Privacy Policy

This privacy policy explains the type, scope and purpose of the processing of personal data when using our website and the SaaS platform LeadTS. Personal data means all information relating to an identified or identifiable natural person. Processing is carried out in accordance with the General Data Protection Regulation (GDPR) and applicable national data protection laws.

LeadTS processes personal data depending on the specific processing context. As controller For the following processing activities, we act as an independent controller: * website and visitor data * contract and billing data * customer data * user account data * support and communication data * marketing and analytics data (where used) As processor Where customers process personal data of third parties (e.g. leads, contacts, prospects) within LeadTS, we act as a processor pursuant to Art. 28 GDPR. In such cases, processing is carried out exclusively on the customer's instructions.

When creating and using a user account, we process in particular: * email address * password (stored only in hashed form) * display name / name * profile information * language settings * optional avatar/profile image data Legal basis: Art. 6(1)(b) GDPR

Where our customers process personal data of third parties within the platform, this takes place as processing on behalf pursuant to Art. 28 GDPR. A corresponding data processing agreement (DPA) is provided.

If you contact us, we process your details to handle your request. This includes in particular: * name * email address * communication content * support/ticket information Legal basis: Art. 6(1)(b) GDPR / Art. 6(1)(f) GDPR

Primary processing of platform data takes place in data centers within the European Union, in particular Frankfurt am Main.

We take appropriate technical and organizational measures to protect personal data, including in particular: * TLS/HTTPS encryption * access restrictions * role and authorization concepts * authentication and session management * security monitoring / logging * protection against unauthorized API/webhook access * regular security updates

Vercel Analytics / Speed Insights We use analytics and performance services from Vercel to evaluate technical usage and performance data of our website. This may include in particular: * technical usage data * browser and device information * page views * load times / performance metrics * referrer information Processing is based on our legitimate interest in technical optimization and stability of our website pursuant to Art. 6(1)(f) GDPR, where consent is not required. Google Search Console We use Google Search Console for technical analysis, SEO and monitoring the discoverability of our website in search engines. Aggregated search and performance data is processed. We do not perform direct personal profiling in this context. Legal basis: Art. 6(1)(f) GDPR

Providing certain personal data is required for conclusion and performance of the contractual relationship. Without this data, use of the platform may be impossible in whole or in part.

Data subjects have the following rights: * access pursuant to Art. 15 GDPR * rectification pursuant to Art. 16 GDPR * erasure pursuant to Art. 17 GDPR * restriction of processing pursuant to Art. 18 GDPR * data portability pursuant to Art. 20 GDPR * objection pursuant to Art. 21 GDPR * withdrawal of consent pursuant to Art. 7(3) GDPR Requests to: support@leadts.com

This section supplements the disclosures above and is intended to meet the transparency requirements of the Google API Services User Data Policy and the Google APIs Terms of Service for customers who connect a Google account to LeadTS. When this applies If you optionally connect Google to LeadTS (for example via OAuth through our integration provider Nango), LeadTS accesses limited Google user data as described below. Connecting Google is voluntary and used to ingest lead data from spreadsheets you select. LeadTS does not use Google Sign-In for website or app authentication. Data accessed (categories) * OAuth authorization data: When you authorize the integration, Google provides authorization artifacts needed to call Google APIs on your behalf (handled through Nango). * Google Drive (metadata): To help you pick a spreadsheet, we may list Google Drive items such as folders and spreadsheet files. We process identifiers and descriptive metadata returned by Google (for example file IDs, names, parent folder references, and web view links where provided by Google). * Google Sheets (content and structure for the selected spreadsheet only): We read spreadsheet metadata needed for setup (for example worksheet/tab titles) and cell values from the specific spreadsheet and range you configure in LeadTS. * What we do not access: LeadTS does not access, collect, or use Gmail messages, Google Calendar, Google Contacts, Google Photos, YouTube, or other Google services beyond the Drive/Sheets functionality described here. How we use Google user data (purposes and processing) * Google Sheets lead source: We use the data solely to (1) establish and maintain the connection you requested, (2) display selectable spreadsheets/folders in the product UI, and (3) read the configured sheet range to import rows as leads into your LeadTS workspace. * Secure operation: We use OAuth tokens/credentials only as required to perform these API calls. Token storage and refresh are handled by Nango as our OAuth/integration infrastructure. * No unrelated purposes: We do not sell Google user data. We do not use Google user data for advertising. We do not use Google user data to train generalized artificial intelligence or machine learning models. * Automated decisions: Importing rows does not constitute automated decision-making about individuals within the meaning of Art. 22 GDPR. Storage, sharing, and subprocessors * Our systems: Imported sheet rows are stored in LeadTS like other lead records you choose to process in the product, subject to this privacy policy and (where applicable) our DPA. * Nango: OAuth connection management and API proxying may involve processing by Nango (USA/EU). Disclosure is limited to what is necessary to provide the integration. * Google: API requests are processed by Google as the provider of Google Drive/Google Sheets. Retention and revocation You can disconnect the Google integration in LeadTS and/or revoke LeadTS access in your Google Account security settings. After disconnection, we stop initiating new data access via that connection (subject to reasonable technical propagation delays). Legal bases (GDPR) Where you connect Google as a LeadTS customer user, processing is typically based on Art. 6(1)(b) GDPR (performance of the contract) and/or Art. 6(1)(f) GDPR (legitimate interest in providing the integration you requested), depending on the processing context. If you have questions about this integration, contact: support@leadts.com