Privacy Policy
Last updated: 14 June 2026
1. Who we are
LeadScanner is operated by Philipp R. Stegmann (data controller). The full postal address and responsible-person details are listed in our Imprint.
Contact: hello@lead-scanner.com
2. Data we collect and store
- Account email address — used for magic-link authentication, billing communications, and account management.
- Scanned lead data — names, companies, titles, email addresses, phone numbers, and LinkedIn profiles collected via badge/card scanning and third-party enrichment. Stored in our EU database, isolated per account.
- Voice notes — audio recordings attached to leads (Pro plan). Stored encrypted in our database.
- Usage data — scan count, credit usage, subscription status. Used for billing and fair-use enforcement.
- Session cookie — one httpOnly, signed JWT that keeps you logged in after a magic link (90-day expiry).
- Analytics (optional, consent-based) — only if you accept the cookie banner, Google Tag Manager / Google Analytics may set analytics cookies. Decline and nothing analytics-related is loaded.
3. How we use your data
- To provide the LeadScanner service (scanning, enrichment, CRM push)
- To send you magic-link login emails
- To process your subscription and billing
- To enforce fair-use credit limits
- We do not sell your data. We do not use your scanned leads to enrich other users.
4. Data processors (sub-processors)
| Processor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting, edge delivery, cookieless web analytics | EU/US |
| Tag Manager / Analytics — only with your consent | US (SCC) | |
| Stripe | Payment processing and subscription management | US (SCC) |
| Resend | Magic-link transactional email | US (SCC) |
| Anthropic (Claude) | AI badge/card parsing via Vision API | US (SCC) |
| Explorium | Lead enrichment (email, phone, title, LinkedIn) | US (SCC) |
| Hunter.io | Email finder fallback for enrichment | EU |
| Zoho CRM | CRM push (when connected by user) | EU/US (user choice) |
| HubSpot | CRM push (when connected by user) | EU/US |
| Salesforce | CRM push (when connected by user) | US/EU |
| Pipedrive | CRM push (when connected by user) | EU/US |
US-based processors are covered by Standard Contractual Clauses (SCC) under GDPR Chapter V.
5. Your rights (GDPR)
- Right to access — export all your data as CSV from the app at any time.
- Right to erasure — delete your account and all associated data from Settings → Account.
- Right to portability — CSV export available anytime on all plans.
- Right to object / restrict processing — contact hello@lead-scanner.com.
- You may also lodge a complaint with your national data protection authority.
6. Data retention
Lead data and account data are retained for as long as your account is active. After account deletion all personal data is removed within 30 days. Billing records (Stripe) are retained for 7 years for tax/legal compliance.
7. Cookies
Essential: one signed, httpOnly session cookie keeps you logged in after a magic link (90-day expiry, or until logout). It is required for the app to function and is not used for tracking.
Analytics (optional): we use Google Tag Manager / Google Analytics and Vercel Web Analytics to understand product usage. Google analytics cookies are loaded only after you accept our cookie banner — you can decline at any time, and Vercel Web Analytics is cookieless. We never use advertising cookies.
8. Changes to this policy
We will notify you by email and update the "last updated" date above before any material changes take effect.