LeadFlowBETA
← Back to Home
Data Trust & Shield

Privacy Policy

Last updated: May 12, 2026

Information We Collect

When you create an account, we collect your name, email address, and organization details. When you use our CRM features, we process lead data, contact information, and business records that you import or create within the platform.

How We Use Your Information

  • Provide and maintain the LeadFlow CRM service
  • Process CSV imports, AI research, and lead scoring
  • Send transactional emails (welcome, import complete, task reminders)
  • Manage booking pages and calendar integrations
  • Improve our service and fix bugs

Google Calendar Integration

When you connect your Google Calendar, we request access to view your calendar availability and create events on your behalf:

Free/Busy Access (calendar.freebusy)

Used solely to check your availability (free/busy status) so we can display open time slots on your public booking page. We cannot see event titles, descriptions, or attendees — only whether a time slot is free or busy.

Event Creation (calendar.events)

Used solely to create a new calendar event with a Google Meet link when a lead books a meeting through your booking page. We only create events — we do not read, modify, or delete your existing events.

Email Address (userinfo.email)

Used to identify your Google account when connecting your calendar. No other profile information is accessed.

We do not read, store, share, or export any of your existing calendar events. Your Google Calendar data is not used for advertising, analytics, or any purpose other than booking.

You can disconnect Google Calendar at any time from Settings. We immediately stop accessing your data and delete stored access tokens.

LeadFlow CRM's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

AI Data Processing

When you use AI Research features, lead data (company name, website, contact info) is sent to OpenAI for analysis. We do notuse your data to train AI models. AI-generated insights are stored in your organization's database and are not shared with other users.

Data Storage & Security

  • Stored in Supabase (PostgreSQL) with Row Level Security for strict multi-tenant isolation
  • Encrypted in transit (TLS) and at rest
  • Protected by security headers, rate limiting, and input validation

Data Sharing

We do not sell your data. We share data only with service providers necessary to operate the platform:

Supabase

Database Infrastructure

OpenAI

Claude & LLM Integrations

Resend

Transactional Email Delivery

Google Calendar

Calendar Syncing

Your Rights

  • AccessExport your data at any time from Settings
  • DeletionRequest account deletion by contacting support
  • CorrectionUpdate your profile and organization data in Settings
  • PortabilityExport leads and contacts as CSV files
  • Revoke accessDisconnect third-party integrations at any time

Cookies

We use essential cookies only for authentication session management. No tracking cookies or third-party advertising cookies.

Data Retention

  • Active account data is retained as long as your account exists
  • Deleted leads can be restored from Trash
  • Permanently deleted data is removed within 30 days
  • Account data is deleted within 90 days of account closure
  • Google Calendar tokens are deleted immediately on disconnect

Changes to This Policy

We may update this policy from time to time. We will notify you of significant changes via email or in-app notification.

Contact Support

For privacy-related questions, contact us at webvoxelstudio.uk@gmail.com