Privacy Policy

Information We Collect from Platform Users

When you create and use a Leadelivery account, we collect the following categories of personally identifiable information (PII):

• Name
• Email address
• Phone number
• Password (stored in hashed form only)
• Account preferences, including timezone and display theme settings

Information Collected About Lead Subjects

Through campaigns configured by Platform Users, Leadelivery collects the following categories of PII about Lead Subjects (individuals whose data is submitted to the platform):

• First name
• Last name
• Email address
• Phone number
• US state
• Campaign-specific custom fields, which may include insurance type, income, and other configurable data points as defined by the Platform User

Data Sources

Lead Subject data is collected from the following sources:

• Webhook submissions from external systems
• Facebook Lead Ads forms (via Meta OAuth integration authorized by the Platform User)

Additional Undeclared Fields (Extra Fields)

When lead data is submitted via webhook, any fields included in the payload that are not defined in the campaign's custom field schema are stored as metadata alongside the lead record. These "extra fields" may include identifiers such as UTM parameters, external system IDs, or other data points sent by the submitting system.

Facebook OAuth Data Access

When a Platform User connects their Facebook account via OAuth, Leadelivery receives access to their Facebook Lead Ads form submissions and associated lead data as authorized by the Platform User through the Meta consent flow.

Technical Data

The platform automatically collects technical data during use, including IP addresses, browser type, access timestamps, and service usage logs. This data is collected for security monitoring and service operation purposes.

Platform User Account Data

Platform User account data is used for the following purposes: authentication, service delivery, account management, and communication about the service.

Lead Subject Data Processing

Lead Subject data is processed for the following purposes:

• Storage within the associated campaign
• Rule-based distribution to configured delivery recipients
• Notification delivery (email, SMS, WhatsApp) to delivery recipients
• Real-time export to Google Sheets

Filtering and Distribution Rules

Lead data is filtered and distributed based on US state matching, delivery caps (daily and total), and priority rules configured by the Platform User.

No Sale of Data

Leadelivery does not sell Lead Subject data to third parties. Leadelivery processes data solely on behalf of the Platform User (the Data Controller).

Deduplication

Deduplication is performed within each campaign based on email or phone number (matching either field) to prevent duplicate lead entries. Duplicate submissions are rejected without being stored.

Legal Basis for Processing

Platform User data is processed under contractual necessity (to provide the service). Lead Subject data is processed under the legitimate interest of the Data Controller (Platform User) who configured the campaign and is responsible for obtaining proper consent from Lead Subjects.

Automated Processing

Lead distribution is performed through automated rule-based processing (state matching, cap evaluation, and priority ordering) without human review of individual leads. The Platform User configures all distribution rules.

Leadelivery integrates with the following third-party services to provide its lead distribution functionality:

Twilio (SMS and WhatsApp)

Lead data — including name, phone number, base fields, and campaign-configured custom fields relevant to the notification — is shared with Twilio for the purpose of delivering SMS and WhatsApp notifications to delivery recipients.

Google Sheets API

Lead data — including all base fields and custom fields — is shared with Google via the Sheets API for real-time lead tracking spreadsheets configured by the Platform User.

Meta / Facebook

Meta/Facebook provides lead data to Leadelivery when a Platform User authorizes the Facebook Lead Ads integration via OAuth. Data flows from Facebook to Leadelivery based on the Platform User's authorization.

Email Service Provider

Email notifications containing lead base fields and custom fields are sent to delivery recipients via the platform's email service provider.

Third-Party Responsibility

Each third-party service processes data according to their own privacy policies. Leadelivery is not responsible for their data practices beyond the scope of the integration. We encourage you to review their respective privacy policies:

• Meta Privacy Policy
• Twilio Privacy Policy
• Google Privacy Policy

Workspace Isolation

All data is stored in isolated workspaces per Platform User (multi-tenancy). One user cannot access another user's campaigns, leads, or deliveries.

Authentication and Access Control

Authentication is enforced via secure sessions (JWT) with automatic expiration. API access to webhook endpoints requires Bearer token authentication unique to each campaign.

Encryption

Data is transmitted over encrypted connections (HTTPS/TLS) between the platform, users, and third-party services. Stored data is protected using encryption at rest.

Password Security

Passwords are stored using industry-standard hashing algorithms and are never stored in plain text.

OAuth Token Storage

Facebook OAuth access tokens are stored in encrypted form and used solely for retrieving authorized Lead Ads data.

Breach Notification

In the event of a confirmed data breach affecting Platform User or Lead Subject data, Leadelivery will notify affected Platform Users via their registered email address within 72 hours of discovery and provide a description of the data affected and recommended actions.

Your Rights Under CCPA

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

• The right to know what personal information is collected about you
• The right to request deletion of your personal information
• The right to opt out of the sale of personal information (note: Leadelivery does not sell personal information)
• The right to non-discrimination for exercising your CCPA rights

How to Submit a Request

To submit a CCPA request (including access, deletion, and opt-out requests), please contact us at: privacy@leadelivery.com

Response Timeline

Leadelivery will respond to verified CCPA requests within 45 days as required by law. This period may be extended by an additional 45 days when reasonably necessary, with prior notice to the requestor.

Data Retention Policy

Lead data is retained for the duration of the Platform User's active account, and for up to 90 days after account termination or campaign deletion to allow for data export.

Account Deletion

Platform Users may request deletion of their account and all associated data by contacting support at privacy@leadelivery.com. Deletion requests will be acknowledged within 10 business days and completed within 30 days of verification.

Lead Subject Requests

Lead Subjects may contact Leadelivery to request information about or deletion of their personal data. Such requests will be forwarded to the relevant Platform User (Data Controller) within 5 business days for action.

The following disclosures apply specifically to data obtained through the Facebook Lead Ads integration:

Authorization

Facebook Lead Ads data is collected only after explicit authorization by the Platform User through the Meta OAuth consent flow.

Exclusive Use

Facebook lead data is used exclusively for the purpose authorized by the Platform User: importing leads into their Leadelivery campaign for distribution according to their configured rules.

No Advertising or Profiling

Leadelivery does not use Facebook lead data for advertising, profiling, or any purpose other than the lead distribution service.

Revocation of Access

The Platform User may revoke Facebook access at any time by disconnecting the integration within their campaign settings or through their Facebook account settings.

Effect of Disconnection

Upon disconnection of the Facebook integration, no new leads will be imported from Facebook. Previously imported leads remain in the campaign unless explicitly deleted by the Platform User.

Meta Platform Terms Compliance

Leadelivery complies with Meta Platform Terms regarding the handling, storage, and deletion of data obtained through Facebook APIs.

Meta Deletion Requests

If Meta requests deletion of Facebook-sourced data (due to a user revoking app permissions, deleting their Facebook account, or a Meta platform compliance action), Leadelivery will delete the affected data within 30 days of receiving the request and notify the Platform User that the data has been removed from their campaign.