Privacy Policy — Lead-Qual Agent

Lead-Qual Agent ("Company," "we," "us," or "our") is committed to protecting the privacy of our users and their customers. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our AI-powered lead qualification and booking platform (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, do not use the Service.

1. Information We Collect

We collect information to provide and improve our Service. The types of information we may collect include:

Information You Provide to Us

Account Information: When you register, we collect your business name, owner name, email address, phone number, and billing information (processed by Stripe — we do not store full credit card numbers).
Customer/Lead Data: When leads contact your business through the Service, we collect the information they provide, including:
- Phone numbers (SMS/call)
- Names
- Email addresses
- Service addresses
- Message content and conversation history
- Service requests and descriptions
- Budget and scheduling preferences
Configuration Data: Your qualification rules, service catalog, pricing, booking preferences, and other settings you configure in the dashboard.

Information Collected Automatically

Usage Data: Pages visited, features used, time spent on the Service, and interaction patterns.
Device & Log Data: IP address, browser type, operating system, referring URLs, and standard server logs.
Cookies: We use essential cookies for session management and authentication. We do not use third-party tracking cookies for advertising.

2. How We Use Your Information

We use the information we collect for the following purposes:

Providing the Service: To operate, maintain, and deliver the lead qualification, AI response, scoring, booking, and follow-up features you subscribe to.
AI Processing: To generate AI responses to leads, qualify and score leads, detect urgency, and automate bookings. Lead data is processed by our AI models to enable the core functionality of the Service.
Booking & Scheduling: To sync with your Google Calendar and send booking confirmations to leads.
Billing: To process subscription payments through Stripe and manage your account.
Communication: To send you service updates, billing reminders, and support communications. We do not use your data for marketing without your consent.
Improvement: To analyze usage patterns and improve the Service's AI accuracy, features, and user experience.
Compliance: To comply with legal obligations and enforce our Terms of Service.

    AI Processing Disclosure: Lead data (names, phone numbers, messages,
    service requests) is processed by AI models to generate responses and qualification
    scores. This processing is fundamental to the Service. We do not use your lead data
    to train general-purpose AI models or share it with third parties for their AI training.
  

3. Data Sharing & Third Parties

We do not sell your personal information or your leads' information to third parties. We may share information in the following circumstances:

Service Providers: We engage trusted third-party service providers who help us deliver the Service, including:
- Stripe — Payment processing. Your billing information is handled by Stripe in accordance with their privacy policy. We do not store full payment card numbers.
- Google Calendar API — Calendar sync for booking appointments. We access your calendar only to create, update, and check the availability of events as configured.
- Twilio — SMS and voice communication. Phone numbers and message content are processed by Twilio to deliver SMS to your leads.
- OpenAI / AI Providers — AI model providers that process lead conversations to generate responses and qualification scores. Data sent to AI providers is handled in accordance with their data processing agreements.
Legal Requirements: We may disclose information if required to do so by law, subpoena, or other legal process, or if we believe in good faith that disclosure is necessary to protect our rights, your safety, or the safety of others.
Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via email of any change in ownership or data practices.

4. Data Retention

We retain your information for as long as your account is active or as needed to provide you with the Service. Specifically:

Account Data: Retained for the duration of your account plus 30 days after cancellation, during which you may request a data export.
Lead Data: Retained for the duration of your account. Individual lead records may be deleted by you at any time from the dashboard. After account cancellation, lead data is permanently deleted within 30 days.
Conversation History: Retained to enable lead tracking and qualification visibility. You can delete individual conversations from the dashboard at any time.
Backups: Encrypted backups are retained for up to 90 days and then securely destroyed.
Aggregated/Anonymized Data: We may retain anonymized, aggregated data that cannot identify you or your leads indefinitely for analytics and Service improvement.

5. Data Security

We implement industry-standard security measures to protect your data, including:

Encryption in transit (TLS 1.2+) for all data transmitted between your browser and our servers
Encryption at rest for stored data
Secure API authentication using signed tokens
Regular security audits and dependency updates
Limited access controls — only authorized personnel have access to production data

While we strive to protect your data, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security.

6. Your Rights & Choices

Depending on your jurisdiction, you may have the following rights regarding your personal information:

Access: Request access to the personal information we hold about you.
Correction: Request correction of inaccurate or incomplete information.
Deletion: Request deletion of your personal information, subject to our legal obligations to retain certain data.
Data Portability: Request a copy of your data in a structured, machine-readable format.
Objection/Restriction: Object to or request restriction of certain processing activities.
Withdraw Consent: Withdraw consent at any time where we rely on consent as a legal basis for processing.

To exercise any of these rights, please contact us at support@richgibbs.dev. We will respond to your request within 30 days. We may need to verify your identity before processing your request.

7. California Privacy Rights (CCPA)

If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with additional rights regarding your personal information:

Right to Know: You have the right to request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of collection, the business purpose for collection, and the categories of third parties with whom we share that information.
Right to Delete: You have the right to request deletion of personal information we have collected from you, subject to certain exceptions (e.g., completing transactions, detecting security incidents, complying with legal obligations).
Right to Opt-Out: You have the right to opt out of the sale of your personal information. We do not sell personal information.
Right to Non-Discrimination: We will not discriminate against you for exercising any of your CCPA rights.
Shine the Light: California Civil Code Section 1798.83 permits California residents to request information regarding the disclosure of their personal information to third parties for their direct marketing purposes. We do not share personal information for third-party direct marketing.

To exercise your California privacy rights, please contact us at support@richgibbs.dev or by mail at the address below. We will verify your identity before processing your request.

8. Cookies & Tracking

We use only essential cookies required for the functionality of the Service:

Session Cookie: To maintain your authenticated session when logged into the dashboard.
CSRF Token: To prevent cross-site request forgery attacks.

We do not use cookies for advertising, analytics tracking by third parties, or any non-essential purposes. You can configure your browser to reject cookies, but some features of the Service may not function properly without them.

9. Children's Privacy

The Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that a child under 18 has provided us with personal information, we will take steps to delete that information. If you believe a child has provided us with personal data, please contact us immediately.

10. International Data Transfers

Our servers are located in the United States. If you access the Service from outside the United States, your information may be transferred to, stored, and processed in the United States. By using the Service, you consent to the transfer of your information to the United States in accordance with this Privacy Policy.

11. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email or through a notice on the Service. The "Last updated" date at the top of this policy reflects the most recent changes. Your continued use of the Service after the effective date of any changes constitutes your acceptance of the updated policy.

12. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Email: support@richgibbs.dev
Website: leadqual.richgibbs.dev

We will acknowledge receipt of your privacy-related request within 10 business days and respond substantively within 30 days.