Updated: November 8, 2025
This Privacy Policy (“Policy”) explains how Leadoro and our affiliates (“Leadoro,” “we,” “our,” or “us”) process Personal Data (defined below) of individuals who use our services, including our platform, websites (e.g., leadoro.net), mobile applications, and other online services (collectively, the “Services”). It also explains your rights and choices about how your Personal Data is used.
“Personal Data” means any information relating to an identified or identifiable individual (e.g., name, address, phone number, email). In some laws this may be called “personal information.”
Scope & Roles. This Policy applies when we provide our Services, products, and platforms directly to individual users; in these cases Leadoro acts as a data controller. This Policy does not apply where we provide the Services to business customers and process Personal Data on their behalf (e.g., leads, contacts, end users) as a processor/service provider; such processing is governed by our customer contracts and data protection addenda.
1. Categories of Personal Data We Collect
1.1 Personal Data You Provide to Us
- Account & Contact Information. Name, email address, phone number, mailing address, company/role, communication preferences, and (where lawful) date of birth.
- Lead/CRM Content You Upload. Lead lists, contact details, notes, tags, files, and any other data you import or create in the Services. These may include Personal Data about third parties that you are responsible for collecting lawfully.
- User Content. Forms, messages, fields you complete, support tickets, feedback, and survey responses.
- Integrations. If you connect third-party services (e.g., email, calendars, productivity, ad platforms), we receive the data you authorize (e.g., message headers, meeting metadata, campaign metrics).
- Marketing Preferences & Subscriptions. Newsletter sign-ups, event registrations, and your preferences.
- Payment Information. Our third-party payment processor [Payment Processor Name] collects and processes payment data (e.g., name, email, billing address, credit/debit card or bank details). Please review [Payment Processor Name]’s privacy policy.
- Verification/KYC (if applicable). Where required by law or risk controls, proof of address, government ID, or similar information to verify identity.
- Other Information You Provide. Participation in alpha/beta programs, bug reports, responsible disclosure, or events (online/offline). Some offerings may have additional terms.
1.2 Personal Data We Automatically Collect (Cookies & Similar Tech)
We and our partners use cookies, pixel tags, SDKs, and similar technologies (“Cookies”) to collect:
- Location (approximate). Derived from IP address (with consent where required).
- Device/Technical Data. IP address, browser type, OS version, device identifiers, mobile ad IDs, app versions, and push tokens.
- Usage Data. Pages viewed, features used, clicks, scrolls, referring/exit pages, timestamps, session duration, error logs.
1.3 Personal Data from Third Parties
- Third-Party Sources. If permitted by law, we may receive publicly available or licensed business contact information (e.g., company, role, work email) from data providers to help customers find and update leads.
- Third-Party Logins. If you sign in via Google, Microsoft, or similar, we receive information such as your name, email, and profile picture.
- Service Providers. Verification/background checks (KYC/AML) where applicable.
In some cases, we need certain Personal Data to provide the Services. If you do not provide it, you may not be able to use some features. We will tell you when information is required by law or contract and what happens if you don’t provide it.
2. Purposes of Processing & Legal Bases
When acting as a controller, we process Personal Data for the purposes and legal bases below. Where we rely on legitimate interests, you may object as described in Section 7.
| Purpose | Description | Legal Basis |
|---|---|---|
| Provide the Services | Create and manage accounts, deliver features, process your instructions. | Contract performance |
| Customer communications | Send service messages, respond to inquiries, provide support. | Legitimate interests; contract performance |
| Lead/CRM operations | Store and manage lead data you upload and actions you take within the platform. | Contract performance |
| Personalization | Tailor content, suggestions, onboarding, and in-product tips. | Legitimate interests |
| Product analytics & improvement | Understand usage, fix bugs, develop new features, quality assurance. | Legitimate interests |
| Marketing | Send marketing emails and show promotions about products/services. | Consent (where required) |
| Billing & accounting | Process payments and manage invoices/records. | Contract performance; legal obligation |
| Fraud & abuse prevention | Detect/prevent security incidents, misuse, or illegal activity. | Legitimate interests; legal claims |
| Security | Protect accounts, integrity of the platform, and our responsible disclosure program. | Legitimate interests; legal obligation |
| Compliance | Comply with laws, tax and accounting, court orders. | Legal obligation |
| Training & R&D (de-identified/aggregate) | Use de-identified or aggregate data to improve models, heuristics, and workflows. | Legitimate interests |
| Usage tracking via Cookies | Measure performance; marketing/retargeting. | Consent where required |
| Other purposes | Any additional purpose disclosed at collection. | As specified at collection |
AI features and training. We may use de-identified or aggregate data derived from your use of the Services to improve algorithms and features. We do not use your uploaded lead records to profile or target you as a consumer. Where required, you can opt out (see Section 7).
Content moderation & account actions. We are not obligated to monitor all content, but we may audit inputs/outputs (including data you upload) to protect users, prevent fraud/abuse, and enforce our terms. Violations of our Acceptable/Prohibited Use rules may result in suspension or termination.
3. Data Recipients
We may share Personal Data with:
- Affiliates. For purposes consistent with this Policy.
- Vendors/Service Providers. Hosting, cloud, storage, analytics, support, communications, payments, verification, security, and professional services—only as needed to perform services for us.
- Other Users. If you choose to share records, pipelines, or workspaces, or invite collaborators.
- Third-Party Integrations. If you connect or direct us to share with tools you choose (e.g., email, calendar, ad platforms).
- Legal & Safety. To comply with laws, respond to lawful requests, or protect rights, property, and safety.
- Corporate Transactions. In a merger, acquisition, financing, or sale of assets.
- With Your Consent. Where you direct or consent to sharing.
4. International Data Transfers
Our Services may involve transfers of Personal Data to countries outside your own (including the United States, EU/EEA, United Kingdom, Singapore, India, and other locations where we or our providers operate). Where required, we implement safeguards such as:
- Adequacy decisions by competent authorities;
- Standard Contractual Clauses or equivalent contractual safeguards;
- Participation in recognized transfer frameworks; or
- Your explicit consent.
When data is processed in another jurisdiction, it may be accessible to courts, law enforcement, and national security authorities under local laws. You can contact us (Section 13) to learn more or request a copy of relevant transfer safeguards.
Illustrative recipient categories & purposes:
| Recipient category | Typical locations | Purpose | Data types (examples) |
|---|---|---|---|
| Cloud/Hosting providers | US, EU, Singapore, India | Storage, compute, backups, security | Account data, lead data, logs |
| Payment processors | US/EU | Payment processing | Name, email, billing address, payment tokens |
| Analytics/Marketing platforms | US/EU | Product analytics, campaigns | IP, device, usage, campaign data |
| Support & Collaboration tools | US/EU | Ticketing, in-app support, incident response | Contact info, ticket content |
5. Data Retention
We keep Personal Data only as long as necessary for the purposes described here or as required by law (e.g., tax/accounting), then delete or de-identify it. Factors include Service type, account status, legal holds, and limitation periods.
Unless law requires longer retention, we generally:
- retain account & CRM data for the life of the account; upon account closure we aim to delete or anonymize within 90 days (backups may take longer to cycle);
- retain support records typically for 3 years;
- retain billing records for the period required by applicable law;
- retain security logs for a period proportionate to risk and operational needs.
6. Cookies & Your Choices
We use:
- Strictly Necessary Cookies (cannot be disabled in our systems);
- Performance & Analytics Cookies (to operate, maintain, and improve Services—may use our tools and/or third parties like analytics providers);
- Targeting/Advertising Cookies (to show relevant ads and limit repeats, on our sites and others).
Your options:
- Browser Controls. Block/delete Cookies in your browser (some features may break).
- Analytics Opt-out. Use the provider’s opt-out tools where available (e.g., Google Analytics opt-out add-on).
- Ad Choices. Visit industry opt-out pages (e.g., Network Advertising Initiative / Digital Advertising Alliance) and mobile OS ad-tracking settings.
- Consent Manager. Where required, use our banner or settings to manage preferences.
7. Your Rights
Depending on your location, you may have rights to:
- Access Personal Data we hold about you;
- Correct inaccuracies;
- Delete your account and/or Personal Data;
- Restrict or Object to certain processing;
- Port your data to another organization;
- Withdraw Consent (where processing relies on consent);
- Opt Out of data use for model training (where available—see Data usage in account settings or contact us);
- Opt Out of marketing communications (via unsubscribe links; service emails will still be sent).
You can exercise rights via your account settings or by contacting us as described in Section 13. We may request information to verify your identity. Legal exceptions/limitations may apply. You can also lodge a complaint with your local supervisory authority.
7.2 United States Residents (State Laws)
Some state laws (e.g., CA/CO/CT/UT/VA/OR/MT/TX) grant additional rights:
- Sale/Sharing/Targeted Advertising. Our use of advertising Cookies or sharing with ad tech vendors may be a “sale,” “sharing,” or “targeted advertising.” You may opt out via our “Do Not Sell or Share My Personal Information” link (or Global Privacy Control where recognized).
- Access, Delete, Correct, Port, Opt-Outs. You may submit these requests and, where applicable, appeal a denied request.
- Authorized Agents. You may designate an authorized agent; we may require proof of authority and your verification.
- Do Not Track. Our sites are not configured to respond to browser “DNT” signals.
7.3 India Residents
In addition to the above and subject to the Digital Personal Data Protection Act, 2023:
- Right of Nomination. Nominate an individual to exercise your rights in case of death or incapacity.
- Grievance Redressal. Contact our Grievance Officer for complaints and resolutions (details in Section 13).
- Consent Management. Withdraw consent at any time; we apply preferences prospectively.
8. Third-Party Sites & Services
Our Services may link to or integrate with third-party websites, apps, and services. Their privacy practices are governed by their own policies; we are not responsible for them. Review their policies before sharing data.
9. Security
We implement reasonable technical and organizational measures designed to protect Personal Data (e.g., encryption in transit, access controls, logging). No electronic system is perfectly secure; to the extent permitted by law, we cannot guarantee absolute security. For more information, see our Security resources or contact us.
10. Children’s Privacy
Our Services are not directed to individuals under 18 years of age, and we do not knowingly collect Personal Data from them. If we learn we have collected such data, we will delete it. Do not upload children’s Personal Data to the Services.
11. Additional Information About Biometric/Verification Data (If Used)
If Leadoro offers features that collect biometric identifiers or information (e.g., facial or voice verification), we collect and use them solely for verification/security, disclose only as necessary to provide and improve the Services, and retain them until no longer needed for those purposes or for 3 years after the end of our relationship—whichever is sooner.
12. Changes to This Policy
We may update this Policy periodically. If we make material changes, we will notify you as required by law (e.g., by email, in-app notice, or on our websites) and indicate the effective date.
13. Contact Us
Controller: Leadoro (legal entity name)
Address: [Company postal address]
Email: [privacy@leadoro.net] (or your preferred contact)
Data Protection Officer (if applicable): [DPO name & contact]
India Grievance Officer (if applicable): [Name, email, phone, postal address]
US “Do Not Sell or Share” & Privacy Requests: [URL or instructions]
EU/UK Representative (if applicable): [Representative details]
Processor Disclosures (when we process on behalf of business customers)
When a business customer uses our Services to process Personal Data it controls (e.g., uploading lead lists), Leadoro acts as a processor/service provider and processes such data strictly per the customer’s instructions, our agreement, and applicable law. Customers are responsible for providing appropriate privacy notices and obtaining required consents for the data they submit to the Services.
Region-Specific Notices (Summary)
- EEA/UK/Switzerland: Where we rely on legitimate interests, we’ve balanced your rights and interests; contact us to object. For cross-border transfers, we use SCCs or other safeguards.
- Brazil: We process data under bases allowed by the LGPD (e.g., contract, legitimate interests, consent, legal obligation).
- Canada: We obtain consent where required and allow access/correction requests per applicable law.
- India: See Section 7.3; grievance redressal available.
