Privacy Policy

This Privacy Policy applies to:

• •Users of the Leadnest.ai platform, including free and paid accounts.
• •Organizational customers who create campaigns, send notifications, and manage apps through Leadnest.ai.
• •End users who receive notifications, campaigns, or messages sent via Leadnest.ai.
• •Visitors to our websites, subdomains, and mobile applications.
• •Healthcare clients and their patients (when Leadnest.ai acts as a HIPAA Business Associate).

This policy does not apply to third-party websites or services not controlled by Leadnest.ai.

Account & Identity Data

• •Name, email, phone number, company, job role.
• •Authentication credentials (hashed passwords, API tokens).

Customer & Lead Data

• •Contacts uploaded by customers (names, emails, phone numbers).
• •Campaign metadata (delivery status, open/click rates, engagement history).
• •Preferences and opt-in/opt-out status (including timestamp, IP address, and consent record for SMS/WhatsApp).

Technical & Device Data

• •IP addresses, device identifiers, browser types, operating systems.
• •Log data (usage timestamps, session activity, crash reports).

Payment & Billing Data

• •Payment method details (processed via PCI-DSS compliant providers).
• •Billing address and transaction history.

Special Category Data (GDPR & HIPAA)

• •Protected Health Information (PHI) when acting as a HIPAA Business Associate.
• •Sensitive personal data processed under explicit consent or contractual necessity.

We process your data to:

• •Provide platform functionality (sending messages, managing leads, reporting analytics).
• •

  Deliver transactional and promotional communications via email, SMS, MMS, WhatsApp, and push notifications.

• •Personalize user experience and campaign targeting (within legal limits).
• •Ensure platform security and prevent fraud.
• •Fulfill legal obligations (tax, data protection, audit trails).
• •Conduct research and development to improve AI models.
• •Support healthcare organizations with HIPAA-compliant data processing.

We follow CTIA, TCPA, and 10DLC guidelines for all messaging services:

• •Explicit Consent: Users must opt-in during signup or campaign subscription (via checkbox). Consent records (IP, timestamp) are stored.
• •Message & Data Rates Notice: All messaging consents clearly state “Message & data rates may apply.”
• •

  Opt-Out Handling: Users can opt out anytime by replying STOP. We immediately unsubscribe the number and stop sending both promotional and transactional messages, and send confirmation (“You have successfully unsubscribed. No further messages will be sent.”) leadnest_sms_compliance_changes

• •

  Help Handling: Users can reply HELP to receive support contact details: “Leadnest.ai Support: Contact support@leadnest.ai or call +1-XXX-XXX-XXXX. Msg & Data rates may apply.” leadnest_sms_compliance_changes

• •Brand Identification: All messages include “Leadnest.ai” at the start.
• •Promotional Messages: Clearly identify sender and include opt-out instructions (e.g., “Reply STOP to unsubscribe”).

We rely on:

• •Consent: Freely given, informed, revocable at any time (for marketing, messaging).
• •Contractual Necessity: To fulfill service agreements.
• •Legitimate Interest: Product improvement, fraud prevention.
• •Legal Obligation: Tax, data protection compliance.
• •HIPAA: PHI processed only under signed BAAs.

Leadnest.ai does not share, sell, rent, or disclose users mobile numbers, SMS consent data, or opt-in information with any third parties or affiliates for marketing or unrelated purposes. SMS opt-in data is used solely to deliver account-related transactional notifications.

• •Account Data: Retained for account lifetime + 90 days unless deletion is requested.
• •Consent Records: Retained for compliance (minimum 4 years or per carrier requirement).
• •Lead & Campaign Data: Deleted promptly after contract termination or per customer settings.
• •Healthcare Data: Retained for 6 years (HIPAA).
• •Log Data: Retained for up to 12 months for security auditing.

You may request access, rectification, deletion, restriction, portability, or withdrawal of consent at any time. You may also manage message preferences and opt out of non-essential communications via account settings or by replying STOP to any message.

Used for session management, fraud detection, and personalization.

We notify users and authorities per GDPR (72h), HIPAA (60 days), and DPDPA guidance.