Privacy Policy

1. Definitions

To ensure clarity, we define the following terms used throughout this Policy:

• "Service": The Leadr Ai platform, including our website (aileadr.com), web application, and the Leadr AI mobile application available on iOS and Android.
• Service Professional ("Pro"): Any business or individual entity using the Leadr Ai platform to manage their leads.
• Lead Data / API Data: Any information related to a potential customer, including name, contact info, and project details, received via Partner Platforms (Thumbtack, Yelp, etc.).
• Partner Platforms: Third-party lead generation services (e.g., Thumbtack, Yelp) that connect to Leadr Ai via authorized APIs.
• AI Providers: Secure third-party processors (e.g., Google Gemini, OpenAI, ElevenLabs) utilized for real-time natural language processing.

2. Information Collection & Sources

We collect and process the following categories of information:

• Identifiers: Name, business email, phone number, and IP addresses. (Source: User, Partner Platforms).
• Commercial Information: Lead project types, service categories, and quote history. (Source: Partner Platforms).
• Internet Activity: Interactions with our website, log files, and diagnostic data. (Source: Cookies/Usage logs).
• Geolocation Data: Approximate location based on IP address or lead ZIP code. (Source: Partner Platforms).
• Voice & Call Data: Call recordings, transcriptions, call duration, caller/recipient phone numbers, and call outcomes (answered, voicemail, declined). (Source: Twilio, ElevenLabs).

3. Business Purposes for Processing

We process your data and Lead Data for the following specific purposes:

• Service Provision: To automate lead responses, schedule bookings, and synchronize data across Partner Platforms.
• Platform Security: To detect fraud, prevent unauthorized access, and maintain service integrity.
• Technical Support: To resolve issues and respond to Pro inquiries.
• Compliance: To satisfy legal obligations and partner platform requirements.

4. CCPA / California Privacy Rights

Leadr Ai does not "sell" or "share" personal information for cross-context behavioral advertising. We may disclose personal information to service providers/processors to operate the Service, under contractual restrictions. As a California resident, you have the right to:

• Right to Know: Request access to the specific pieces of personal information we have collected.
• Right to Delete: Request the deletion of your personal information (subject to legal exceptions like billing and security logs).
• Right to Correct: Request that we correct inaccurate personal information.

To exercise these rights, please email [email protected]. We will verify your identity via your registered business email and respond within 45 days.

5. AI Processing and No-Training Commitment

We use third-party AI providers solely to generate responses and perform real-time text processing. We configure and contractually require our AI providers to not use Lead Data to train their generalized AI/ML models, where such controls are available under the provider’s terms for API customers. Where an AI provider does not offer a no-training control for a given service, we will not use that service for processing Lead Data.

We minimize the data sent to AI providers, and when feasible, remove or mask non-essential identifiers prior to processing. We do not intentionally submit Lead Data for provider training.

6. Push Notifications (Mobile App)

If you use the Leadr AI mobile application, we may send push notifications to your device to alert you about new leads, messages, and important account updates. You can manage or disable push notifications at any time through your device settings or within the app. We do not use push notifications for advertising purposes.

7. SMS Communications

7.1 For End Users (SMS Recipients / Consumers)

Leadr AI LLC sends text messages (SMS) on behalf of home service professionals to end users who have submitted a service request through third-party platforms such as Thumbtack, Yelp, or Angi. By submitting a service request and providing your phone number on these platforms, you consent to receive SMS messages from the matched service professional via the Leadr AI platform.

Message types include: initial responses to your service inquiry, appointment scheduling and confirmations, follow-up messages related to your request, and service reminders. Message frequency varies depending on the nature of your service request. Message and data rates may apply.

You may reply STOP at any time to opt out of receiving further SMS communications. For help, reply HELP or contact support at [email protected].

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. Mobile phone numbers, SMS message logs, and opt-in/opt-out status are used exclusively for delivering the Service and are never sold, shared, or used for advertising. Leadr AI LLC does not sell, share, or use end-user mobile information for any purpose other than delivering the requested service communications.

Consent and Opt-In Data Protection: All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

7.2 For Service Professionals (Platform Users)

If you are a Service Professional using the Leadr AI platform, we may send you SMS notifications related to your account, including new lead alerts, appointment reminders, and system notifications. Message frequency varies. Message and data rates may apply. Reply STOP to opt out, HELP for help.

7A. Voice Calls & Call Recordings

The Service may initiate automated voice calls using AI-generated speech to facilitate communication between Service Professionals and their leads. We collect and process the following voice-related data:

• Call Metadata: Phone numbers, call timestamps, duration, and call disposition (answered, voicemail, no answer).
• Call Recordings: Voice conversations may be recorded for quality assurance, compliance verification, and dispute resolution. Recordings are stored encrypted (AES-256) and retained for up to 12 months, unless a longer retention period is required by law or requested by the Service Professional.
• Transcriptions: Call recordings may be transcribed using third-party speech-to-text services (Google Cloud Speech-to-Text). Transcription data is processed in real-time and stored alongside the corresponding lead record.
• AI Voice Processing: Voice interactions may be processed through ElevenLabs for real-time conversational AI. Audio data sent to ElevenLabs is processed in real-time and is not retained by ElevenLabs for training purposes under our enterprise agreement.

Where required by applicable law (including two-party consent states such as California, Florida, and Illinois), an automated disclosure is played at the beginning of recorded calls.

8. Cookies and Tracking

We do not use third-party advertising cookies. We do not track you across other websites for the purpose of targeted advertising.

8.1 Analytics and Service Providers

We use privacy-focused analytics (such as PostHog) to understand product performance and improve the Service. These providers act as our service providers/processors and are contractually restricted from using the data for their own purposes. We do not use third-party advertising cookies or enable cross-context behavioral advertising.

9. Data Retention

We retain different categories of data for different periods based on legal requirements and business need:

• Message Archives: De-identified message logs (timestamps, delivery status, message type) are retained for up to 2 years for legal compliance and dispute resolution (TCPA statute of limitations). When Partner Platform data deletion is triggered (see Section 10), all personally identifiable information (names, phone numbers, project details) is removed from archives within the applicable deletion window, while de-identified audit records are retained.
• Call Recordings: Retained for up to 12 months, encrypted at rest. Upon Partner Platform data deletion, recordings containing PII are deleted within the applicable deletion window.
• TCPA Consent & Opt-Out Logs: Retained indefinitely to protect against regulatory claims.
• AI Pipeline Metadata: AI reply analytics retained for up to 1 year; aggregated insights retained for up to 6 months.
• Billing Records: Retained as required by applicable tax and financial regulations.

10. Partner API Data Deletion Standards (Thumbtack & Yelp)

We maintain strict data deletion or de-identification standards for data received via Partner Platform APIs in our active systems following termination of your integration or a verified compliance request:

• Thumbtack: Data is deleted or de-identified within five (5) business days.
• Yelp: Data is deleted or de-identified within thirty (30) days or upon request.

Exceptions apply where limited retention is required for security, fraud prevention, legal compliance, dispute resolution, or as required by law. Residual copies may persist temporarily in encrypted backups and disaster recovery systems, but will not be restored to active processing. Backups are rotated and overwritten on a scheduled basis consistent with our backup retention policy.

Retention of Records: Detailed logs of TCPA consents and opt-outs are kept indefinitely to protect the Pro and the platform against legal claims.

11. Data Security and Safeguards

We implement a robust security framework including:

• Encryption: AES-256 for data at rest and TLS 1.2+ for data in transit.
• RBAC: Role-Based Access Control to ensure only authorized personnel can access sensitive data.
• Audit Logging: Continuous monitoring of all administrative and API actions.
• Secrets Management: Use of hardware-backed vaults for API keys and credentials.
• Vendor Due Diligence: Periodic review of key subprocessors’ security posture (e.g., SOC 2 / ISO reports where available).

12. International Transfers

Leadr Ai is hosted on secure US-based cloud infrastructure providers. For users outside the United States, we utilize Standard Contractual Clauses (SCCs) to ensure that data transferred abroad receives the same level of protection as mandated by GDPR or CCPA.

13. Google API Services User Data Policy (Limited Use Disclosure)

Leadr AI's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

This applies to all data we receive from Google Workspace APIs (including Google Calendar, Gmail, and any other Google service we integrate with). We do not use raw or derived user data received from Google APIs to develop, improve, or train generalized AI/ML models, and we do not transfer such data except as necessary to provide or improve user-facing features that are prominent in our application's user interface, or as required by law.