required by law, subpoena, or court order, or to protect our rights, property, or safety.
  • Business Transfer: In connection with a merger, acquisition, or sale of assets, your data may be transferred to the acquiring entity, subject to applicable platform requirements and prior notice where required.

4. Lead Scraper Data

Our Lead Scraper collects business information from publicly available sources. This includes business names, addresses, phone numbers, email addresses, websites, reviews, and other publicly listed information. This data is not personal data of LPAI users and is not covered by Sections 1.5 or 7 of this Policy. Users of our scraper are responsible for complying with applicable laws (including CAN-SPAM, TCPA, GDPR, and CASL) when contacting scraped leads.

5. Email Warming

Our email warming service sends and receives emails on your behalf to build sender reputation. These warming emails are automated, use AI-generated content, and are automatically cleaned from your inbox. We do not read, store, or analyze the content of your regular (non-warming) emails.

6. AI Receptionist (Voice AI)

Our AI receptionist processes voice calls in real time to answer questions, qualify leads, and book appointments. Call audio is processed by our AI provider and is not stored permanently. Call summaries and transcriptions are stored in your CRM for your review. We do not use call recordings to train AI models.

7. Third-Party Platform Data

This section governs how LPAI handles data received from specific third-party platforms in addition to the practices described elsewhere in this Policy. Where any provision of this Section 7 conflicts with another section of this Policy, this Section 7 controls with respect to data from the relevant platform.

7.1 Google API Services User Data

LPAI's use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

  • What we access: Google Business Profile account and location data, posts, reviews, Q&A, performance metrics, and (where you sign in with Google) basic profile information for locations and accounts you have explicitly authorized via OAuth.
  • How we use it: Solely to provide the user-facing features you have activated — Social Scheduler publishing, review management, performance dashboards, and Google sign-in.
  • How we store it: Encrypted in transit (TLS 1.2+) and at rest. Access tokens and refresh tokens are encrypted with industry-standard symmetric encryption.
  • How we share it: We do not sell or transfer Google user data to third parties except as needed to provide the services you've requested (to the hosting providers listed in Section 3), to comply with applicable law, or as part of a merger or acquisition with prior notice.
  • AI/ML use: We do not use Google user data to develop, improve, or train generalized AI/ML models.
  • Revoking access: You may revoke our access at any time through your Google Account permissions or by disconnecting Google Business Profile from within LPAI Settings → Integrations. To delete data already stored, see our Data Deletion Instructions.

7.2 Meta Platform Data (Facebook and Instagram)

LPAI's use of data from Meta Platforms (Facebook, Instagram, Messenger) complies with the Meta Platform Terms and Developer Policies.

  • What we access: Page IDs, page names, page access tokens, post content you create through our Social Scheduler, basic engagement metrics, and (where you sign in with Facebook) basic profile information for pages and accounts you have explicitly authorized.
  • How we use it: Solely to provide the Social Scheduler, CRM inbox, and Facebook/Instagram sign-in features you have activated.
  • How we store it: Encrypted in transit (TLS 1.2+) and at rest. Access tokens are encrypted with industry-standard symmetric encryption.
  • How we share it: We do not sell Meta user data. We share it only with the service providers listed in Section 3 to operate the platform, or as required by law.
  • AI/ML use: We do not use Meta user data to develop, improve, or train generalized AI/ML models.
  • Revoking access: You may revoke our access through Facebook → Settings & Privacy → Settings → Apps and Websites, or by disconnecting from within LPAI Settings → Integrations. To delete data already stored, see our Data Deletion Instructions.

7.3 LinkedIn API Data

LPAI's use of data from LinkedIn complies with the LinkedIn API Terms of Use, the LinkedIn User Agreement, and the data handling requirements applicable to the API products we use.

  • What we access: LinkedIn organization (company page) IDs and names, post access tokens, post content you create through our Social Scheduler, basic engagement metrics on posts published through LPAI, and (where you sign in with LinkedIn) basic profile information.
  • How we use it: Solely to provide the Social Scheduler and LinkedIn sign-in features you have activated.
  • How we store it: Encrypted in transit (TLS 1.2+) and at rest. Access tokens are encrypted with industry-standard symmetric encryption.
  • Data restrictions: We do not aggregate, combine, or supplement LinkedIn data with data from other sources. We do not sell, rent, lease, sublicense, distribute, or transfer LinkedIn data to third parties. We do not use LinkedIn data to develop, improve, or train generalized AI/ML models.
  • Retention: We retain LinkedIn member profile data only as long as necessary to provide the active feature, and in any event no longer than permitted by LinkedIn's API data storage requirements. If LPAI's LinkedIn API access is suspended or terminated, we will permanently delete all LinkedIn data within 10 days.
  • Revoking access: You may revoke our access at LinkedIn → Settings → Data privacy → Permitted services, or by disconnecting from within LPAI Settings → Integrations. We will delete the associated data promptly upon disconnection. To delete other data, see our Data Deletion Instructions.

7.4 Microsoft Graph Data

LPAI's use of Microsoft Graph data (Outlook calendar, contacts where authorized) complies with Microsoft's APIs Terms of Use. We access only the minimum data required for the features you activate, store it encrypted in transit and at rest, and do not use it to train AI/ML models. You may revoke access through your Microsoft Account or within LPAI Settings → Integrations.

8. Data Security

  • All data is encrypted in transit using TLS 1.2+.
  • Passwords are hashed using bcrypt with salt.
  • Payment processing is PCI DSS compliant via Stripe.
  • OAuth access and refresh tokens are encrypted at rest.
  • Database access is restricted and audited.
  • We perform regular security reviews and updates.
  • Files are stored in Cloudflare R2 with access controls.

9. Data Retention

  • Account Data: Retained while your account is active and for 90 days after deletion request.
  • Business Data (CRM): Retained while your account is active. Deleted within 90 days of account closure.
  • Connected Account Data: Retained while the relevant integration is connected. Deleted within 30 days of disconnection, except where the underlying platform requires shorter retention (in which case the platform's requirement controls).
  • Analytics Data: Aggregated analytics retained indefinitely. Individual session data retained for 12 months.
  • Payment Records: Retained for 7 years per tax and accounting requirements.
  • Lead Scraper Cache: Cached lead data is retained for 30 days and then refreshed.

10. Your Rights

Depending on your jurisdiction, you may have the right to:

  • Access: Request a copy of the personal data we hold about you.
  • Correction: Request correction of inaccurate personal data.
  • Deletion: Request deletion of your personal data ("right to be forgotten"). See our Data Deletion Instructions for the process.
  • Portability: Request your data in a machine-readable format.
  • Opt-Out: Unsubscribe from marketing emails at any time via the link in each email.
  • Restrict Processing: Request that we limit how we use your data.
  • Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at info@leadprospecting.ai. We will respond within 30 days. Residents of the EU, EEA, UK, and California have additional rights under GDPR and CCPA respectively.

11. Cookies & Tracking

We use the following tracking technologies:

  • Google Analytics 4: Website traffic and user behavior analytics.
  • Google Ads: Conversion tracking for advertising campaigns.
  • Microsoft Clarity: Heatmaps, session recordings, and click analytics.
  • Self-hosted Analytics: Page views, events, scroll depth, and session duration tracked via our own servers.
  • Essential Cookies: Authentication tokens and session management (required for the platform to function).

You can control cookies through your browser settings. Disabling cookies may limit functionality.

12. Children's Privacy

Our services are designed for businesses and are not directed at individuals under the age of 18. We do not knowingly collect personal information from children. If we discover we have collected data from a child, we will delete it promptly.

13. International Data Transfers

Our servers are located in the United States. If you access our services from outside the US, your data will be transferred to and processed in the US. By using our services, you consent to this transfer. Where required by law (e.g., for users in the EU/EEA/UK), we rely on standard contractual clauses or other appropriate safeguards for international transfers.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on our website. Continued use of the service after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions about this Privacy Policy or your data, contact us:

info@leadprospecting.ai
(208) 432-3964
Lead Prospecting AI, LLC, 2414 Addison Ave E, Twin Falls, ID 83301