Privacy Policy

1. Information we collect

Account information: business name, workspace address (subdomain), administrator name, email address and a hashed password. We never store passwords in plain text.

Billing information: your subscription plan, billing history and Stripe customer identifiers. Card numbers are collected and stored by Stripe, our payment processor — they never reach our servers.

Customer Data you store in the Service: leads, contacts, documents, messages, payment records and files your team uploads. We process this data only to operate the Service for you.

Technical data: log records such as IP address, browser type, pages accessed and timestamps, used for security, debugging and abuse prevention.

2. How we use information

To provide and operate the Service, including authentication, tenant isolation, billing, invoicing, document signing and messaging features you activate.

To communicate with you about your account: signup confirmations, payment receipts and failures, suspension notices and material product or legal updates.

To secure the platform: detecting unauthorized access attempts, enforcing rate limits and auditing administrative actions.

We do not sell personal data, and we do not use Customer Data for advertising.

3. Legal bases

We process account and billing data to perform our contract with you; technical and security data based on our legitimate interest in protecting the Service; and other data with your consent where required by applicable law, including Israel’s Privacy Protection Law.

4. Sub-processors and sharing

We use a small number of service providers to operate the platform: Google Cloud / Firebase (hosting, database, file storage — data hosted in Google Cloud data centers), Stripe (payment processing), Resend (transactional email) and Cloudflare (networking and DDoS protection). Each processes data only as needed to provide its function.

If your workspace activates the WhatsApp integration, message content is exchanged with your connected messaging provider. We may also disclose information when required by law or to protect the rights and safety of LeadLink, our customers or the public.

5. Data security

All traffic is encrypted in transit (TLS). Data is stored on Google Cloud infrastructure with encryption at rest. Access to tenant data is isolated per workspace and enforced by server-side security rules; passwords are hashed with bcrypt; administrative platform access is restricted and audited.

No system is perfectly secure. If we become aware of a breach affecting your personal data we will notify you as required by applicable law.

6. Data retention

Account and Customer Data are retained for as long as your workspace is active. After cancellation you may request an export within 30 days; afterwards we may delete the workspace data, except records we must keep for legal, accounting or security purposes (such as issued tax documents and audit logs).

7. Your rights

Subject to applicable law, you may request access to, correction of, export of, or deletion of personal data we hold about you. Workspace users should direct requests about data stored by their business to that business; we will assist the workspace owner in fulfilling them.

To exercise these rights, contact us through the website contact form. We will respond within the timeframes required by law.

8. Cookies and local storage

The Service uses cookies and browser local storage strictly for operating the platform: keeping you signed in, remembering your language preference and securing sessions. We do not use third-party advertising or cross-site tracking cookies.

9. Children

The Service is intended for businesses and is not directed at children under 18. We do not knowingly collect personal data from children.

10. Changes and contact

We may update this policy from time to time; material changes will be announced through the Service or by email before they take effect. Questions about privacy can be sent through the contact form on the website.