Privacy Policy

Last Updated: December 3, 2025

Lead Machine ("we," "our," or "us") provides a lead-capture and automated follow-up platform for businesses. This Privacy Policy explains how we collect, use, disclose, and protect personal information when you use our service, website, dashboards, and embeddable widgets.

1. Information We Collect

We collect the following categories of data:

1.1 Information You Provide

  • Business account details (name, email, phone)
  • Lead information submitted through your widget:
    • Name
    • Email
    • Phone number
    • Message content
  • Metadata (timestamps, status changes)
  • Billing information (collected securely by Stripe; we never store card numbers)

1.2 Automatically Collected Information

  • IP address
  • Browser and device type
  • Interaction with widgets and dashboards
  • Usage logs for:
    • AI responses
    • Message delivery
    • System events
    • Error logs

1.3 Information from Third Parties

We integrate with third-party processors, including:

  • Supabase – authentication & database
  • Stripe – billing & subscription management
  • Twilio – SMS delivery
  • Resend – email delivery
  • Upstash – rate limiting & request tracking
  • Anthropic – AI message generation

We may receive metadata from these services (delivery status, IDs, timestamps).

2. How We Use Information

We use data to:

  • Provide lead capture and automated messaging
  • Generate AI responses for your customers
  • Display your dashboard analytics
  • Deliver SMS messages, emails, and notifications
  • Process payments and subscriptions
  • Improve reliability, performance, and security
  • Comply with legal and regulatory requirements

We never sell personal data.

3. Data Sharing

We share data only with the service providers listed above. Each processes data solely on our behalf.

We may also share information:

  • To comply with a lawful request
  • To prevent fraud, abuse, or security threats
  • During a business transfer or acquisition

4. Data Retention

We retain:

  • Lead records: as long as your account is active, or until you delete them
  • Business account data: until account deletion
  • Billing / transaction data: 7 years (legal requirement)
  • Logs (AI, SMS, error logs): 30–180 days, depending on purpose

You may delete leads or request account deletion at any time.

5. Data Security

We use modern security practices:

  • Encryption in transit (HTTPS/TLS)
  • Supabase Postgres with RLS
  • Secure auth sessions
  • Rate limiting (Upstash)
  • Access logging
  • Secure API key handling
  • Least-privilege permissions
  • Isolated serverless functions

6. Your Rights

You may:

  • Access your data
  • Correct inaccurate data
  • Request deletion
  • Request export of your data

To exercise rights, contact us at support@leadmachine.ai.

7. AI Disclosures

Leads may receive AI-generated messages. We do not use your data to train public models. Anthropic processes data only to generate outputs and does not store message content long-term.

8. Children's Privacy

We do not knowingly collect data from children under 13.

9. California Residents – Your Privacy Rights (CCPA/CPRA)

If you are a resident of California, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA).

Information We Collect — CCPA Categories

In the past 12 months, we have collected the following categories of personal information:

  • Identifiers: name, email address, phone number, account credentials
  • Commercial Information: subscription details, transaction history (Stripe)
  • Internet/Device Activity: IP address, browser type, usage logs
  • Geolocation Data: approximate location inferred from IP
  • Message Content: lead messages, AI-generated replies, communication metadata
  • Inferences: analytics insights derived from usage

We do not sell or share personal information as defined by CCPA/CPRA.

Sources of Personal Information

We collect personal information from:

  • You when you submit information
  • Leads who use your widget
  • Third-party processors (Supabase, Stripe, Twilio, Resend, Upstash, Anthropic)
  • Automatic collection via cookies, logs, and usage tracking

Business Purposes for Collection

We use personal information to:

  • Provide the Lead Machine service
  • Deliver automated messages (SMS/email)
  • Generate AI responses
  • Process payments
  • Maintain security and integrity of the platform
  • Perform analytics and usage monitoring
  • Comply with legal obligations

Your California Rights

California residents may request:

  • Access — a copy of the personal information we have collected
  • Deletion — request that we delete your personal information
  • Correction — fix inaccurate personal information
  • Opt-Out of Sharing — we do not sell or "share" data for cross-context behavioral advertising
  • Limit Use of Sensitive Data — we do not process sensitive personal data for unrelated purposes
  • Non-Discrimination — we will not discriminate against you for exercising your rights

How to Submit a Request

You may submit a request by contacting: support@leadmachine.ai

We will verify your identity before fulfilling any request. Authorized agents may submit requests on your behalf with proper documentation.

10. Contact Us

For privacy inquiries, contact: support@leadmachine.ai