Privacy Policy
Last updated: June 2026 · [Company details to be added]
1. Who we are
[Company details to be added — legal entity name, address, registration number, data controller contact]
Contact: hello@lead-scanner.com
2. Data we collect and store
- Account email address — used for magic-link authentication, billing communications, and account management.
- Scanned lead data — names, companies, titles, email addresses, phone numbers, and LinkedIn profiles collected via badge/card scanning and third-party enrichment. Stored in our EU database, isolated per account.
- Voice notes — audio recordings attached to leads (Pro plan). Stored encrypted in our database.
- Usage data — scan count, credit usage, subscription status. Used for billing and fair-use enforcement.
- Session cookies — httpOnly, signed JWT, 30-day expiry. No tracking cookies.
3. How we use your data
- To provide the LeadScanner service (scanning, enrichment, CRM push)
- To send you magic-link login emails
- To process your subscription and billing
- To enforce fair-use credit limits
- We do not sell your data. We do not use your scanned leads to enrich other users.
4. Data processors (sub-processors)
| Processor | Purpose | Location |
|---|---|---|
| Vercel | Application hosting and edge delivery | EU/US |
| Stripe | Payment processing and subscription management | US (SCC) |
| Resend | Magic-link transactional email | US (SCC) |
| Anthropic (Claude) | AI badge/card parsing via Vision API | US (SCC) |
| Explorium | Lead enrichment (email, phone, title, LinkedIn) | US (SCC) |
| Hunter.io | Email finder fallback for enrichment | EU |
| Zoho CRM | CRM push (when connected by user) | EU/US (user choice) |
US-based processors are covered by Standard Contractual Clauses (SCC) under GDPR Chapter V.
5. Your rights (GDPR)
- Right to access — export all your data as CSV from the app at any time.
- Right to erasure — delete your account and all associated data from Settings → Account.
- Right to portability — CSV export available anytime on all plans.
- Right to object / restrict processing — contact hello@lead-scanner.com.
- You may also lodge a complaint with your national data protection authority.
6. Data retention
Lead data and account data are retained for as long as your account is active. After account deletion all personal data is removed within 30 days. Billing records (Stripe) are retained for 7 years for tax/legal compliance.
7. Cookies
We use one cookie: a signed httpOnly session cookie that authenticates you after clicking a magic link. It expires after 30 days or on logout. We do not use any tracking, advertising, or analytics cookies.
8. Changes to this policy
We will notify you by email and update the "last updated" date above before any material changes take effect.