Skip to content
Invite-only right now.Join waitlist

Legal

Privacy Policy

Effective date: April 27, 2026  ·  Leadspresso LLC  ·  Miami, Florida

1. Who We Are & Our Role

Leadspresso LLC (“Leadspresso,” “we,” “us,” or “our”) is a Florida limited liability company that provides a lead generation and lead tracking platform for service businesses. Our platform supports Google Ads and Meta (Facebook & Instagram) advertising campaigns, generated landing pages, inbound call and form tracking, and performance reports.

This Privacy Policy describes our information practices. Your use of the platform is governed by our Terms of Service, which incorporate this Privacy Policy by reference.

Controller vs. Processor. Leadspresso acts as a Data Controller for information about your account, your business, and your use of the platform. Leadspresso acts as a Data Processor (and a “Service Provider” under the California Consumer Privacy Act) for personal data about your end customers that you collect through Leadspresso-managed landing pages and tracking numbers (“Lead Data”). The terms of our processing of Lead Data on your behalf are set out in our Data Processing Agreement.

2. Information We Collect

Account & Business Information

When you create an account or complete onboarding, we collect:

  • Name and email address
  • Business name, address, phone number, and website
  • Business category and description
  • Your selected subscription plan and billing cycle

Ad Platform Credentials

To manage your advertising campaigns, you connect your Google Ads and/or Meta (Facebook) accounts via OAuth. We store the OAuth access tokens and refresh tokens necessary to act on your behalf on those platforms. We access only the permissions you explicitly grant and use them solely to manage campaigns as directed.

Lead Data

As part of our call tracking and lead attribution service, we process information about your customers who contact you through Leadspresso-managed tracking numbers or landing page forms. This may include:

  • Phone numbers and call recordings, made only after an automated consent disclosure (“This call may be recorded for quality and training purposes”) is played at the start of the call
  • Names, email addresses, and messages submitted via landing page forms
  • Source attribution data (which ad or campaign generated the lead)

You are the Controller of Lead Data; we process it on your behalf as your Processor. You are responsible for any additional notices to your end customers required by your jurisdiction or industry beyond the consent disclosure played at the start of recorded calls.

No Protected Health Information. The platform is not designed to receive Protected Health Information (PHI) as defined under HIPAA. You may not configure landing page forms, call tracking, or any other Leadspresso feature to collect PHI. See our Terms of Service for the full HIPAA-related restrictions on your use of the platform.

Payment Information

We use Stripe to process subscription payments. We do not store your credit card number, CVV, or full payment card details on our servers. Stripe collects and stores payment information subject to their own Privacy Policy.

Usage & Technical Data

We automatically collect certain information when you use the platform, including:

  • Log data (IP address, browser type, pages visited, timestamps)
  • Device and session identifiers
  • Feature usage patterns and click events (via PostHog analytics — not loaded for visitors from the European Economic Area or United Kingdom unless consent is provided)
  • Error reports and crash diagnostics (via Sentry)

Communications

When you contact us by email or through the platform, we retain those communications to provide support and improve our services.

3. How We Use Your Information

We use the information we collect to:

  • Create, manage, and optimize your Google Ads and Meta advertising campaigns
  • Generate ad landing pages tailored to your business
  • Provision and manage call tracking numbers
  • Attribute leads to specific campaigns and channels
  • Send you weekly performance reports, lead alerts, review alerts, and platform notifications via email and SMS
  • Process subscription payments and manage your billing
  • Provide customer support and respond to your inquiries
  • Detect and prevent fraud, abuse, and security incidents
  • Improve and develop our platform features
  • Comply with legal obligations

We do not “sell” or “share” your personal information as those terms are defined under the California Consumer Privacy Act, including for cross-context behavioral advertising. We do not use your data to serve you third-party advertisements unrelated to our platform.

We do not sell, rent, or share mobile opt-in data, SMS consent records, or registered Client mobile numbers with third parties or affiliates for their own marketing or promotional purposes.

Leadspresso account-holder SMS alerts are optional and sent only to your registered business mobile number. If you opt in, we may send transactional texts about new leads, weekly performance reports, and review alerts. Message frequency varies based on account activity, typically 0-10 messages per week. Message and data rates may apply. Reply HELP for help or email support@leadspresso.com. Reply STOP to opt out. SMS consent is not required to purchase or use Leadspresso and may be revoked at any time.

Leadspresso does not send SMS to your end customers under this account-holder notification campaign. Customer-facing SMS features, including missed-call text-back and review-request texts, require separate consent and a separate approved messaging campaign before use.

Your obligations regarding acceptable use of the platform — including prohibitions on reverse engineering, scraping, and unauthorized automated access — are set out in Section 6 of our Terms of Service.

4. How We Share Your Information

We share your information only with the third-party service providers (“Subprocessors”) necessary to operate the platform. Each provider is bound by its own privacy policy and data processing terms. The current list — including each provider's purpose, data categories processed, and processing location — is maintained at /subprocessors. We will provide at least thirty (30) days' advance notice before adding a new Subprocessor that processes Client or Lead Data.

The current Subprocessors are:

  • Google — for Google Ads campaign management and Google Business Profile services via the Google Ads API and Google My Business API.
  • Meta (Facebook) — for Facebook and Instagram advertising campaign management via the Meta Marketing API.
  • Stripe — for subscription billing and payment processing.
  • Twilio — for provisioning call tracking numbers, recording inbound calls (with the consent disclosure played at the start of each recorded call), and sending transactional SMS to the Client's registered mobile number for lead alerts, weekly performance reports, and review alerts. Leadspresso does not send SMS to your end customers under the account-holder notification campaign.
  • Resend — for delivering transactional emails (welcome, reports, alerts).
  • Supabase — for database storage, user authentication, and asset object storage.
  • Anthropic — for AI-generated ad copy and landing page content. Only business context (business name, type, city, state, budget, channel) is sent in prompts; we do not send your customers' personal data to Anthropic. Per Anthropic's API terms, content submitted through the platform is not used to train Anthropic's models. We also do not use your data to develop, improve, or train any in-house AI or machine learning models.
  • OpenAI — for AI-generated hero images on landing pages via the GPT-Image API. Business context only; no end-customer personal data is sent.
  • Pexels — for stock image fallback on landing pages (business-context search queries only).
  • Unsplash — for stock image fallback on landing pages (business-context search queries only).
  • PostHog — for product analytics and feature usage telemetry.
  • Sentry — for error monitoring and crash reporting.
  • Vercel — for application hosting, deployment, and edge networking.

Google API Services Limited Use Disclosure

Leadspresso's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. We use Google API data solely to provide the user-facing features of the Leadspresso platform. We do not use Google API data for serving advertisements, including retargeting or interest-based advertising. We do not transfer Google API data to third parties except as necessary to provide the platform, comply with applicable law, or as part of a merger, acquisition, or sale of assets with notice to users. We do not use Google API data to develop, improve, or train generalized AI/ML models.

Meta Marketing API Data Use

Data obtained through Meta OAuth connections — including ad account identifiers, campaign configurations, and performance metrics — is used exclusively to manage your Facebook and Instagram advertising campaigns on your behalf. We do not use Meta-sourced data for cross-context behavioral advertising, transfer it to third parties for independent advertising purposes, or use it to develop, improve, or train any AI or machine learning model.

Legal disclosures

We may disclose information if required by law, court order, or governmental authority, or to protect the rights, property, or safety of Leadspresso, our users, or the public.

5. Data Retention

We target the following retention periods and review stored data periodically for deletion. Account and business information is retained for as long as your account is active. When you cancel your subscription, account data is targeted for deletion or anonymization within thirty (30) days to allow for reactivation. Lead Data (call logs, call recordings, form submissions) is targeted for deletion twelve (12) months after collection, unless you request earlier deletion or we are required to retain it longer to comply with legal obligations or resolve disputes. Deletion may be performed through manual or automated processes.

These target retention windows are referenced in Section 11 of our Terms of Service (Termination). Certain records (billing history, legal correspondence) may be retained longer as required by applicable law.

6. Security

We implement the following technical and organizational security measures:

  • TLS 1.2 or higher for all data in transit
  • AES-256 encryption at rest for database records and stored assets
  • PostgreSQL row-level security policies restricting data access to the account owner
  • OAuth token storage with restricted, least-privilege platform permission scopes
  • Mandatory multi-factor authentication for administrative access
  • Centralized logging with anomaly alerts
  • Secrets stored only in managed secret stores (Vercel, Supabase) — never in source code
  • Regular dependency vulnerability scanning

Data breach notification. In the event of a confirmed data breach affecting your personal information, we will notify you without undue delay and in any event within seventy-two (72) hours of confirming the incident, providing a description of the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures taken to address it.

No method of electronic transmission or storage is 100% secure. While we take commercially reasonable steps to protect your information, we cannot guarantee absolute security.

Lead Data breach notification. In the event of a confirmed breach affecting Lead Data (personal data belonging to your end customers that we process on your behalf), we will notify you as the affected Client without undue delay and in any event within forty-eight (48) hours of confirming the incident. Our notification will provide sufficient detail — including the categories and approximate volume of Lead Data affected and the measures taken or planned — for you to meet your own obligations to notify affected individuals under applicable law.

7. International Data Transfers

Leadspresso is based in the United States and operates infrastructure primarily in the United States. If you access the platform from outside the United States, your information will be transferred to and processed in the United States, where data protection laws may differ from those of your jurisdiction. For transfers of personal data from the European Economic Area, the United Kingdom, or Switzerland to the United States, we rely on the European Commission's Standard Contractual Clauses (and the UK International Data Transfer Addendum where applicable), supplemented by reliance on the EU-US Data Privacy Framework where the recipient is certified.

8. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

  • Access — Request a copy of the personal information we hold about you.
  • Correction — Request correction of inaccurate or incomplete data.
  • Deletion — Request deletion of your personal data via our Data Deletion Request page, subject to our legal retention obligations.
  • Portability — Request your data in a structured, common format. Portability requests are fulfilled manually by our team; email us and we will provide your data within thirty (30) days.
  • Opt-out of communications — Unsubscribe from marketing emails at any time using the link in any email we send; email unsubscribe requests are honored within ten (10) business days. Transactional and operational emails related to your account cannot be disabled while your subscription is active. You may opt out of non-essential SMS by replying STOP; SMS opt-out requests are processed at the carrier level and honored within one business day.

U.S. State Privacy Rights

Residents of California, Virginia, Colorado, Connecticut, Utah, Texas, Oregon, and Florida have the rights described above (subject to applicability thresholds in each state's law). To exercise these rights, contact us at support@leadspresso.com or use the Data Deletion Request page. We will not discriminate against you for exercising your rights.

California (CCPA / CPRA)

In the preceding twelve (12) months we have collected the following categories of personal information, mapped to the categories defined in the California Consumer Privacy Act:

  • Identifiers — name, email, phone, account ID, IP address.
  • Commercial information — subscription plan, billing history.
  • Internet or other electronic network activity — log data, page views, click events, error reports.
  • Geolocation — coarse location inferred from IP for security and platform routing only.
  • Professional or employment-related information — business name, role, business contact details.
  • Audio data / Sensitive Personal Information — call recordings (Lead Data only, processed on behalf of the Client). Call recordings may contain sensitive personal information as defined under CPRA (e.g., health or financial information voluntarily disclosed during a call). Leadspresso processes call recordings solely to provide the call tracking and attribution service to the Client; we do not use them to infer characteristics about callers or for any purpose beyond service delivery. We do not sell, share, or disclose SPI for cross-context behavioral advertising.
  • Inferences — campaign performance attribution; aggregate usage analytics.

We collect this information from you directly, from your interactions with the platform, and (for Lead Data) from end customers who contact you through Leadspresso-managed channels. We do not sell or share personal information.

EEA / UK (GDPR)

Our legal basis for processing your data is contract performance (operating the service you subscribed to), legitimate interests (security, fraud prevention, platform improvement), and consent (for non-essential analytics cookies in the EEA/UK). You may also have the right to lodge a complaint with your local data protection authority.

9. Cookies & Tracking

We use cookies and similar technologies to operate the platform (authentication sessions), remember your preferences, and collect analytics data. We do not use advertising cookies and do not track you across third-party websites. Product analytics (PostHog) are loaded only for authenticated users within the dashboard; we do not deploy analytics tracking on our public marketing pages.

For visitors from the European Economic Area, the United Kingdom, and Switzerland, non-essential cookies (including analytics) are not loaded by default. We do not respond to Do Not Track browser signals because no industry standard for honoring such signals has been adopted; however, you can configure your browser to refuse cookies, which may prevent certain platform features from functioning correctly.

10. Children's Privacy

Our platform is intended for use by businesses and is not directed at individuals under the age of 18. Consistent with the Children's Online Privacy Protection Act (COPPA), we do not knowingly collect personal information from children under the age of 13. For minors aged 13 to 17, we do not knowingly collect personal information without verifiable parental consent where required by applicable law. If you believe a child has provided us with personal information, please contact us so we can delete it.

11. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will revise the effective date at the top of this page and, for material changes, notify you by email or a prominent notice within the platform. Your continued use of the platform after any update constitutes your acceptance of the revised policy.

12. Contact Us

If you have any questions about this Privacy Policy or your personal data, please contact us at:

This Privacy Policy is governed by the laws of the State of Florida, without regard to its conflict of law principles.

Leadspresso LLC
Principal place of business: Miami, Florida
Registered agent: c/o Northwest Registered Agent
7901 4th St N, Suite 300
St. Petersburg, FL 33702, United States
support@leadspresso.com