Privacy Policy
Last updated: April 2026
1. Introduction
Leadora AG ("we", "us", "our"), a company based in Switzerland, is committed to protecting your privacy. This Privacy Policy explains how we collect, use, store, and safeguard your personal information when you use our platform at useleadora.com.
2. Information We Collect
We collect: Account Information (name, email, password, company name) provided during registration. Lead Data (names, emails, phone numbers, messages) you enter about your prospects. Usage Data (features used, AI requests, login timestamps, IP addresses). Cookies for authentication, session management, and language preference only — we do not use tracking or marketing cookies.
3. How We Use Your Information
We use your information to: provide and improve the Service, generate AI reply suggestions, process payments via Stripe, send transactional emails (account updates, billing notifications), analyze usage patterns, and comply with legal obligations. We do not sell, rent, or share your data for advertising purposes.
4. Data Storage and Infrastructure
Your data is stored on secure servers in the EU and Switzerland with encryption at rest (AES-256) and in transit (TLS 1.3). We use row-level security (RLS) for data isolation between users. Our infrastructure is built on Supabase, which maintains SOC 2 Type II compliance.
5. Third-Party Providers
We share data with: Supabase (database and auth), Stripe (payments — we do not store credit card details), OpenAI (AI generation — real-time processing, not stored for training), and Cloudflare (CDN and hosting). We have data processing agreements with all providers.
6. AI Data Processing
When you use AI features, your data is sent to OpenAI for real-time processing. This data is NOT stored by OpenAI for training AI models. OpenAI retains data for 30 days for abuse prevention only. We do not permit OpenAI to use your data to train models.
7. Cookies
We use only essential cookies: authentication (to keep you logged in) and locale preference (to remember your language). We do not use tracking pixels, heat maps, session recordings, or analytics cookies.
8. Your Data Rights
Under GDPR and the Swiss Data Protection Act, you have the right to: access, rectify, erase, port, and object to the processing of your personal data. You can withdraw consent at any time. To exercise these rights, contact [email protected]. We respond within 30 days.
9. Data Retention
We retain your data while your account is active. After deletion or cancellation, data is kept for 30 days for reactivation, then permanently deleted unless required by law.
10. Security
We implement SSL/TLS encryption, AES-256 at rest, row-level security, regular security audits, bcrypt password hashing, and multi-factor authentication. No system is 100% secure — contact us immediately if you suspect your account is compromised.
11. Children’s Privacy
The Service is not intended for children under 13. We do not knowingly collect information from children under 13. If discovered, we will delete such information and terminate the account.
12. International Transfer
Your data is stored and processed in the EU and Switzerland. By using the Service from outside the EU/Switzerland, you consent to this transfer.
13. Changes
We may update this Privacy Policy. Material changes will be communicated via email or in-app notice. Continued use constitutes acceptance.
14. Contact
For privacy inquiries, data requests, or to report a breach, contact [email protected]. You also have the right to lodge a complaint with your local data protection authority.