Privacy Policy

Last updated: April 12, 2026

Leadzy ("we", "us", "our") operates the Leadzy platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

Account Information

When you create an account, we collect:

Email address
Full name
Password (stored as a bcrypt hash — we never see your plain password)
Google account info if you sign in with Google (name, email, Google ID)

Prospect Data

When you use our prospecting features, we process:

Search queries (industry, location)
Prospect information found via public sources (company names, addresses, phone numbers, websites)
Enriched data (emails, LinkedIn profiles, company details) obtained from third-party providers

Usage Data

We automatically collect:

IP address (for rate limiting and security)
Browser type and version
Pages visited and features used
Timestamps of actions

2. How We Use Your Information

To provide the service: searching for prospects, enriching data, sending emails
To process payments: via Stripe (we do not store credit card numbers)
To send transactional emails: verification, password reset, sequence emails (via Resend)
To improve the service: analytics, bug fixes, feature development
To prevent abuse: rate limiting, fraud detection

3. Third-Party Services

We use the following third-party services to operate Leadzy:

Google Places API — to search for businesses (Google's Privacy Policy)

Hunter.io — to find and verify email addresses (Privacy Policy)

Anthropic (Claude) — to power AI features (Privacy Policy)

Stripe — to process payments (Privacy Policy)

Resend — to send emails (Privacy Policy)

Railway — to host the application (Privacy Policy)

4. Data Storage and Security

Data is stored in PostgreSQL databases hosted on Railway (US-based infrastructure)
All connections use TLS/SSL encryption
Passwords are hashed with bcrypt (never stored in plaintext)
API keys are hashed and only the prefix is displayed
We implement rate limiting to prevent brute-force attacks

5. Your Rights (GDPR & CCPA)

You have the right to:

Access your data — export all your data as JSON from Settings → Data & Privacy
Delete your account — permanently delete all data from Settings → Data & Privacy
Rectify your data — update your name and password from Settings → Account
Port your data — export prospects, sequences, and settings as JSON or CSV
Object to processing — contact us to restrict how we use your data
Withdraw consent — unsubscribe from emails or delete your account at any time

6. Data Retention

Account data is retained for the lifetime of your account
When you delete your account, all data is permanently erased within 24 hours
Sequence email logs are retained for 90 days for deliverability analysis
Server logs are retained for 30 days

7. Email Sequences & CAN-SPAM Compliance

When you use email sequences to contact prospects:

All emails include an unsubscribe link
Unsubscribe requests are processed immediately
You are responsible for ensuring your outreach complies with applicable laws (CAN-SPAM, GDPR)
We do not sell or share prospect email addresses with third parties

8. Children's Privacy

Leadzy is not intended for use by individuals under 18 years of age. We do not knowingly collect personal information from children.

9. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or by posting a notice on the platform.

10. Contact Us

If you have questions about this Privacy Policy or want to exercise your data rights, contact us at:

Email: privacy@leadzy.org

Data Protection: To export or delete your data, go to Settings → Data & Privacy in your dashboard.