1Overview

DeadLeadCo ("we", "our", or "us") operates a SaaS platform that uses AI to identify and re-engage stale CRM leads. This Privacy Policy explains what information we collect, what we access from your connected accounts, how we use it, and the rights you have — including rights under the EU General Data Protection Regulation (GDPR).

By creating an account and using our service you agree to this policy. If you do not agree, please do not use the service.

2What We Access From Your Accounts

We only request the minimum permissions needed to deliver the service. Here is exactly what we access when you connect each integration — and what we do not access.

HubSpot CRMRead-only

What we read	Why
Contact name, email, job title	To personalise outreach emails
Company name and industry	To research news triggers (funding, hires)
Last activity date	To determine whether a lead is stale (90+ days inactive)
Lead score	To prioritise which leads are worth reviving
Deal stage	To avoid contacting leads already in active deals

We do not write to, modify, or delete any records in your HubSpot account.

You can disconnect any integration at any time from the Integrations page. This immediately revokes our access and deletes all stored OAuth tokens for that service.

3Information We Collect

Account data: Name, email address, and password (hashed and salted — never stored in plain text) when you create an account.

CRM & contact data: Contact records retrieved from HubSpot as described in Section 2. This data is used only to run your lead-revival campaigns and is not sold or used for any other purpose.

Payment data: Billing is processed by Stripe. We store only your Stripe customer ID — we never see or store your card number, CVC, or bank details.

Usage data: Pages visited, features used, timestamps, and browser/device type to understand how the product is used and improve it.

Support communications: Messages you send via our contact form or email, used solely to respond to you.

Feedback: Optional feedback submitted through the in-app feedback widget.

4How We Use Your Information

Service delivery: To scan your CRM leads and generate AI-personalised revival email drafts for your approval.

AI processing: Lead data (name, company, job title) is sent to Anthropic's Claude API to generate personalised email content. This is the core function of the service.

Web research: Company names are sent to Tavily (a web-search API) to find recent news triggers such as funding rounds or leadership changes.

Authentication: To verify your identity and keep your account secure.

Billing: To process subscription payments through Stripe.

Product improvement: Aggregated, anonymised usage signals help us improve the product. We do not build individual profiles for advertising.

Support: To respond to questions, bug reports, and feature requests.

Legal compliance: To comply with applicable laws including GDPR and CAN-SPAM.

5Data Sharing & Sub-processors

We do not sell, rent, or trade your personal data. We share data only with the sub-processors listed below, which are strictly necessary to operate the service. Each is bound by data processing agreements.

Sub-processor	Purpose	Data sent
Supabase	Database & authentication	Account data, encrypted OAuth tokens
Anthropic (Claude AI)	AI email generation	Contact name, company, job title
Tavily	Company news research	Company name only
Stripe	Payment processing	Email address, billing info
HubSpot API	Reading CRM contacts	OAuth token (read-only)

We may disclose data if required by law, court order, or to protect the rights, property, or safety of DeadLeadCo, our users, or others.

6Data Retention

We retain your account data for as long as your account is active. CRM contact data is fetched fresh from your CRM each time you run a revival — we do not maintain a separate persistent copy of your contacts.

Email queue drafts are stored until you approve, skip, or delete them. Sent email records are retained for up to 12 months so you can track revival history.

You may request full deletion of your account and all associated data at any time by emailing hello@deadleadco.com. We process deletion requests within 30 days.

7Security

We implement industry-standard safeguards: TLS encryption in transit, AES-256 encryption at rest, and role-based access controls. Passwords are hashed using bcrypt. OAuth tokens are encrypted before storage.

No method of transmission over the internet is 100% secure. We cannot guarantee absolute security but are committed to continuous improvement and prompt disclosure of any breaches.

8GDPR & Your Rights (EU / EEA)

If you are in the European Union or European Economic Area, you have the following rights under GDPR. Our lawful basis for processing your data is performance of a contract (delivering the service) and legitimate interests (improving the product and preventing fraud).

Right of access (Art. 15): Request a copy of all personal data we hold about you.

Right to rectification (Art. 16): Ask us to correct inaccurate or incomplete data.

Right to erasure (Art. 17): "Right to be forgotten" — request deletion of your personal data.

Right to restriction (Art. 18): Ask us to stop processing your data in certain circumstances.

Right to data portability (Art. 20): Receive your data in a structured, machine-readable format (JSON or CSV).

Right to object (Art. 21): Object to processing of your data for direct marketing.

Right to withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting prior processing.

To exercise any right, email hello@deadleadco.com. We will respond within 30 days. You also have the right to lodge a complaint with your local data protection authority.

Data transfers outside the EU/EEA: our sub-processors (Supabase, Anthropic, Stripe) are based in the US and operate under Standard Contractual Clauses (SCCs) or are covered by equivalent safeguards.

9Cookies

We use strictly necessary session cookies to keep you logged in. We do not use advertising trackers, third-party analytics cookies, or cross-site tracking.

You can disable cookies in your browser settings, but this will prevent you from staying logged in to the app.

10Children's Privacy

Our service is not directed at individuals under 16 years of age. We do not knowingly collect personal data from children. If you believe we have inadvertently done so, please contact us immediately.

11Changes to This Policy

We may update this policy periodically. When we do, we will revise the "Last updated" date at the top and, for material changes, notify you by email or an in-app notice at least 14 days in advance. Continued use after the effective date constitutes acceptance.

12Contact

Questions, data requests, or privacy concerns:

DeadLeadCohello@deadleadco.com