Privacy Policy

Last updated: April 16, 2026

Welcome to LeafDrop (“we,” “us,” or “our”), operated at leafdrop.io. LeafDrop is an autonomous prospecting agent that delivers fresh, hyper-local business leads — filtered by category, location, and review count — straight to your inbox every week. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

1. Information We Collect

1.1 Information You Provide

  • Account & Registration Data: name, email address, password, and billing information when you sign up or subscribe.
  • Prospecting Preferences: business categories, geographic targets, review count filters, and any other parameters you configure for your lead campaigns.
  • Communications: messages you send to our support team or through in-app feedback forms.

1.2 Information Collected Automatically

  • Usage Data: pages visited, features used, clicks, scroll depth, and session duration.
  • Device & Log Data: IP address, browser type and version, operating system, referring URLs, and timestamps.
  • Cookies & Tracking Technologies: see Section 4 for details.

1.3 Lead Data We Process on Your Behalf

Our service scrapes and aggregates publicly available business information (business name, address, phone number, website, category, and review metrics) from public directories. This data is processed to generate your requested lead reports and is not personal data of our subscribers.

2. How We Use Your Information

  • Provide, operate, and maintain the LeafDrop service.
  • Process subscriptions, payments, and deliver weekly lead reports to your inbox.
  • Personalize lead campaigns based on your filters and preferences.
  • Send transactional emails (order confirmations, report delivery, password resets).
  • Send marketing communications about new features or offers — you may opt out at any time via the unsubscribe link in each email.
  • Monitor and analyze usage to improve product performance and user experience.
  • Detect, prevent, and address fraud, abuse, or security incidents.
  • Comply with applicable legal obligations.

3. How We Share Your Information

We do not sell your personal information. We may share your data only in the following limited circumstances:

  • Service Providers: trusted third-party vendors who process data on our behalf (e.g., payment processors, email delivery providers, cloud hosting, analytics platforms). These parties are contractually bound to keep your data confidential and to use it only to perform services for us.
  • Business Transfers: if LeafDrop is involved in a merger, acquisition, or asset sale, your information may be transferred. We will notify you before your data becomes subject to a different privacy policy.
  • Legal Compliance: when required by law, court order, or governmental authority, or to protect the rights, property, or safety of LeafDrop, our users, or the public.
  • Consent: with any other party when you have given us explicit permission to do so.

4. Cookies & Tracking Technologies

We use cookies and similar tracking technologies to operate and improve our service:

  • Strictly Necessary Cookies: required for authentication and session management. Cannot be disabled.
  • Analytics Cookies: help us understand how visitors interact with the site (e.g., page views, feature usage). We use tools such as PostHog or similar privacy-respecting analytics.
  • Preference Cookies: remember your settings and personalization choices across visits.

You can control or delete cookies through your browser settings. Disabling analytics cookies will not affect your ability to use the service. To opt out of analytics tracking, you may also use a browser extension such as uBlock Origin.

5. Data Security

We implement industry-standard technical and organizational measures to protect your personal data, including:

  • Encryption in transit (TLS 1.2+) and at rest (AES-256).
  • Role-based access controls limiting data access to authorized personnel.
  • Regular security reviews and vulnerability assessments.
  • Secure payment processing through PCI-DSS-compliant payment providers.

No method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee its absolute security. In the event of a data breach that affects your rights, we will notify you as required by applicable law.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Correction: request that we correct inaccurate or incomplete data.
  • Deletion: request that we delete your personal data, subject to certain legal exceptions.
  • Portability: receive your data in a structured, machine-readable format.
  • Restriction / Objection: restrict or object to certain types of processing, including direct marketing.
  • Withdraw Consent: where processing is based on consent, withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, please contact us at privacy@leafdrop.io. We will respond within 30 days. Residents of California (CCPA), the European Economic Area, or the United Kingdom (GDPR/UK GDPR) may have additional rights under applicable law.

7. Data Retention

We retain your personal data for as long as your account is active or as necessary to provide our services. After account closure we retain data for up to 90 days to allow for account recovery, then delete or anonymize it, unless we are required to retain it longer by law (e.g., tax or financial records retained for up to 7 years).

8. Children's Privacy

LeafDrop is not directed to children under the age of 16. We do not knowingly collect personal information from children. If you believe we have inadvertently collected data from a child under 16, please contact us immediately at privacy@leafdrop.io and we will delete it promptly.

9. International Data Transfers

LeafDrop operates in the United States. If you are accessing our service from outside the US, your data may be transferred to and processed in the US or other countries where our service providers operate. We rely on appropriate safeguards (such as Standard Contractual Clauses for EEA/UK transfers) to protect your data during international transfers.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will notify you by updating the “Last updated” date at the top of this page and, where appropriate, by sending you an email notification. We encourage you to review this policy periodically. Your continued use of LeafDrop after changes are posted constitutes your acceptance of the revised policy.

11. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

LeafDrop
Email: privacy@leafdrop.io
Website: https://leafdrop.io