Effective Date: [Insert Effective Date]
Last Updated: [Insert Last Updated Date]
This Privacy Policy explains how Lead Stats IO LLC, a California corporation (“Lead Stats,” “we,” “us,” or “our”), collects, uses, discloses, stores, protects, and otherwise processes information in connection with our websites, applications, software-as-a-service platform, marketing automation tools, communications tools, integrations, APIs, and related services.
This Privacy Policy applies to information processed through or in connection with:
any other Lead Stats website, subdomain, application, or service that links to this Privacy Policy; and
related support, onboarding, professional services, consulting, hosting, communications, and integration services.
Together, these are referred to as the “Services.”
If you do not agree with this Privacy Policy, do not access or use the Services.
Lead Stats provides an enterprise software platform that allows customers to manage business workflows, marketing automation, customer communications, analytics, reporting, integrations, and related operational activities.
Depending on the context, Lead Stats may act as:
a service provider or processor when we process Customer Data on behalf of our customers under a customer agreement; and
a business or controller when we process information for our own account administration, billing, security, product improvement, marketing, legal compliance, and business operations.
Our customers are responsible for determining what information they upload to, configure within, or send through the Services, including the content, recipients, timing, and legal basis for any communications sent through the platform.
We may collect the following categories of information.
When you create an account, request access, sign a contract, complete onboarding, or use the Services, we may collect information such as:
name;
business name;
job title;
email address;
phone number;
mailing address;
username, password, and authentication details;
organization, team, role, permissions, and user settings; and
other information you provide during registration, onboarding, support, or account management.
“Customer Data” or “Services Data” means data that customers, users, administrators, or authorized integrations submit to, upload to, transmit through, configure within, or make available to the Services.
Customer Data may include:
contact records;
lead, prospect, customer, or business contact information;
email addresses and phone numbers;
communication preferences, consent status, opt-in and opt-out records;
campaign, journey, workflow, and automation configuration;
email, SMS, webhook, Slack, or other message content configured by users;
message delivery, engagement, bounce, unsubscribe, suppression, and analytics data;
call, text, email, and workflow activity history;
notes, tags, metadata, and segmentation criteria; and
other information submitted by or on behalf of a customer.
Customers are responsible for ensuring they have all rights, permissions, notices, consents, and legal bases required to provide Customer Data to Lead Stats and to use the Services to process that Customer Data.
If you use the Services to configure or send communications, we may process information required to provide, secure, log, troubleshoot, and improve those communications, including:
sender and recipient identifiers;
recipient email addresses, phone numbers, Slack workspace or channel identifiers, webhook endpoints, and similar routing information;
subject lines, message bodies, templates, attachments, merge fields, personalization fields, and campaign metadata;
delivery status, timestamps, error codes, bounce information, unsubscribe events, replies where supported, and engagement metrics;
audit logs showing which user configured, approved, scheduled, sent, modified, or deleted a campaign, journey, workflow, or integration; and
compliance metadata, such as consent source, opt-in date, opt-out date, suppression status, and communication preference records.
When you connect third-party services to Lead Stats, we may collect and process information necessary to authenticate the connection, provide the integration, and perform the actions you authorize.
Depending on the integration, this may include:
OAuth access tokens, refresh tokens, tenant IDs, account IDs, workspace IDs, sender identities, and connected account email addresses;
integration configuration settings;
API request and response metadata;
integration status, error logs, and delivery logs; and
information returned by the third-party service that is required to provide the integration.
We request only the permissions that we believe are reasonably necessary to provide the integration features selected by the customer or user.
We may collect billing contact information, subscription plan information, invoices, payment status, transaction metadata, and related billing records. Payment card information may be processed by our payment processors. We do not intentionally store full payment card numbers unless expressly stated at the time of collection.
When you use the Services, we may collect information such as:
IP address;
device identifiers;
browser type;
operating system;
referring and exit pages;
pages, screens, and features accessed;
clicks, cursor activity, session activity, and product usage events;
dates and times of access;
authentication events;
API activity;
system logs; and
diagnostic, performance, and security logs.
We use this information to provide support, secure the Services, monitor performance, improve usability, detect abuse, troubleshoot issues, and maintain auditability.
We may use cookies, web beacons, pixels, local storage, session replay technologies, analytics technologies, and similar tools to operate the Services, authenticate users, remember preferences, improve performance, understand usage, provide support, and measure marketing effectiveness.
You may be able to configure your browser to reject cookies or notify you when cookies are being used. Some features of the Services may not function properly without cookies.
We may use information for the following purposes:
to provide, operate, maintain, secure, and improve the Services;
to create and administer accounts;
to authenticate users and manage access controls;
to configure, send, route, log, and analyze communications selected by customers or users;
to provide marketing automation, workflow automation, reporting, analytics, integrations, and related platform functionality;
to process billing, payments, subscriptions, renewals, and account administration;
to provide customer support, troubleshooting, onboarding, training, and professional services;
to monitor system performance and availability;
to detect, prevent, and investigate fraud, abuse, security incidents, unauthorized access, spam, harmful communications, or policy violations;
to maintain audit logs, consent records, suppression lists, unsubscribe records, and compliance records;
to communicate with customers and users about the Services, including service notices, security notices, product updates, and administrative messages;
to send our own marketing communications where permitted by law and subject to applicable opt-out rights;
to comply with legal, regulatory, contractual, and law enforcement obligations;
to enforce our agreements and policies; and
for other purposes with notice or consent where required by law.
We do not sell Customer Data. We do not use Customer Data submitted by one customer to market to another customer’s contacts.
The Services may allow customers and authorized users to send or trigger emails, text messages, webhooks, Slack messages, and other communications.
Customers are responsible for:
determining the lawful basis for their communications;
obtaining and documenting required opt-ins, consents, authorizations, and permissions;
honoring unsubscribe, opt-out, suppression, and do-not-contact requests;
ensuring message content is accurate, lawful, non-deceptive, and compliant with applicable laws and platform policies;
configuring appropriate sending rules, frequency limits, quiet hours, segmentation, and suppression lists;
maintaining accurate contact data and communication preference data;
ensuring they do not upload or use purchased, scraped, unlawfully obtained, or prohibited contact lists; and
complying with applicable email, SMS, telemarketing, privacy, consumer protection, anti-spam, and communications laws.
Lead Stats provides tools that may help customers manage consent, suppression, and communication preferences, but customers remain responsible for their own communications and legal compliance unless otherwise expressly stated in a written agreement.
When you connect a Gmail account to Lead Stats, we request the following Google OAuth scopes:
gmail.send: used solely to send emails from your connected Gmail account on your behalf as part of the journeys, workflows, campaigns, and messages you configure inside Lead Stats; and
userinfo.email: used solely to display which Gmail account is connected inside the Lead Stats user interface and to associate that connected account with your Lead Stats account or organization.
We do not request Gmail scopes that allow us to read, list, search, delete, or modify messages in your Gmail mailbox unless we provide separate notice and obtain any required authorization.
Lead Stats uses Google user data only to provide and improve user-facing features that you request or enable. Specifically:
we use the gmail.send permission solely to send emails from your connected Gmail account on your behalf;
we use the connected account email address solely to identify and display the connected account and administer the integration;
we use related technical metadata, logs, and delivery status information to operate, secure, troubleshoot, and audit the Gmail integration; and
we do not use Google user data for advertising, retargeting, or unrelated marketing purposes.
We do not read, list, search, or modify the contents of your Gmail mailbox when only the gmail.send and userinfo.email scopes are connected.
We store OAuth access tokens, refresh tokens, connected account identifiers, and related integration metadata in encrypted form or using other security controls designed to protect the confidentiality and integrity of those credentials.
We retain message templates, campaign configuration, delivery logs, analytics, audit logs, and related operational records only as reasonably necessary to provide the Services, maintain compliance records, troubleshoot delivery, support customer reporting, enforce our agreements, and comply with legal obligations.
We do not store the contents of messages sent through Gmail beyond what is required to provide the Services, including message configuration, delivery logging, analytics, auditability, compliance records, and customer support.
We do not sell Google user data. We do not transfer Google user data to third parties except:
as necessary to provide or maintain the Services;
to service providers acting on our behalf under appropriate confidentiality and data protection obligations;
as directed or authorized by the customer or user;
as required by law; or
as necessary to protect the rights, safety, security, and integrity of Lead Stats, our customers, users, or others.
We do not use Google user data to train generalized artificial intelligence or machine-learning models. Google user data is accessed by Lead Stats personnel only when required to provide support, security, debugging, compliance, or troubleshooting, and where permitted by our access controls, customer agreement, and applicable law.
You can disconnect your Gmail account at any time from the applicable settings or connections page in Lead Stats. Disconnecting the Gmail account disables the integration and causes Lead Stats to revoke or delete stored Google OAuth tokens in accordance with our technical processes.
You may also revoke Lead Stats’ access directly through your Google account permissions page.
Following disconnection or deletion, we may retain limited records where reasonably necessary for security, audit logs, legal compliance, dispute resolution, backup integrity, billing, enforcement of our agreements, or to maintain suppression, unsubscribe, and consent records.
Lead Stats’ use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.
If you connect a Microsoft 365, Outlook, Exchange, or Microsoft Graph account to Lead Stats, we may request permissions required to provide the specific integration features you enable, such as sending email, displaying the connected account, authenticating users, or performing workflow actions authorized by your organization.
We use Microsoft account data only to provide the integration, authenticate the user or tenant, send or route messages as configured, maintain security and audit logs, troubleshoot errors, and administer the connected account.
We do not use Microsoft 365 user data for advertising or unrelated marketing. We do not sell Microsoft 365 user data. We do not use Microsoft 365 user data to train generalized artificial intelligence or machine-learning models.
Administrators or users may disconnect Microsoft integrations through the applicable Lead Stats settings page or through Microsoft account or tenant administration controls. Upon disconnection, we revoke or delete stored OAuth tokens in accordance with our technical processes, subject to legally required or operationally necessary retention.
The Services may allow customers to send or trigger SMS, MMS, voice, or other messaging communications through third-party communications providers.
When customers use these features, we may process:
sender and recipient phone numbers;
message content;
consent and opt-in records;
opt-out and suppression records;
delivery status, carrier response codes, timestamps, and error logs;
campaign, workflow, and automation metadata; and
other information required to route, deliver, secure, troubleshoot, and audit communications.
Customers are responsible for ensuring that all SMS, MMS, voice, and similar communications comply with applicable laws, carrier rules, industry standards, and provider policies, including requirements related to consent, identification, message content, opt-out instructions, prohibited content, quiet hours, and recordkeeping.
Lead Stats may suspend, restrict, or terminate messaging functionality where we believe communications may violate applicable law, provider requirements, platform policies, or our agreements.
Customers may connect Lead Stats to Slack, webhook endpoints, APIs, CRMs, data warehouses, analytics tools, communication tools, or other third-party services.
When an integration is enabled, Lead Stats may send, receive, store, or process information necessary to perform the configured integration, including account identifiers, workspace identifiers, channel identifiers, webhook URLs, API keys, tokens, payloads, event metadata, message content, delivery logs, and error logs.
Customers are responsible for the services they connect, the endpoints they configure, the data they transmit, and the permissions they grant to Lead Stats or third-party providers.
We may disclose information as follows:
We may disclose information to vendors, subprocessors, contractors, and service providers that perform services for us or on our behalf, such as cloud hosting, database hosting, payment processing, email delivery, SMS delivery, analytics, security, logging, customer support, monitoring, professional services, and infrastructure operations.
These providers are authorized to process information only as necessary to provide services to Lead Stats and are subject to contractual obligations designed to protect the information.
If you use the Services through an organization, we may disclose account, usage, audit, support, and Customer Data to that organization and its authorized administrators.
We may disclose information when customers or users configure the Services to do so, including when they send communications, trigger webhooks, connect integrations, export data, invite users, or authorize third-party services.
We may disclose information if we believe disclosure is reasonably necessary to:
comply with applicable law, subpoena, court order, governmental request, or legal process;
enforce our agreements or policies;
detect, prevent, or investigate fraud, abuse, spam, security incidents, unauthorized access, or harmful activity;
protect the rights, property, safety, or security of Lead Stats, our customers, users, or others; or
support audits, compliance reviews, investigations, or dispute resolution.
We may disclose or transfer information in connection with a merger, acquisition, financing, reorganization, sale of assets, bankruptcy, or similar business transaction, subject to appropriate protections for the information.
We maintain administrative, technical, and organizational safeguards designed to protect information against unauthorized access, loss, misuse, alteration, or disclosure.
These safeguards may include, as appropriate:
encryption in transit;
encryption at rest for sensitive data and credentials;
access controls based on role and business need;
authentication controls;
audit logging;
network and application security controls;
vulnerability management;
security monitoring;
incident response processes;
employee confidentiality obligations; and
vendor and subprocessor review.
No method of transmission or storage is completely secure. We cannot guarantee absolute security, but we work to protect information using safeguards appropriate to the nature of the information and the Services.
Lead Stats maintains a security program designed to support enterprise customers and align with commonly recognized security and privacy control frameworks, including SOC 2 Trust Services Criteria where applicable.
Unless expressly stated in a signed agreement, security report, or trust center made available by Lead Stats, references to SOC 2, audit readiness, or control alignment do not mean that Lead Stats has completed a SOC 2 examination or received a SOC 2 report.
Where Lead Stats has completed a third-party audit or maintains security documentation, access may be made available to eligible customers under appropriate confidentiality terms.
The Services may process personal information, personally identifiable information, or similar information depending on how customers configure and use the Services.
Customers should not submit highly sensitive information to the Services unless the relevant customer agreement expressly permits it and the customer has confirmed that the Services are appropriate for that use.
Unless expressly agreed in writing, the Services are not intended to collect or store:
payment card numbers outside approved payment workflows;
government identification numbers;
protected health information subject to HIPAA;
financial account credentials;
passwords or security credentials for third-party systems other than approved integration credentials;
children’s personal information; or
other highly sensitive information not required for use of the Services.
Customers are responsible for configuring the Services to avoid collecting unnecessary sensitive information and for obtaining any required notices, consents, authorizations, and approvals.
Payment card information, where required for billing, is processed by third-party payment processors. Lead Stats does not intentionally store full payment card numbers unless expressly stated at the time of collection.
Customers should not use the Services to collect, transmit, or store payment card information in message content, workflow fields, notes, webhook payloads, or other unapproved areas of the platform.
We retain information for as long as reasonably necessary to provide the Services, fulfill the purposes described in this Privacy Policy, comply with legal obligations, resolve disputes, enforce agreements, maintain security, support auditability, and preserve business records.
Retention periods may vary depending on the type of information, customer configuration, contractual commitments, legal requirements, backup schedules, and operational needs.
Upon termination of a customer account, we will delete or return Customer Data in accordance with the applicable customer agreement, technical capabilities, legal requirements, and standard backup and deletion processes.
We may retain limited information after account closure where necessary for billing, tax, audit logs, security, fraud prevention, legal compliance, dispute resolution, enforcement of agreements, suppression lists, unsubscribe records, or consent records.
Customers may access, export, correct, or delete certain Customer Data through the Services, depending on account permissions and product functionality.
End users, recipients, or individuals whose information is processed by a Lead Stats customer should direct requests regarding their personal information to that customer, because the customer controls the purposes and means of processing that information.
Where Lead Stats acts as a controller or business for its own processing, individuals may contact us using the information below to request access, correction, deletion, or other rights available under applicable law.
We may need to verify your identity and authority before fulfilling a request. Some information may be exempt from deletion or access requests where permitted by law.
Lead Stats and its service providers may process and store information in the United States and other locations where we or our providers operate.
If information is transferred across borders, we use appropriate safeguards as required by applicable law and the relevant customer agreement.
We do not use Customer Data, Google user data, Microsoft 365 user data, message content, contact lists, or communication recipient data to train generalized artificial intelligence or machine-learning models.
If Lead Stats offers optional AI-assisted features, we will describe the feature, the data processed, and any applicable customer controls in the product, documentation, agreement, or other notice.
We do not use Google user data to serve advertisements, including retargeting, personalized, or interest-based advertising.
We may send customers, users, and business contacts emails or other communications about Lead Stats products, services, updates, events, and educational content where permitted by law.
You may opt out of marketing emails by using the unsubscribe link in the email or contacting us. We may still send transactional, administrative, security, billing, or service-related messages.
The Services are not directed to children under 13, and we do not knowingly collect personal information from children under 13. Customers may not use the Services to knowingly collect or process children’s personal information unless expressly authorized in writing by Lead Stats and permitted by applicable law.
The Services may link to or integrate with third-party websites, platforms, APIs, or services. This Privacy Policy does not apply to the privacy practices of third parties. Customers and users should review the privacy policies and terms of any third-party services they connect to or access through the Services.
We may update this Privacy Policy from time to time. The updated version will be posted on our website with an updated “Last Updated” date.
If we make material changes, we may provide additional notice, such as by email, in-product notice, or other reasonable means. Continued use of the Services after an updated Privacy Policy becomes effective means that you acknowledge the updated Privacy Policy to the extent permitted by law.
If you have questions or concerns about this Privacy Policy or our privacy practices, contact us at:
Lead Stats IO LLC
134 Three Degree Rd
Pittsburgh, PA 15237
United States
Phone: 866-678-1288
Email: support@leadstats.io
