Privacy Policy

1. INTRODUCTION

This Privacy Policy outlines LeadLoft Inc.'s (referred to as "LeadLoft", "we", "us", or "our") practices regarding the collection, use, and disclosure of your information when you use our services. This policy is an integral part of LeadLoft's Terms of Service (together forming the "Agreement").

2. ABOUT LEADLOFT

LeadLoft is a data intelligence platform that operates in two capacities:

As a Data Controller: We collect, maintain, and determine the purposes and means of processing business profiles and contact information which we make available through our database, plugin, and Services.

As a Data Processor: We process data that our users import or upload to our platform, acting on their instructions to store, organize, and manage such data.

3. DEFINITIONS

To help you understand this Privacy Policy, we use the following terms:

• Services: All LeadLoft products, including our website, browser extension (the "Plugin"), database, and related tools.
• User: Any individual person who accesses or uses our Services, including through the browser extension or website.
• Organization: A business entity or account ("Workspace" )that has registered for LeadLoft Services, which may include multiple individual users.
• Team Member: An individual user who belongs to an organization account.
• Contact: An individual whose business information is contained in a Business Profile.
• Business Profile: Professional information about an individual, such as email address, name, telephone number, job title, company name, location, and social profile links.
• Controller: The entity that determines the purposes and means of processing personal data.
• Processor: The entity that processes personal data on behalf of the controller.

4. OUR ROLE AS A DATA CONTROLLER

4.1 Data We Collect as a Controller

As a data controller, we collect and maintain:

1. Business Profiles: Professional information about individuals collected from:
   • Publicly available sources
   • Licensed information from data partners
   • Data scraped using LeadLoft's Plugin or other Services
   • And other data collection mechanisms
2. Organization Registration Data: When an organization registers for our Services, we may collect:
   • Full name of the organization representative
   • Email address
   • Time zone
   • Phone number
   • Company name
   • Address
   • VAT number (if applicable)
   • Information regarding other organization team members
3. Technical Information:
   • Browser and device information
   • IP address
   • Access times
   • Pages viewed
   • Features used
   • Click data and other activity

4.2 How We Use Data as a Controller

As a controller, we use the data we collect to:

1. Provide and Improve Our Services:
   • Maintain and enrich our database of Business Profiles
   • Enable search and discovery of business contacts
   • Authenticate users and manage accounts
   • Analyze service usage to improve functionality
2. Communication:
   • Respond to inquiries and support requests
   • Send service updates and notifications
   • Provide marketing communications (with opt-out options)
3. Security and Compliance:
   • Detect and prevent fraudulent or illegal activities
   • Comply with legal obligations
   • Enforce our policies and terms

4.3 Data Sharing as a Controller

We may share data we control with:

1. Our Organizations: We share Business Profiles with organizations through our Services.
2. Service Providers: We engage vendors to help us provide our Services.
3. Affiliates: We may share with our subsidiaries and affiliated companies.
4. Business Transfers: In case of merger, acquisition, or asset sale.
5. Legal Requirements: When required by law or to protect rights.

5. OUR ROLE AS A DATA PROCESSOR

5.1 Data We Process on Behalf of Organizations

When organizations import or upload data to our platform, we act as a processor for:

1. Imported Data: Any lists of contacts or leads uploaded by organizations by file import, API, or otherwise.
2. Account Connections: Information from connected email accounts or LinkedIn profiles.
3. Communication Content: Email or message content when organizations connect their accounts.
4. Organization-Generated Content: Notes, tags, or other content created by organizations and their team members.
5. And any other data that may be added or saved to the organization's account.

5.2 How We Process Organization Data

As a processor, we:

1. Store and organize data according to organization instructions.
2. Display information within the organization's dashboard.
3. Facilitate communications from connected accounts.
4. Apply security measures to protect organization-imported data.

6. ACCOUNT CONNECTIONS & COMMUNICATION INTEGRATIONS

Account Credentials: Our various communication services, such as "Inbox", "Playbooks", and others, allow organizations to communicate with leads and contacts through both email and LinkedIn, automate outreach, and track communications in their account, also called an "Workspace" within the web application. In order to do so, we may collect email and LinkedIn credentials from team members.

Communication Activity: Organizations can send emails and LinkedIn messages through our various communication services, including the "Playbooks" and "Inbox" features, and get tracking information on them. We'll let them know if we think their communications have been opened, where and how many times. We may store the location of the person opening the emails using IP addresses. To respect their privacy, the IP addresses collected this way may be anonymized.

Conversation Storage: Organizations can share the conversations they have with contacts and leads in our service. To offer this feature, we store information regarding these communications such as the subject, body, message, attachments, sender and the recipient(s) for emails, and message content and participants for LinkedIn communications. If any team member's connected email or LinkedIn account has communication with an email address or LinkedIn URL associated with a contact in their organization's dashboard, LeadLoft will automatically sync this communication to the organization's dashboard.

Teams & Shared Communications: Organizations with multiple team members can view each other's email threads, LinkedIn messages, and conversations. This feature provides context and communication visibility among team members. If you do not wish for your team members to have access to your conversations, we advise that you do not connect your email or LinkedIn accounts to LeadLoft.

7. COOKIES AND TRACKING TECHNOLOGIES

We use cookies and similar technologies to enhance your experience with our Services:

1. Essential Cookies: Required for the operation of our Services.
2. Analytical Cookies: Help us understand how users interact with our Services.
3. Functional Cookies: Enable enhanced functionality and personalization.
4. Targeting Cookies: Used to deliver relevant advertisements or promotions.

You can adjust your browser settings to refuse cookies, though this may limit functionality.

8. DATA RETENTION

8.1 As a Controller

We retain Business Profiles and Organization Registration Data for as long as necessary to provide our Services, comply with legal obligations, resolve disputes, and enforce our agreements. Our standard retention period for personal information is 7 years from the date of processing.

8.2 As a Processor

Data imported by organizations is retained for as long as the organization maintains an active account with us, unless the organization deletes such data earlier. Following account termination, we may retain organization-imported data for a limited period to comply with legal obligations or for backup purposes.

9. YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

Depending on your location, you may have certain rights regarding your personal information. You can exercise these rights by contacting us at privacy@leadloft.com or by using our Personal Data Request form.

9.1 Rights for All Individuals

• Right of Access: Request information about what data we hold about you.
• Right of Rectification: Request correction of inaccurate information.
• Right of Erasure: Request deletion of your information (subject to certain conditions).
• Right of Restriction: Request limitation of how we use your data.
• Right to Object: Object to certain types of processing.

9.2 Additional Rights for Individuals in Certain Regions

Individuals in certain regions (such as the European Economic Area) may have additional rights under applicable laws such as the GDPR. For more information, please see our GDPR information page.

10. DATA SECURITY

We implement appropriate technical and organizational measures to protect your information. These measures include encryption, access controls, network security, and secure facilities. However, no method of transmission over the Internet or electronic storage is 100% secure, and we cannot guarantee absolute security.

11. INTERNATIONAL DATA TRANSFERS

LeadLoft operates globally, which may require the transfer of your information to countries with different data protection laws than your country of residence. When we transfer personal information across borders, we take steps to ensure that your information receives an adequate level of protection.

12. CHILDREN'S PRIVACY

Our Services are not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If you become aware that a child has provided us with personal information, please contact us at privacy@leadloft.com.

13. LINKS TO THIRD-PARTY WEBSITES

Our Services may contain links to third-party websites or services that are not owned or controlled by LeadLoft. We are not responsible for the privacy practices of such third parties. We encourage you to be aware of this when you leave our Services and to read the privacy policies of each website you visit.

14. CHANGES TO THIS PRIVACY POLICY

We may update this Privacy Policy from time to time. We will notify you of any changes by posting the new Privacy Policy on this page and, for material changes, by notifying you via email or through our Services. We encourage you to review this Privacy Policy periodically.

15. USE OF GOOGLE USER DATA

LeadLoft's use of information received, and LeadLoft’s transfer of information to any other app, from Google APIs will adhere to Google API Services User Data Policy, including the Limited Use requirements.

LeadLoft uses Google APIs to allow users to:

• Send emails;
• Archive emails;
• Schedule calendar events;
• Identify emails and calendar events related to user activities and display them within the app;
• Display emails and calendar events (that match contacts in our system) on the related lead's activity feed for everyone who is apart of the user's LeadLoft Workspace to view.

16. CONTACT US

If you have any questions or concerns about this Privacy Policy or our privacy practices, please contact us at:

Email: privacy@leadloft.com

Postal Address:
LeadLoft Inc.
13157 Mindanao Way #1106
Marina Del Rey, CA 90292

Last Updated: March 20th, 2025