Marketing Lead ManagerPrivacy Policy
Last updated: [EFFECTIVE DATE]
This privacy notice for Marketing Lead Manager ("Marketing Lead Manager", "we", "us", or "our"), describes how and why we collect, store, use and/or share ("process") your information when you use our services (the "Services"), such as when you:
- Visit our website at marketingleadmanager.com, or any website of ours that links to this Privacy Policy.
- Use the Marketing Lead Manager platform, API, integrations, dashboard, or any other applications we provide.
- Connect third-party accounts (e.g., Instagram, Facebook, WhatsApp, advertising accounts, Google Calendar, Zoom).
- Engage with us via onboarding, support, live chat, email, or any sales or marketing activities.
If you do not agree with our policies and practices, do not use our Services. For further inquiries, contact [email protected].
Summary of key points
What personal information do we process? When you visit, register or use our Services, we process personal information such as contact details, usage logs, connected-account data, calendar content, communication transcripts, analytics, business data and payment status.
Do we process sensitive data? No. We do not collect or process sensitive categories such as health, religious, biometric, political or ethnicity data.
Do we receive information from third parties? Yes. We process data from connected platforms such as Instagram, Facebook, WhatsApp, advertising accounts, Google Calendar and Zoom, and from your usage of our extensions or APIs.
Do we share your information? We only share data with service providers (e.g., hosting, payments, security monitoring, email delivery). We do not sell personal data.
How do we keep your information safe? We maintain strong technical and organizational controls (encryption, hashing, TLS, CSP, rate limiting, row-level security, and vetted vendors).
How can you exercise your rights? Submit your request to [email protected].
1. What information do we collect?
Personal information you disclose to us
We collect personal information you voluntarily provide when you register, subscribe, connect accounts, upload content, interact with our platform, or communicate with us. This includes, but is not limited to:
- Name, email address, phone number
- Login credentials (stored encrypted/hashed)
- Instagram/Facebook profile identifiers
- Social media analytics and messaging metadata
- WhatsApp Business message threads and contacts who message your business
- Advertising account, campaign and performance data
- Google Calendar events (read/write where authorized) and Zoom meeting data (only as required to schedule or join sessions)
- CRM data, lead details, message history and contact lists
- Communication transcripts from in-app support or chat
- Payment status (paid/unpaid), plan tier and transaction times (full payment card details are stored by our payment processors, not by us)
Sensitive information. We do not process sensitive information (such as health, religion, politics, biometric data or protected-classification data).
Payment data. Payments are processed by third-party providers including Stripe and CoinPayments (for crypto transactions). We only store whether you have paid and your subscription history. Full card or wallet information is never stored by us.
Information automatically collected
We automatically collect logs and diagnostic data required for security, analytics, performance optimization, and fraud/abuse prevention, including: IP address; device and browser characteristics; operating system and language preferences; session IDs, click actions and timestamps; feature usage, pages accessed and UI events; error logs and crash reports; and login history, authentication events and failed login attempts.
We may use tools such as Microsoft Clarity on certain pages for UX research. These recordings exclude social-media message content and sensitive data fields.
Information collected from integrations
When you connect third-party accounts, we process only the authorized data needed to provide our Services.
| Integration | Purpose |
|---|---|
| Instagram / Facebook | Messaging access, analytics, automation, CRM enrichment |
| WhatsApp Business | Sending and receiving business messages in the unified inbox |
| Advertising accounts | Creating, managing and reporting on ad campaigns |
| Google Calendar (read/write) | Scheduling content and events |
| Zoom | Joining, generating or scheduling calls |
| API / Webhooks | Sending or receiving CRM data |
2. How do we process your information?
We process your information to operate our Services, deliver automation and analytics, improve user experience, ensure security and comply with legal requirements. Specifically:
- Account creation, authentication and access, onboarding, credential and session management, integration authorization/disconnection.
- Core platform functionality, unified messaging inbox; social automation (DMs, comments, scheduling); CRM contact storage and AI responses; calendar events and reminders; analytics and engagement insights.
- AI and automated processing, we do not use customer conversations, CRM data or social-media messages to train AI models by default. Any future AI training would be strictly opt-in, require explicit consent, and be governed by a separate AI Data Consent Policy. You may withdraw consent at any time.
- Administrative communications, account notices, security alerts, renewal reminders, payment-failure notifications.
- Support, auditing and quality control, troubleshooting, interaction logs, controlled feature testing.
- Marketing, product update emails and business-targeted ads (business targeting only). You may opt out at any time.
- Billing, payment verification, subscription tracking, refund eligibility, chargeback responses.
- Protecting our Services, fraud detection, abuse prevention, account-takeover monitoring.
- Legal compliance, meeting legal obligations and lawful requests, and maintaining records.
Our use of information received from Meta APIs adheres to the Meta Platform Terms and Developer Policies, including Limited Use requirements. We access connected-platform data only to provide the features you choose, we do not sell it, and we do not use it to build advertising profiles of individuals.
3. What legal bases do we rely on to process your information?
If you are in the EU, UK or EEA, we rely on the following legal bases:
- Contractual necessity, to provide the Services you request (account creation, integrations, automation, analytics and reporting).
- Consent, for AI data usage, marketing communications, and certain tracking/analytics technologies. You may withdraw consent at any time.
- Legitimate interests, platform improvement, internal security and fraud prevention, trend analysis, and business-targeted (not personal) advertising.
- Legal obligations, tax, compliance and regulatory retention requirements.
- Vital interests, preventing harm due to fraud, account hijacking or malicious use.
4. When and with whom do we share your personal information?
We only share information with service providers, with regulatory authorities when required, and with third-party platforms to carry out the actions you initiate.
| Category | Examples |
|---|---|
| Infrastructure hosting | Cloud services, database providers |
| Payment processors | Stripe, CoinPayments |
| Email delivery | SendGrid |
| Analytics & security | Microsoft Clarity, performance providers, logging systems |
| Authentication providers | Managed authentication / identity management |
| Integrations | Instagram/Meta, WhatsApp, advertising platforms, Google APIs, Zoom |
Business transfers. If we are involved in a merger, acquisition, restructuring, financing or sale of assets, your information may be transferred as part of the transaction.
No selling of personal data. We do not sell personal data under any jurisdiction, including under the CCPA.
International data transfers. Some of our service providers are located outside the United Kingdom and EEA. When we transfer personal data internationally we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK International Data Transfer Addendum, so your data receives the same level of legal protection regardless of where it is processed.
Third-party platform data (Meta / Instagram / Facebook / WhatsApp). When you connect these accounts, we process data in accordance with Meta's Platform Terms and Data Protection Requirements. You may revoke our access at any time through your Marketing Lead Manager account settings or your Meta Business/Facebook account settings. Meta is not responsible for how we process your data after it is received through Meta APIs.
5. How long do we keep your information?
We retain personal data only for as long as necessary to fulfil the purposes described here and to meet legal, tax and regulatory obligations.
| Data category | Retention period |
|---|---|
| Instagram, Facebook & WhatsApp messages | 12 months after account cancellation |
| CRM contacts, leads, pipelines | 12 months after account cancellation |
| Platform analytics & usage logs | 24 months |
| Support tickets & chat transcripts | 3 months |
| Zoom, calendar & meeting integration data | 3 months |
| Security, fraud & audit logs | As required for security and legal defense |
| Billing, invoicing & tax records | 6 years (legal obligation) |
When the applicable retention period expires, data is permanently deleted or irreversibly anonymized. Backups are encrypted, purged on a rolling basis, and never reintroduced into active systems after deletion. You can request earlier deletion, see our Data Deletion Instructions.
6. How do we keep your information safe?
We implement organizational and technical safeguards that meet or exceed industry standards.
Technical protections: token encryption; password hashing; JWT authentication; secure caching; TLS 1.2+ encrypted connections; HSTS enforcement; CSP headers; XSS & CSRF prevention; rate limiting, circuit breakers and abuse throttling; database Row-Level Security (RLS).
Organizational protections: least-privilege access control; employee confidentiality agreements; key rotation and secret scanning; security audits and monitoring alerts; and incident notification within 72 hours where required.
Data hosting & location. Our infrastructure is hosted in Canada and the United States, with encrypted backups stored in those regions. We implement geo-redundant backups, encryption at rest and in transit, and access controls regardless of storage location. Despite our safeguards, no method of transmission over the Internet is guaranteed completely secure.
7. Do we collect information from minors?
We do not knowingly collect or market to individuals under 18. By using the Services you represent that you are at least 18, or a parent/guardian consenting to a minor's limited use for business purposes. If we learn that data has been collected from a child under 18, we will deactivate the account and delete the data within a commercially reasonable time. Contact [email protected] with concerns.
8. What are your privacy rights?
Depending on your location, you may have the right to: request access to your data; request rectification; request deletion (in certain cases); restrict or object to processing; request data portability; and withdraw consent (e.g., AI data usage, marketing). Exercise these rights at any time by contacting [email protected].
Withdrawing consent will not affect processing carried out before withdrawal or processing relying on a different lawful basis. Opting out of marketing: use the unsubscribe link in emails, or contact us; we may still send transactional messages such as receipts and security alerts.
Right to lodge a complaint. If you are in the EU/UK, you may lodge a complaint with your local data protection authority or with the UK Information Commissioner's Office (ICO), our lead supervisory authority.
9. Controls for Do-Not-Track features
No uniform industry standard currently governs Do-Not-Track ("DNT") signals, so we do not currently respond to them. If standards change, we will update this Policy accordingly.
10. Do United States residents have specific privacy rights?
If you reside in California (CCPA/CPRA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA) or Virginia (VCDPA), you have specific state-based rights, including to request access, deletion, correction, and to opt out of targeted advertising. We do not sell or share personal data as those terms are defined under the CCPA/CPRA, and we use advertising platforms only to target businesses, not individuals. To exercise these rights, email [email protected]; we may require identity verification.
11. Do other regions have specific privacy rights?
Residents of Canada, Australia, New Zealand and South Africa have certain rights under their national laws, including to request access, correction, and to file complaints with their enforcement agencies. Contact [email protected] and we will respond in accordance with applicable regulations.
12. Do we make updates to this notice?
Yes. The "Last updated" date reflects the most recent revision, and updates take effect when published. We may notify you of significant changes by email, in-app notice or banner. Continued use of the Services indicates acceptance.
13. How can you contact us about this notice?
Marketing Lead Manager
Email: [email protected]
Data Protection Officer (DPO)
In accordance with Article 37 of the UK GDPR and EU GDPR, we have appointed a Data Protection Officer, responsible for overseeing compliance and acting as the primary contact for supervisory authorities and users on privacy matters. Contact: [email protected].
14. How can you review, update or delete the data we collect from you?
You may request to review, update, correct, delete (where permitted) or port your personal data by submitting a request to [email protected]. See also our Data Deletion Instructions.
Related policies: Terms of Service · Cookie Policy · Compliance · Data Deletion