Privacy Policy for LeadLock AI

Introduction

LeadLock AI Technologies LLC ("LeadLock AI," "LeadLock," "we," "us," or "our") respects your privacy and is committed to protecting personal information. This Privacy Policy explains how we collect, use, disclose, store, and protect personal information when you:

• visit our websites, landing pages, and hosted pages;
• use our products, software, applications, chat widgets, forms, calendars, portals, APIs, and services;
• interact with us by email, SMS, phone, chat, events, or social media;
• use customer-facing LeadLock assets such as forms, quote portals, booking pages, client portals, and widgets; or
• otherwise interact with LeadLock AI in a business or professional context.

This Privacy Policy also explains your choices and rights regarding your information.

If you do not agree with this Privacy Policy, please do not use our services.

This Privacy Policy is a general informational document and does not constitute legal advice. You should consult with a licensed attorney to ensure your own use of LeadLock and related contracts comply with applicable law.

1. Scope of This Privacy Policy

This Privacy Policy applies to personal information we collect and process in connection with our business and services.

Depending on the situation, LeadLock may act as:

A. Controller

We act as a controller when we decide how and why to process your personal information, such as when you:

• visit our website;
• request a demo;
• sign up for an account;
• contact us;
• subscribe to communications;
• use our public tools, analyzers, forms, or demos;
• attend an event;
• otherwise interact directly with us.

B. Processor / Service Provider

We act as a processor or service provider when our customers use LeadLock to collect, store, manage, analyze, or automate personal information in their own accounts. In those cases, we process data on behalf of our customers according to their instructions and applicable agreements.

For example, our customers may use LeadLock to process personal information through: CRM records; chat widgets; contact forms; booking forms and calendars; quote portals; client portals; SMS/email workflows; AI-assisted conversations; automation workflows; analytics and reporting.

If you are a lead, customer, website visitor, or end user interacting with one of our customers through LeadLock, that customer is typically the party responsible for how your information is collected and used. In that case, please contact that customer directly for privacy requests related to their account.

2. Information We Collect

We may collect the following categories of information.

A. Information You Provide Directly

You may provide us with: name; email address; phone number; mailing address; business name; company website; job title; billing information; support request details; content of messages, chats, calls, form submissions, or bookings; uploaded documents, files, images, or attachments; and any other information you voluntarily submit.

B. Account and Subscription Information

When you create or use an account, we may collect: account owner and user details; workspace or organization information; user role and permissions; login and authentication details; preferences and settings; subscription and billing status; and plan and feature entitlement data.

When a subscription trial is offered, we may record trial status and dates; the trial length is three (3) calendar days unless a different period is disclosed at signup or checkout.

C. CRM, Forms, Widget, and Customer Data

When our customers use LeadLock, we may process data they collect or store, such as: lead/contact information; customer communications; appointment details; quote and proposal information; notes, tags, status, stage, and tasks; uploaded files and attachments; form responses; booking details; widget/chat conversations; call metadata and call notes; and AI-generated summaries, classifications, or recommendations.

D. Usage and Device Data

We may automatically collect information such as: IP address; device identifiers; browser type and version; operating system; language settings; pages viewed; referring URLs; click activity; timestamps; access logs; app and feature usage metrics; and crash, diagnostic, and performance data.

For voice, SMS, and AI features, we may also process: call metadata and duration; routing and delivery records; message segments; AI request and response metadata necessary to provide summaries and automation; and usage metering tied to your plan (for example included Minutes, Credits, and billing periods). Transcripts or recordings may be generated where the product feature and applicable law allow.

E. Cookies and Similar Technologies

We and our service providers may use cookies, pixels, scripts, local storage, and similar technologies to: keep users signed in; remember preferences; measure site usage; improve performance; personalize user experience; understand campaign attribution; and support analytics and advertising.

F. Communications Data

If you communicate with us or through the platform, we may collect: message content; email metadata; SMS data; support conversation history; call recordings or transcripts, where applicable and lawful; and chatbot or AI interaction logs.

LeadLock may process communications through integrated third-party messaging and communication platforms used to transmit SMS messages, voice calls, call routing, notifications, and other communications initiated by customers through the LeadLock platform. These providers may process message content, message metadata, delivery status information, timestamps, sender and recipient phone numbers, and related routing data necessary to transmit communications. These communications providers act as service providers and process information only for the purpose of delivering communications and supporting platform functionality.

G. Publicly Available and Third-Party Data

We may receive information from: public websites and public business pages; social media profiles; integration partners; payment processors; analytics providers; advertising partners; anti-fraud vendors; enrichment or business data providers; referral partners; and customers who connect third-party applications. We do not knowingly collect information from private, access-restricted, or login-protected sources without authorization.

3. How We Use Information

We may use personal information for the following purposes:

A. To Provide and Operate the Services

Including to: create and manage accounts; host, maintain, and secure the platform; process form submissions, chats, leads, bookings, quotes, and other records; power automations, workflows, and customer-configured functionality; and provide reports, dashboards, analytics, and account features.

B. To Communicate With You

Including to: respond to inquiries; send support messages; deliver transactional notices; send security alerts; provide billing notices; and send administrative updates.

C. To Improve and Develop Our Services

Including to: troubleshoot and debug; monitor performance; evaluate feature usage; improve workflows and reliability; develop new products and functionality; and improve AI-assisted features.

D. To Personalize the Experience

Including to: suggest templates, playbooks, or workflows; recommend product features; tailor educational content; and improve onboarding experiences.

E. To Support AI and Automation Features

Where applicable, we may use information to support features such as: lead summaries; AI-generated replies; qualification scoring; booking suggestions; conversation analysis; follow-up recommendations; workflow recommendations; and website analysis results. We may use customer data to provide customer-requested AI and automation outputs. We do not use customer content to train generalized models for third parties unless expressly disclosed and agreed.

F. For Security and Fraud Prevention

Including to: verify users and sessions; detect abuse, spam, fraud, scraping, or unauthorized access; enforce rate limits and security controls; investigate incidents; and protect our services, users, and the public.

G. For Marketing and Promotion

Where permitted by law, we may use information to: send product updates, newsletters, or promotional emails; provide content and educational resources; measure campaign performance; and advertise our services. You may opt out of marketing communications at any time.

H. To Comply With Law and Enforce Rights

Including to: comply with legal obligations; respond to lawful requests; protect our rights, property, and safety; and enforce our Terms, contracts, and policies.

4. Legal Bases for Processing

Where required by applicable law, our legal bases for processing may include: your consent; performance of a contract; compliance with legal obligations; and legitimate interests, such as operating, improving, securing, and marketing our services, provided those interests are not overridden by your rights.

5. How We Share Information

We do not sell personal information in the ordinary meaning of "sell." We may share information in the following circumstances:

A. Service Providers and Subprocessors

We may share information with trusted service providers and subprocessors that help us operate, maintain, and deliver our services. These providers perform services on our behalf and are contractually required to protect personal information and use it only as necessary to provide services to LeadLock.

These service providers may include companies that provide:

• cloud hosting and infrastructure
• database and storage services
• authentication and identity management
• payment processing and billing systems
• email delivery and notification services
• SMS messaging and telecommunications infrastructure
• voice calling and call routing systems
• automation and workflow orchestration services
• artificial intelligence and machine learning services
• analytics, monitoring, and diagnostic tools
• logging, error tracking, and performance monitoring
• fraud prevention and security tools
• customer support and ticketing platforms

For example, LeadLock may utilize third-party providers to support messaging delivery (such as SMS and voice call infrastructure), workflow automation systems, payment processing, AI model services, and infrastructure hosting. These providers process limited information necessary to perform their services and do not have permission to use the data for their own independent purposes.

B. Customer-Directed Integrations

If a customer enables integrations or connected services, we may share data as required to fulfill the integration, based on that customer's instructions.

C. Business Transfers

If we are involved in a merger, acquisition, financing, restructuring, asset sale, bankruptcy, or similar event, personal information may be transferred as part of that transaction, subject to applicable protections.

D. Legal and Safety Reasons

We may disclose information if we believe disclosure is reasonably necessary to: comply with law, regulation, legal process, or court order; protect rights, safety, and property; investigate fraud or security issues; or enforce our agreements.

E. With Your Consent or at Your Direction

We may share information with third parties when you or our customer instruct us to do so.

6. Customer Data and Customer Responsibility

When our customers use LeadLock to collect and process personal information, they are generally responsible for: providing legally required notices; obtaining necessary consents; honoring user rights requests; configuring the service lawfully; and determining retention periods and lawful bases.

Customers are responsible for their own use of: forms; widgets; booking links; portals; quotes; messages; campaigns; workflows; integrations; and AI-generated outputs they choose to use.

If you submit information to a business using LeadLock, please contact that business directly for questions about how they handle your information.

7. LedgerAI (Finance & Billing Data)

LeadLock AI includes a built-in finance system called LedgerAI. This feature allows users to create invoices, track payments, and manage financial activity.

The following data may be stored when using LedgerAI:

• client contact information
• invoice details (amounts, descriptions, due dates)
• payment records
• transaction history
• account-related billing activity

This data is securely stored and is only accessible to the account owner and authorized users.

LeadLock AI does not sell, share, or distribute your financial data to third parties.

Limited processing by payment processors, fraud-prevention tools, or other subprocessors may occur solely as needed to operate LedgerAI and the services you enable, as described in Section 5 (How We Share Information); such processing is not for third-party marketing or unrelated resale of your financial information.

8. Your Data Ownership

You retain full ownership of your data.

All data entered into LeadLock AI — including leads, clients, invoices, and payments — belongs to you.

We do not claim ownership of your business data.

You may:

• access your data at any time
• export your data
• request deletion of your data

LeadLock AI acts only as a secure platform for storing and managing your information.

9. Cookies and Tracking Technologies

We may use cookies and similar technologies for: authentication; security; remembering preferences; analytics; performance; attribution; product improvement; and advertising, where applicable.

Some cookies are necessary for our website and services to function. Others are optional. You may manage cookie preferences through your browser or any cookie preference tools we make available. Blocking some cookies may affect functionality.

We may also use technologies such as: pixels; event tags; local storage; session storage; and analytics scripts.

For a description of how we treat CRM workspace and UI layout preferences stored in your browser (such as panel sizes and collapsed sections), see Local UI and workspace preferences.

Local UI and workspace preferences

When you use LeadLock web applications (including the CRM and operator-facing workspaces such as Control Tower), your browser may store interface preferences on your device using local storage or similar client-side mechanisms. These preferences may include: panel widths; whether sidebars or sections are collapsed or expanded; “focus” or full-width viewing modes; and other non-content layout state used to customize your workspace.

This information is stored locally in your browser profile. It is used only to restore your layout between sessions on that browser and is not used for targeted advertising, is not sold, and does not replace authentication or server-side account settings. Clearing site data, using private browsing, or switching browsers or devices will reset these preferences. In the future, we may optionally sync some preferences to your account on our servers; if we do, we will update this Privacy Policy and, where required, provide appropriate notice or consent mechanisms.

Product analytics, credits & operator access

We may record product analytics events (for example: pages viewed, features used, onboarding steps, and high-level usage) to operate, secure, and improve LeadLock. These events are stored with minimal identifiers and are not used to sell personal information. We avoid collecting secrets, passwords, full payment card numbers, or sensitive authentication material in analytics metadata.

Accounts may have a universal credit balance with an append-only ledger for transparency. Credits may be granted by authorized LeadLock operators for promotions, goodwill, or adjustments, and may be consumed when you use metered features according to your plan and our product rules. Customers can review balance and history in the app where available.

Operator console access is restricted to authorized LeadLock personnel. Operators may access account metadata needed for support, billing operations, fraud prevention, and service delivery. Operator actions are logged for security and accountability.

10. AI Features and Automated Processing

LeadLock includes AI-powered features. These may analyze or generate outputs based on customer-configured data and interactions.

We may use AI to:

• summarize communications;
• classify leads;
• generate suggested replies;
• recommend follow-up actions;
• suggest booking or scheduling actions;
• analyze websites or public business information;
• assist with reports and automation.

Important:

• AI outputs may be imperfect, incomplete, or inaccurate.
• Customers remain responsible for reviewing and using AI outputs appropriately.
• LeadLock does not guarantee that AI outputs are correct, complete, or suitable for legal, financial, medical, or other high-risk decisions.
• Customers should use human review where appropriate.

We may use third-party AI providers to support these features under appropriate contractual protections.

Calls, recordings, and AI voice processing

Voice & AI calls policy detail (updated March 30, 2026)When you enable AI phone answering, LeadLock AI and our telephony subprocessors (including Twilio) may process voice audio, transcriptions, and call metadata to operate the service. Calls may be transcribed and analyzed by automated systems (including AI) to capture lead information, route calls, and generate summaries in your CRM. We may retain call records, transcripts, and related logs for as long as your account is active and as needed for security, billing disputes, legal compliance, or as described in our retention practices. You are responsible for complying with applicable laws regarding call recording and consent in your jurisdiction and for configuring disclosures to your callers where required. Twilio acts as a subprocessor for telephony delivery; their processing is subject to Twilio's terms and policies.

10A. Website Voice Agent Data

If customers enable the AI Voice Website Agent, LeadLock may process visitor voice input (microphone audio converted to text), generated replies, transcript events, and related lead capture fields such as name, phone number, email, service request, urgency, and booking intent.

This processing supports requested platform functionality: voice conversations, text fallback, CRM timeline storage, lead qualification, booking handoff, and reporting. Customers are responsible for publishing consent and disclosure language required by their jurisdiction.

11. Data Retention

We retain information for as long as reasonably necessary for the purposes described in this Privacy Policy, including to: provide the services; maintain account records; comply with law; resolve disputes; enforce agreements; and support legitimate business operations.

Retention periods may vary depending on: the type of data; account settings; legal obligations; customer instructions; and system backups and archival requirements. When we no longer need information, we will delete, anonymize, or securely de-identify it, unless retention is required by law.

12. Data Security

We take data security seriously and implement industry-standard practices designed to protect your information.

This includes:

• secure database storage
• encrypted data transmission
• access control per account
• regular monitoring and protection measures

We also use reasonable administrative, technical, and organizational safeguards. These may include: access controls; encryption in transit; secure hosting environments; monitoring and logging; authentication controls; rate limiting; environment variable and secret management; and incident response processes.

However, no method of transmission or storage is completely secure, and we cannot guarantee absolute security. You are responsible for keeping your account credentials confidential and using strong security practices.

13. International Data Transfers

We may process and store information in the United States and other countries where we or our providers operate. Where required, we take reasonable steps to provide appropriate protections for international data transfers, which may include contractual safeguards and other legally recognized mechanisms.

By using the services, where permitted by law, you acknowledge that your information may be processed outside your jurisdiction.

14. Your Privacy Rights and Choices

Depending on where you live, you may have rights regarding your personal information, such as: access; correction; deletion; portability; restriction; objection to certain processing; withdrawal of consent; appeal of certain decisions; and opt-out of certain targeted advertising or sharing.

To exercise applicable rights, contact us using the information below. We may need to verify your identity before processing your request. If we process your information as a processor/service provider for one of our customers, you should direct your request to that customer first.

Marketing Communications

You may opt out of marketing emails by using the unsubscribe link in the message or by contacting us. You may still receive transactional or service-related communications.

15. U.S. State Privacy Rights

Residents of certain U.S. states may have specific rights under applicable state privacy laws. These may include rights to: know what personal information we collect; access and obtain a copy; delete personal information; correct inaccurate information; opt out of targeted advertising, profiling, or certain sharing; and appeal a denied request. We will not unlawfully discriminate against you for exercising applicable rights. Where required, we will honor valid requests consistent with applicable law.

16. California Privacy Notice

If you are a California resident, you may have rights under California law, including rights to know, delete, correct, and opt out of certain processing or sharing. We may collect categories of information such as: identifiers; commercial information; internet or network activity; geolocation data; professional information; communications; and inferences. We use and disclose this information for the business and commercial purposes described in this Privacy Policy. If required by law, we will honor requests to opt out of certain sharing or targeted advertising.

17. Children's Privacy

LeadLock is not directed to children under 16, and we do not knowingly collect personal information from children under 16 for our own purposes. If you believe a child has provided us information in violation of this section, contact us and we will take appropriate steps. Customers are responsible for ensuring their own use of LeadLock complies with laws applicable to children's data.

18. Third-Party Services and Links

Our services may contain links to third-party websites, embedded content, and integrations. We are not responsible for the privacy, security, or content practices of third parties. If you connect third-party services to LeadLock, your information may be processed by those providers according to their own terms and privacy notices. You are responsible for reviewing those third-party policies.

LeadLock integrates with various third-party service providers that enable core platform functionality such as communications delivery, automation workflows, AI features, payment processing, and infrastructure hosting. When customers enable these integrations or features, information necessary to operate those services may be transmitted to those providers according to customer configuration. These providers operate under their own privacy policies and contractual data protection obligations.

Examples include: Twilio (voice and SMS transport), Stripe (subscription and Credit purchases), OpenAI or other model providers when AI features are enabled, and cloud infrastructure vendors for hosting and backups. We do not sell user data to data brokers; we use these services to operate the product you subscribed to.

19. Public Content and User Responsibility

If you submit or publish content in public-facing areas, including public portals, testimonials, or community-style features, that information may be visible to others. Please use caution when submitting information in publicly accessible areas. Customers are responsible for configuring public pages, portals, forms, widgets, and content appropriately.

20. Data Accuracy and Customer Instructions

We rely on customers and users to provide accurate information and lawful instructions. LeadLock is not responsible for inaccurate, outdated, unlawful, or misleading data entered by customers or users. Customers remain responsible for their own compliance obligations regarding the personal information they collect and process through LeadLock.

21. Sensitive Information

Unless expressly required for an enabled feature and lawful purpose, please do not submit highly sensitive personal information through our public forms, widgets, or communications, including: government ID numbers; full payment card numbers; full financial account credentials; highly sensitive health information; biometric identifiers; or other data restricted by law. If customers choose to collect sensitive information, they are responsible for lawful collection, handling, and disclosure.

22. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we may notify users by posting the updated policy, updating the effective date, or by other appropriate means. Your continued use of the services after an update means the updated policy will apply, subject to applicable law.

23. Contact Us

If you have questions, requests, or privacy concerns, contact us at:

Your data is yours — we simply help you manage it.

24. SMS Data Handling

LeadLock AI may process SMS communication data when customers enable messaging features. This may include sender and recipient phone numbers, message content, timestamps, delivery status, opt-in context, consent language versions shown to end users where applicable, append-only consent history for audit purposes, and opt-out events required to support compliant messaging workflows.

SMS communication through LeadLock is intended for consent-based use cases such as lead confirmations, appointment-related updates, inquiry follow-ups, and support responses. Users may opt out by replying STOP and may request assistance by replying HELP.

25. AI Interaction Data Processing

When AI features are enabled, LeadLock AI may process chat, voice, and message interaction data to generate summaries, recommended responses, lead qualification signals, and communication assistance.

AI interaction processing is performed to provide requested functionality and improve product performance. AI outputs may be reviewed for quality, safety, and reliability in accordance with contractual and legal requirements.

26. Data Retention Detail

Retention periods vary based on data category, legal obligations, customer account settings, support requirements, and operational needs. Communication records and AI interaction logs may be retained for service continuity, troubleshooting, compliance, and security review.

Where feasible and legally permitted, data is deleted, de-identified, or anonymized after retention periods expire or upon verified deletion requests.

27. Third-Party Processors

LeadLock AI uses third-party processors to provide core services. Depending on enabled features, this may include providers for telecommunications delivery (such as Twilio), AI processing (such as OpenAI), billing and payments, cloud infrastructure, and monitoring services.

These processors are used to operate the platform and are contractually required to process data only for authorized service-related purposes.

28. No Sale of Personal Data

LeadLock AI does not sell, rent, or trade personal information to third parties for marketing purposes.