Privacy Policy

Effective Date: January 13, 2026 | Version 3.0 (Audit Ready)

        Executive Summary for Partners: Leadr.ai acts strictly as an agent/service
            provider
        for the Service Professional. As between the Pro and Leadr.ai, the Pro retains rights in Lead Data. We strictly
        adhere to a 5-business-day data deletion standard for Thumbtack API data in our active systems
        upon termination or request. We do not sell data, nor do we use it for training generalized AI models.
    

1. Definitions

To ensure clarity, we define the following terms used throughout this Policy:

Service Professional ("Pro"): Any business or individual entity using the Leadr.ai platform to manage their leads.
Lead Data / API Data: Any information related to a potential customer, including name, contact info, and project details, received via Partner Platforms.
Partner Platforms: Third-party lead generation services (e.g., Thumbtack, Yelp) that connect to Leadr.ai via authorized APIs.
AI Providers: Secure third-party processors (e.g., OpenAI, Anthropic) utilized for real-time natural language processing.

2. Information Collection & Sources

We collect and process the following categories of information:

Identifiers: Name, business email, phone number, and IP addresses. (Source: User, Partner Platforms).
Commercial Information: Lead project types, service categories, and quote history. (Source: Partner Platforms).
Internet Activity: Interactions with our website, log files, and diagnostic data. (Source: Cookies/Usage logs).
Geolocation Data: Approximate location based on IP address or lead ZIP code. (Source: Partner Platforms).

3. Business Purposes for Processing

We process your data and Lead Data for the following specific purposes:

Service Provision: To automate lead responses, schedule bookings, and synchronize data across Partner Platforms.
Platform Security: To detect fraud, prevent unauthorized access, and maintain service integrity.
Technical Support: To resolve issues and respond to Pro inquiries.
Compliance: To satisfy legal obligations and partner platform requirements.

4. CCPA / California Privacy Rights

Leadr.ai does not "sell" or "share" personal information for cross-context behavioral advertising. We may disclose personal information to service providers/processors to operate the Service, under contractual restrictions. As a California resident, you have the right to:

Right to Know: Request access to the specific pieces of personal information we have collected.
Right to Delete: Request the deletion of your personal information (subject to legal exceptions like billing and security logs).
Right to Correct: Request that we correct inaccurate personal information.

To exercise these rights, please email contact@aileadr.com. We will verify your identity via your registered business email and respond within 45 days.

5. AI Processing and No-Training Commitment

We use third-party AI providers solely to generate responses and perform real-time text processing. We configure and contractually require our AI providers to not use Lead Data to train their generalized AI/ML models, where such controls are available under the provider’s terms for API customers. Where an AI provider does not offer a no-training control for a given service, we will not use that service for processing Lead Data.

We minimize the data sent to AI providers, and when feasible, remove or mask non-essential identifiers prior to processing. We do not intentionally submit Lead Data for provider training.

6. Cookies and Tracking

We do not use third-party advertising cookies. We do not track you across other websites for the purpose of targeted advertising.

6.1 Analytics and Service Providers

We use privacy-focused analytics (such as PostHog) to understand product performance and improve the Service. These providers act as our service providers/processors and are contractually restricted from using the data for their own purposes. We do not use third-party advertising cookies or enable cross-context behavioral advertising.

7. Thumbtack API Data Deletion Standard (5 Business Days)

We maintain a five (5) business day deletion or de-identification standard for Thumbtack API Data in our active systems following termination of your integration or a verified compliance request, except where limited retention is required for security, fraud prevention, legal compliance, dispute resolution, or as required by law. Residual copies may persist temporarily in encrypted backups and disaster recovery systems, but will not be restored to active processing. Backups are rotated and overwritten on a scheduled basis consistent with our backup retention policy.

Retention of Records: Detailed logs of TCPA consents and opt-outs are kept indefinitely to protect the Pro and the platform against legal claims.

8. Data Security and Safeguards

We implement a robust security framework including:

Encryption: AES-256 for data at rest and TLS 1.2+ for data in transit.
RBAC: Role-Based Access Control to ensure only authorized personnel can access sensitive data.
Audit Logging: Continuous monitoring of all administrative and API actions.
Secrets Management: Use of hardware-backed vaults for API keys and credentials.
Vendor Due Diligence: Periodic review of key subprocessors’ security posture (e.g., SOC 2 / ISO reports where available).

9. International Transfers

Leadr.ai is hosted on AWS (US-East Region). For users outside the United States, we utilize Standard Contractual Clauses (SCCs) to ensure that data transferred abroad receives the same level of protection as mandated by GDPR or CCPA.

Contact and Incident Response
Security incidents or privacy requests should be directed to:
Email: contact@aileadr.com
Response Time Goal: 48 hours for initial acknowledgment.