LeadVibe

Privacy Policy

Last updated: 2026-05-12

Template notice. Replace bracketed placeholders and have a lawyer review before relying on this for a production launch, especially if you serve EU/UK customers (GDPR) or California residents (CCPA).

1. Who We Are

LeadVibe is operated by [LEGAL_ENTITY_NAME], [LEGAL_ENTITY_ADDRESS]. Data controller contact: [PRIVACY_EMAIL].

2. Data We Collect

  • Account data: name, email, authentication tokens (via Clerk).
  • Billing data: Stripe customer/subscription identifiers. Card details are processed by Stripe; we never see them.
  • Workspace data: keywords, subreddits, monitors, lead records, AI drafts, notes.
  • Usage data: AI calls, plan usage counters.

3. How We Use Data

  • To provide the Service (run monitors, store leads, generate AI drafts).
  • To bill you and enforce plan limits.
  • To respond to support requests.
  • To improve and secure the Service.

4. Sub-Processors

We share data with the following sub-processors:

  • Convex — application database and backend.
  • Clerk — authentication and session management.
  • Stripe — payment processing.
  • OpenRouter — AI gateway that routes intent analysis and reply drafting to the underlying model providers (e.g. OpenAI, Anthropic).
  • Apify — LinkedIn post scraping (Pro plan only).
  • Reddit — public post data via the Reddit API.

5. Legal Basis (GDPR)

We process data under the following bases: contract (to provide the Service), legitimate interests (to secure and improve the Service), and consent (for non-essential cookies and marketing communications).

6. Your Rights

Where GDPR or comparable law applies, you have the right to access, rectify, delete, restrict, port, and object to processing of your personal data. You can export or delete your data from the Settings page, or email us at [PRIVACY_EMAIL]. You may also lodge a complaint with your local data protection authority.

7. Data Retention

We retain account data while your account is active. After deletion, we erase personal data within 30 days, except where retention is required by law (e.g. tax records).

8. International Transfers

Our sub-processors may process data outside your country. Where required, we rely on Standard Contractual Clauses or equivalent safeguards.

9. Security

We use industry-standard practices including encryption in transit (HTTPS), encryption at rest via our infrastructure providers, and access controls. No system is perfectly secure; report vulnerabilities to [SECURITY_EMAIL].

10. Cookies

We use essential cookies for authentication (Clerk) and billing (Stripe). Non-essential analytics cookies are set only with your consent. See the cookie banner shown on first visit.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them.

12. Changes

We will notify you of material changes by email or in-app notice.

13. Contact

Privacy questions: [PRIVACY_EMAIL].