Privacy Policy

Last updated: March 30, 2026

1. Introduction

LeadHunter AI ("we", "us", "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, store, and share your information when you use our AI-powered lead generation and sales outreach platform ("the Service").

This policy complies with the General Data Protection Regulation (GDPR), the California Consumer Privacy Act (CCPA), and other applicable data protection laws.

2. Data We Collect

2.1 Account Data

  • Email address (required for account creation)
  • Full name (optional, for profile personalization)
  • Hashed password (stored securely via Supabase Auth)
  • Subscription plan and billing history (processed by Stripe)

2.2 Usage Data

  • Search queries (business categories, locations)
  • Lead generation results and saved leads
  • Campaign configurations and outreach history
  • Credit usage and transaction records

2.3 Third-Party OAuth Data

  • Gmail OAuth tokens (encrypted, used only for sending/reading outreach emails)
  • Gmail email address (displayed in your account settings)

3. Third-Party Services

We use the following third-party services to deliver functionality:

Google Places API

Used to find real business data (names, addresses, phone numbers, websites, ratings). Data is subject to Google's Privacy Policy.

Hunter.io

Used to find verified business email addresses from public website data. Subject to Hunter.io's Privacy Policy.

Gmail API

Used to send outreach emails and monitor replies on your behalf, via your own Gmail account. We store OAuth refresh tokens securely and never read emails unrelated to outreach campaigns.

Anthropic (Claude AI)

Used to generate lead scores and compose outreach emails. Business data is sent to Claude for analysis; Claude does not store or retain this data beyond the API call.

Stripe

Used for payment processing. We never store your credit card details directly. All payment data is handled by Stripe in compliance with PCI DSS standards.

Supabase

Hosts our database and authentication system. Data is encrypted at rest and in transit. Supabase is SOC 2 Type II compliant.

4. Cookies

We use the following cookies:

  • Authentication cookies — Essential. Maintain your login session. Set by Supabase Auth.
  • Cookie consent — Essential. Remembers your cookie preference. Set by LeadHunter AI.

We do not use advertising, analytics, or tracking cookies.

5. How We Use Your Data

  • To provide and maintain the Service
  • To process lead searches and return business data
  • To send outreach emails on your behalf via your connected Gmail
  • To manage your subscription and billing
  • To send transactional emails (welcome, credit alerts, etc.)
  • To improve the Service and fix bugs

6. Data Retention

Account data is retained as long as your account is active. Cached lead data (Google Places / Hunter.io results) is automatically purged after 30 days. Upon account deletion, all personal data is removed within 30 days. Aggregated, anonymized data may be retained for analytics.

7. Your Rights (GDPR / CCPA)

You have the right to:

  • Access — Request a copy of your personal data
  • Rectification — Correct inaccurate data via Account settings
  • Erasure — Delete your account and all associated data
  • Portability — Export your leads as CSV
  • Objection — Object to processing of your data
  • Withdraw consent — Disconnect Gmail, decline cookies, or delete your account at any time

To exercise these rights, contact us at privacy@leadhunterai.comor use the relevant controls in your Account settings.

8. Data Security

We implement industry-standard security measures including encryption at rest and in transit, Row Level Security (RLS) on all database tables, secure OAuth token storage, and rate limiting on all API endpoints. Gmail tokens are encrypted and refreshed automatically.

9. International Transfers

Data may be processed in the United States and other countries where our service providers operate. We ensure appropriate safeguards are in place for international data transfers in accordance with GDPR.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect data from children.

11. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email. The "Last updated" date at the top reflects the most recent revision.

12. Contact Us

For privacy-related inquiries:
privacy@leadhunterai.com