Leadpin · Legal

Privacy Policy

This policy describes the personal data Leadpin collects, the purposes, retention periods and your GDPR rights.

Last updated · 2026-04-13

1. Data controller

The controller of personal data is Romain Lafforgue (SIREN 508 894 987), a French sole proprietor operating the Leadpin service.

For any data protection question, contact romlafforgue@gmail.com.

2. Data collected

Leadpin collects only data strictly necessary to operate the Service:

  • Account data: email, interface language, registration date
  • Subscription data: active plan, status, credit usage, payment history (via Stripe)
  • Usage data: searches made (query, coordinates, radius), tags and notes added by the user
  • Technical data: session cookies, server logs (truncated IP, user-agent, timestamp)

No bank data is stored by Leadpin. Payments are handled exclusively by Stripe.

3. Purposes

Your data is processed for the following purposes:

  • Provide and maintain the Service (contract performance)
  • Manage subscription and billing (legal obligation)
  • Ensure security and prevent abuse (legitimate interest)
  • Send transactional messages (magic links, billing notifications)
  • Improve the Service in aggregate and anonymized form (legitimate interest)

4. Retention

Retention periods vary by data type:

  • Account and subscription: until account deletion or after 3 years of inactivity
  • Search history and results: 30 days maximum (Google Maps Platform terms), then daily auto-purge
  • Prospect tags and notes: kept as long as the account exists
  • Billing data: 10 years (French legal obligation)
  • Technical logs: 12 months maximum, then anonymized

5. Subprocessors

Leadpin relies on the following subprocessors, all bound by GDPR-compliant data processing agreements:

  • Supabase Inc. (database, auth) — EU-hosted
  • Vercel Inc. (app hosting) — EU region (Paris)
  • Google LLC (Google Maps Platform) — public place data provider
  • Stripe Payments Europe Ltd. (payments) — Ireland
  • Resend.com (transactional email) — EU servers

No personal data transfer outside the EU is performed without appropriate safeguards (standard contractual clauses, adequacy decisions).

6. Your GDPR rights

Under Regulation (EU) 2016/679 (GDPR), you have the following rights:

  • Right of access: get a copy of your data (directly from Settings)
  • Right of rectification: correct inaccurate data
  • Right to erasure (“right to be forgotten”): delete your account and all data in one click
  • Right to restriction of processing
  • Right to data portability: retrieve your data in structured formats (CSV, XLSX, JSON)
  • Right to object to processing based on legitimate interest
  • Right to withdraw consent at any time
  • Right to lodge a complaint with a supervisory authority (in France: CNIL, cnil.fr)

7. Cookies

Leadpin uses a minimal set of strictly necessary cookies (authentication, language preference). No advertising or tracking cookies are placed.

See our cookie policy for details.

8. Security

All communications with the Service are encrypted over HTTPS (TLS 1.3). Passwords are never stored — authentication uses single-use magic links. The database enforces strict Row-Level Security so a user can only access their own data.