Privacy Policy

1 Information We Collect

We collect the following categories of information when you create an account or use LeadNova:

• Account information: Your email address and a hashed password, or your Google account ID if you sign in with Google.
• Usage data: The searches you run, leads generated per session, cities and niches you search, and your daily usage counts.
• Payment information: All payments are processed securely by Stripe. We never store or see your full card number — only your Stripe customer ID and subscription ID are retained on our servers.
• API keys: If you provide a Hunter.io API key (Pro plan), it is encrypted at rest with AES-256 before storage and is never transmitted to any third party on your behalf.

2 How We Use Your Information

• To create and maintain your account and provide the LeadNova lead generation service.
• To send transactional emails — such as password reset links and account notifications — via Resend.
• To process your subscription payments via Stripe.
• To enforce your plan quota and retain search history within your plan's retention window.
• To diagnose technical issues and improve the service.

We never sell, rent, or share your personal data with third parties for marketing or advertising purposes.

3 Data Storage & Security

• Database: Your account and search data is stored on Supabase (managed PostgreSQL), hosted on secure cloud infrastructure.
• API key encryption: Hunter.io API keys are encrypted with AES-256 (Fernet) before being written to the database. The encryption key is stored separately in the server environment and never in the database.
• Transport security: All data is transmitted over HTTPS. Session cookies are issued with the Secure, HttpOnly, and SameSite=Lax flags.
• Password hashing: Passwords are hashed with bcrypt (adaptive cost factor) and are never stored in plain text. We cannot recover your password — only reset it.
• CSV exports: Generated lead files are stored temporarily on the server and deleted automatically per your plan's retention window.

4 Third-Party Services

LeadNova integrates with the following third-party providers to deliver its features. Each is subject to its own privacy policy:

• Stripe — Subscription billing and payment processing. Stripe Privacy Policy.
• Hunter.io — Decision-maker email enrichment (Pro plan only, using your own API key). Hunter Privacy Policy.
• SerpAPI — Google search results for lead discovery. SerpAPI Privacy Policy.
• Resend — Transactional email delivery (password resets, notifications). Resend Privacy Policy.
• Render — Cloud application hosting. Render Privacy Policy.
• Supabase — Managed PostgreSQL database hosting. Supabase Privacy Policy.

5 Data Retention

• Active accounts: Your account data is retained for as long as your account is active.
• Deleted accounts: When you delete your account, all personal data — including your email, password hash, search history, stored leads, and API keys — is permanently and immediately removed from our database. This action is irreversible.
• Search history: Retained within your plan's history window — 7 days (Growth) or 30 days (Pro). Free and Starter plan users have no search history stored beyond the current session.
• CSV export files: Stored for 1 day (Free/Starter) or within your plan's history window (Growth/Pro), then automatically deleted from the server.

6 Your Rights

• Access: You can view your account information and usage statistics at any time on your Profile page.
• Deletion: You can permanently delete your account and all associated data instantly from the Danger Zone section of your Profile page. Deletion is immediate and irreversible.
• Data portability: You can download your lead data as CSV files from your Dashboard at any time during your plan's retention window.
• Other requests: For data correction, access requests, or any other privacy inquiries, contact us at [email protected]. We will respond within 30 days.

7 Cookies

• Session cookie (leadnova_session): Set when you log in. Required for authentication. Expires after 7 days or when you log out.
• CSRF cookie (leadnova_csrf): Used to protect form submissions from cross-site request forgery attacks. Expires after 4 hours.
• No tracking or advertising cookies: We do not use any analytics, advertising, or third-party tracking cookies of any kind.

8 Changes to This Policy

We may update this Privacy Policy periodically. If we make material changes that affect your rights or how your data is used, we will notify you by email at the address associated with your account at least 14 days before the changes take effect.

The "Last updated" date at the top of this page always reflects when the policy was most recently revised. Continued use of LeadNova after the effective date of any changes constitutes acceptance of the updated policy.

Questions or concerns? Contact us anytime at [email protected].