Privacy Policy

1. Who We Are

LeadLifeline ("we," "us," "our") is a product of Burke Labs LLC, a Delaware limited liability company (registration pending). We provide a software-as-a-service (SaaS) platform that helps home service businesses reactivate dormant leads and nurture new ones through automated email campaigns.

Website: leadlifeline.io
Contact: daire@leadlifeline.io

2. Scope

This Privacy Policy explains how we collect, use, store, disclose, and protect personal information when you visit our website, create an account and use the LeadLifeline platform, or communicate with us.

This policy applies to two categories of individuals:

• Customers — business owners and their authorised team members who use LeadLifeline
• End Contacts — the leads, prospects, and past customers whose data our Customers upload to or create within the platform

3. Information We Collect

3.1 Information You Provide Directly

• Account information: name, email address, password, business name, phone number, industry type, service area
• Business profile data: owner first name, reply-to email, business phone number, average job value, Google review link, uploaded logo
• Billing information: payment details processed by our third-party payment provider (LemonSqueezy or Stripe) — we do not store full credit card numbers on our servers
• Support communications: messages, emails, and attachments you send us

3.2 Information About Your End Contacts

When you use LeadLifeline, you upload or enter information about your leads and customers, including:

• Names, email addresses, phone numbers, physical addresses
• Lead source and status, job type, estimated or actual job value
• Photos or screenshots uploaded via AI photo import (e.g. screenshots of conversations, email enquiries, job cards, or handwritten notes)
• Pasted message text from conversations (WhatsApp, SMS, email, or other messaging platforms)
• Communication history and campaign engagement data (email opens, clicks, unsubscribes)
• Job completion status and review request outcomes

3.3 Information Collected Automatically

• Usage data: pages visited, features used, clicks, session duration
• Device and browser data: IP address, browser type, operating system, device type
• Cookies: session cookies for authentication and preferences (see Section 9)

3.4 Information From Third-Party Services

• Google Gemini API: when you use AI photo import or paste message extraction, content is sent to Google's Gemini 2.5 Flash API for analysis and lead extraction. We send only the content required and do not share your account information with Google for this purpose.
• Resend: email delivery status, bounce data, open and click tracking
• Payment providers: transaction confirmations and subscription status from LemonSqueezy or Stripe

4. How We Use Your Information

• Provide, operate, and improve the LeadLifeline platform (performance of contract)
• Process payments and manage your subscription (performance of contract)
• Send your email campaigns to your End Contacts on your behalf (performance of contract)
• Send you account-related communications — welcome emails, monthly reports, product updates (legitimate interest / performance of contract)
• Execute automated follow-ups and nurture sequences you configure (performance of contract)
• Analyse platform usage to improve features and fix bugs (legitimate interest)
• Comply with legal obligations — tax, anti-spam laws, law enforcement requests (legal obligation)
• Protect against fraud, abuse, and unauthorised access (legitimate interest)

We do not sell, rent, or trade your personal information or your End Contacts' personal information to third parties for their marketing purposes.

5. How We Share Your Information

5.1 Service Providers

We use trusted third-party services to operate our platform:

• Supabase — database, authentication, serverless functions. Data hosted in Sydney, Australia region.
• Resend — email delivery. End Contact email addresses and email content. Emails sent from hello@send.leadlifeline.io. US-based infrastructure.
• Cloudflare — DNS, email routing, CDN. IP addresses and traffic data. Global network.
• LemonSqueezy / Stripe — payment processing. Billing details and subscription status. US-based.
• Google Gemini API — AI photo import and text extraction. Uploaded images and pasted text only. US-based.

All service providers are bound by their own privacy policies and data processing agreements.

5.2 Legal Requirements

We may disclose information if required by law, regulation, legal process, or government request, or to protect the rights, safety, or property of Burke Labs LLC, our Customers, or the public.

5.3 Business Transfers

If Burke Labs LLC is involved in a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. We will notify you of any such change.

6. Data Retention

• Account data: retained for the duration of your subscription plus 90 days after cancellation, then permanently deleted
• End Contact data: retained for the duration of your subscription. Permanently deleted within 90 days of cancellation. You may delete individual leads at any time within the platform.
• Email engagement data: retained for the duration of your subscription
• Uploaded images and pasted text: processed in real-time for lead extraction and not permanently stored separately from the extracted lead data
• Billing records: retained for 7 years as required by tax and accounting laws
• Server logs: retained for up to 90 days

7. Data Security

We implement industry-standard security measures, including:

• Encryption in transit (TLS/HTTPS) and at rest
• Row-level security (RLS) in our database ensuring Customers can only access their own data
• Secure authentication via Supabase Auth with hashed passwords
• Email sending restricted to our verified domain (send.leadlifeline.io)
• Regular security reviews and updates

No system is 100% secure. If we become aware of a data breach that affects your personal information, we will notify you and any applicable regulators in accordance with applicable law.

8. Your Rights

All users may request access to, correction of, or deletion of their personal information. You may also request a data export in a machine-readable format, or withdraw consent where processing is based on consent.

Australian users (Privacy Act 1988): You may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.

EU/UK users (GDPR / UK GDPR): You may request restriction of processing, object to processing based on legitimate interest, or lodge a complaint with your local supervisory authority.

California users (CCPA): You have the right to know what personal information we collect and how it is used, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. We will not discriminate against you for exercising your rights.

End Contacts: If you are a lead or customer of a business using LeadLifeline, your data is controlled by that business. Please contact them directly to exercise your rights. Every email sent through LeadLifeline includes a functional unsubscribe link.

To exercise your rights as a Customer, email daire@leadlifeline.io.

9. Cookies

We use minimal cookies:

• Session cookie — authentication and login state (expires at end of session)
• Preferences cookie — your dashboard and UI preferences (expires after 1 year)

We do not use third-party advertising or tracking cookies.

10. Anti-Spam Compliance

LeadLifeline is designed to help you send compliant marketing emails. However, you are responsible for ensuring your email campaigns comply with applicable laws, including:

• Australian Spam Act 2003 — requires consent, sender identification, and a functional unsubscribe mechanism
• CAN-SPAM Act (US) — requires accurate header information, identification as advertising, a physical address, and opt-out compliance
• GDPR / UK GDPR — requires a lawful basis for processing and sending marketing emails
• CASL (Canada) — requires express or implied consent

LeadLifeline provides tools to support compliance including unsubscribe links in every email, a public unsubscribe page, suppression list management, and sender identification. You must ensure you have appropriate consent or legal basis before uploading contacts and sending campaigns.

11. International Data Transfers

Our primary database is hosted in Sydney, Australia via Supabase. Some of our service providers (Resend, Google, LemonSqueezy/Stripe) are located in the United States. If you are located outside the US, your data may be transferred to and processed in the US for email delivery, payment processing, and AI features. We rely on Standard Contractual Clauses and our service providers' certifications (where applicable) to ensure adequate data protection.

12. Children's Privacy

LeadLifeline is a business-to-business platform. We do not knowingly collect personal information from anyone under 18. If we learn we have collected data from a minor, we will delete it promptly.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. The "Last updated" date at the top reflects the most recent revision.

14. Contact Us

Burke Labs LLC (registration pending)
Email: daire@leadlifeline.io
Website: leadlifeline.io