Privacy Policy

1. Introduction

LeadGhost, LLC ("LeadGhost," "we," "our," or "us") operates a Software-as-a-Service (SaaS) platform that enables businesses ("Clients") to track website visitors, generate leads, and send direct mail campaigns. This Privacy Policy explains our practices regarding the collection, use, disclosure, and protection of information collected through:

• Our website at app.leadghost.io
• Tracking scripts embedded on Client websites
• Our dashboard and administrative interfaces
• Related services, APIs, and applications

2. Definitions

• "Client" - Businesses that subscribe to LeadGhost services
• "End User" or "Visitor" - Individuals who visit Client websites where our tracking script is installed
• "Personal Information" - Information that identifies, relates to, or could reasonably be linked with a particular individual or household
• "Services" - All features and functionality provided by LeadGhost

3. Information We Collect

3.1 Information Collected from End Users (Website Visitors)

When you visit a website that uses LeadGhost's tracking script, we collect:

A. Automatically Collected Information:

• Browsing Activity: Pages viewed, links clicked, time spent on pages, referring URLs, exit pages, navigation paths
• Device Information: Browser type and version, operating system, screen resolution, viewport size, color depth, device type (mobile/desktop/tablet)
• IP Address: Your Internet Protocol address for approximate geolocation and fraud prevention
• Technical Data: User agent string, language preferences, time zone, HTTP headers
• Interaction Data: Mouse movements, click coordinates, scroll depth, form interactions (excluding form content)
• Timestamps: Date and time of all interactions and page loads

B. Location Information:

• Approximate Location: City, state, ZIP code derived from IP address
• Precise Geolocation: GPS coordinates (latitude, longitude, accuracy, altitude, heading, speed) when you grant permission through browser prompts

C. Identifiers and Tracking Technologies:

• Local Storage: User consent preferences stored in browser localStorage
• Session Identifiers: Unique IDs to track sessions across page views
• Lead Keys: Unique identifiers assigned to individual leads

3.2 Information Collected from Clients

When you create an account and use our services as a Client, we collect:

• Account Information: Name, email address, username, password (encrypted), phone number, company name
• Business Information: Website URL, business address, return address for mailings
• Billing Information: Credit card details (processed by Stripe), billing address, payment history
• Subscription Data: Plan type, subscription status, renewal dates, usage metrics
• Communication Data: Support tickets, emails, chat messages, feedback
• Lead Data: Names, addresses, property information of individuals you target for direct mail campaigns

3.3 Information from Third-Party Sources

We obtain additional information from third-party services:

• Property Data: Property ownership, estimated values, occupancy status, property characteristics from skip-tracing APIs (RapidAPI)
• Address Verification: Validated mailing addresses from postal verification services
• Payment Data: Transaction records and payment method details from Stripe
• Geolocation Services: Enhanced location data from IP geolocation providers

4. How We Use Information

4.1 Service Provision and Improvement

• Generate and attribute leads to specific Client websites
• Track visitor behavior and engagement patterns
• Create analytics dashboards and reports for Clients
• Identify potential customers based on location and behavior
• Improve our algorithms and machine learning models
• Develop new features and enhance existing functionality
• Conduct research and analysis on user behavior patterns

4.2 Direct Mail Campaigns

• Send postcards, letters, and promotional materials on behalf of Clients
• Process and fulfill gift delivery orders
• Verify and validate mailing addresses
• Track delivery status and campaign performance
• Personalize mail content based on recipient information

4.3 Account Management and Support

• Create and maintain user accounts
• Process payments and manage subscriptions
• Provide customer support and respond to inquiries
• Send service-related communications and updates
• Authenticate users and prevent unauthorized access

4.4 Security and Fraud Prevention

• Detect and prevent fraudulent activity, abuse, and security incidents
• Monitor system integrity and prevent unauthorized access
• Enforce our Terms of Service and acceptable use policies
• Protect our rights, property, and safety, and that of our users

4.5 Legal and Compliance

• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from authorities
• Enforce legal rights and defend against legal claims
• Conduct audits and maintain business records

5. Legal Basis for Processing (GDPR)

For users in the European Economic Area (EEA), UK, and Switzerland, we process personal information based on the following legal grounds:

• Consent: When you explicitly agree to tracking via consent popup
• Contract Performance: To provide services you've requested or agreed to
• Legitimate Interests: For fraud prevention, security, analytics, and service improvement
• Legal Obligations: To comply with applicable laws and regulations

6. Information Sharing and Disclosure

6.1 With Clients

We share End User data with the Client whose website the visitor accessed. This includes all browsing behavior, location data, and lead information collected through their embedded tracking script.

6.2 With Service Providers

We share information with third-party vendors who perform services on our behalf:

• Stripe: Payment processing and subscription management
• Lob: Postcard printing and mailing services
• RapidAPI Partners: Property data and skip-tracing services
• Cloud Hosting: Data storage and infrastructure providers
• Email Services: Transactional email delivery
• Analytics Tools: Service monitoring and error tracking

These providers are contractually bound to protect your information and use it only for specified purposes.

6.3 For Legal Reasons

We may disclose information when required by law or when we believe in good faith that disclosure is necessary to:

• Comply with legal processes, court orders, or government requests
• Enforce our Terms of Service or other agreements
• Detect, prevent, or address fraud, security, or technical issues
• Protect the rights, property, or safety of LeadGhost, our users, or the public

6.4 Business Transfers

In the event of a merger, acquisition, reorganization, or sale of assets, your information may be transferred as part of that transaction. We will notify you via email and/or prominent notice on our website before your information is transferred and becomes subject to a different privacy policy.

6.5 With Your Consent

We may share information for any other purpose disclosed to you with your consent.

7. We Do Not Sell Personal Information

LeadGhost does not sell personal information. We do not and will not sell, rent, or trade personal information to third parties for monetary or other valuable consideration. However, we do share information with service providers and Clients as described in this policy.

8. Data Retention

We retain information for as long as necessary to provide our services and fulfill the purposes outlined in this policy:

• Event Data: Retained for 60 days by default, configurable by Clients
• Lead Data: Retained for the duration of Client's active subscription plus 90 days
• Account Data: Retained for the life of the account plus 7 years for financial records
• Mailing Records: Retained for 3 years for legal compliance
• Backup Data: May be retained in backups for up to 90 days after deletion

After retention periods expire, we securely delete or anonymize data unless longer retention is required by law.

9. Your Rights and Choices

9.1 For End Users (Website Visitors)

• Opt-Out of Tracking: Decline consent when prompted by the consent popup, or clear localStorage in your browser
• Location Permissions: Deny geolocation access through browser settings
• Browser Settings: Use privacy modes, disable JavaScript, or use tracking prevention tools
• Do Not Track: We currently do not respond to Do Not Track signals

9.2 For Clients (Account Holders)

• Access: View and download your account information through your dashboard
• Correction: Update inaccurate information in your profile settings
• Deletion: Request account deletion by contacting jeffdaviscpt@gmail.com
• Data Portability: Export your data in machine-readable formats
• Marketing Opt-Out: Unsubscribe from marketing emails via links in messages

9.3 Additional Rights (GDPR, CCPA, and Similar Laws)

Depending on your location, you may have additional rights:

• Right to Know: Request details about what information we collect and how we use it
• Right to Delete: Request deletion of your personal information (subject to exceptions)
• Right to Correct: Request correction of inaccurate information
• Right to Restrict Processing: Limit how we use your information
• Right to Object: Object to processing based on legitimate interests
• Right to Data Portability: Receive your data in a portable format
• Right to Withdraw Consent: Withdraw consent at any time (without affecting prior processing)
• Right to Lodge a Complaint: File a complaint with your data protection authority
• Right to Non-Discrimination: We will not discriminate against you for exercising your rights

To exercise these rights, contact us at jeffdaviscpt@gmail.com. We will respond within 30 days (or as required by applicable law).

10. Security Measures

We implement industry-standard security measures to protect your information:

• Encryption: Data in transit protected by TLS/SSL; sensitive data encrypted at rest
• Access Controls: Role-based access with multi-factor authentication for admin accounts
• Password Security: Passwords hashed using bcrypt with salt
• Infrastructure Security: Regular security updates, firewalls, intrusion detection
• Data Segregation: Client data isolated and segregated by account
• Regular Audits: Periodic security assessments and vulnerability scans
• Incident Response: Procedures for detecting and responding to breaches

No system is 100% secure. While we strive to protect your information, we cannot guarantee absolute security. You are responsible for maintaining the confidentiality of your account credentials.

11. International Data Transfers

LeadGhost is based in the United States. If you access our services from outside the U.S., your information will be transferred to, stored, and processed in the United States, which may have different data protection laws than your jurisdiction.

For transfers from the EEA, UK, and Switzerland, we rely on:

• Standard Contractual Clauses approved by the European Commission
• Adequacy decisions where applicable
• Your explicit consent where required

12. Children's Privacy

Our services are not directed to individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If we become aware that we have collected information from a child under 16, we will delete it promptly. If you believe we have collected information from a child, contact us at jeffdaviscpt@gmail.com.

13. California Privacy Rights

California residents have specific rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):

13.1 Categories of Personal Information Collected

• Identifiers (names, email, IP addresses, device IDs)
• Internet activity (browsing history, interactions)
• Geolocation data (precise and approximate)
• Commercial information (purchase history, preferences)
• Professional information (company, job title)
• Inferences (preferences, behavior patterns)

13.2 Sources of Information

• Directly from you
• Automatically from your devices
• From third-party data providers
• From our Clients

13.3 Business Purposes for Collection

• Service delivery and operations
• Security and fraud prevention
• Product improvement and development
• Marketing and analytics (for Clients)

13.4 Sale and Sharing

We do not "sell" or "share" (for cross-context behavioral advertising) personal information as defined by the CCPA.

13.5 Sensitive Personal Information

We collect precise geolocation data, which is considered sensitive. We use this solely for lead attribution and do not use it for profiling or inferring characteristics. You have the right to limit use of sensitive personal information.

To exercise California privacy rights, email: jeffdaviscpt@gmail.com

14. Nevada Privacy Rights

Nevada residents may opt out of the "sale" of certain covered information. We do not currently sell covered information as defined under Nevada law. If our practices change, we will update this policy and provide you with opt-out instructions.

15. Automated Decision-Making and Profiling

We use automated systems to:

• Analyze visitor behavior patterns
• Score lead quality and engagement
• Identify potential customers
• Detect fraud and abuse

These processes do not result in legal or similarly significant effects. If you are subject to automated decisions, you have the right to request human review.

16. Changes to This Privacy Policy

We may update this Privacy Policy periodically to reflect changes in our practices, technology, legal requirements, or other factors. We will:

• Post the updated policy with a new "Last Updated" date
• Notify Clients via email for material changes
• Obtain consent where required by law

Continued use of our services after changes constitutes acceptance of the updated policy.

17. Third-Party Links and Services

Our services may contain links to third-party websites and services. This Privacy Policy does not apply to those external sites. We are not responsible for the privacy practices of third parties. We encourage you to review their privacy policies.

18. Contact Information

For questions, concerns, or to exercise your privacy rights, contact us:

• Email: jeffdaviscpt@gmail.com
• Phone: (586) 227-3836
• Mail: LeadGhost, LLC
  Privacy Compliance Department
  32009 Crane St
  Harrison Township, MI 48045
  United States

19. Data Protection Officer

For GDPR-related inquiries, you may contact our Data Protection Officer:

• Email: jeffdaviscpt@gmail.com

20. Supervisory Authority

If you are in the EEA, UK, or Switzerland, you have the right to lodge a complaint with your local data protection authority if you believe we have violated your privacy rights.