Summary: LeadFlow (a product of Aelion Group LLC) collects only the data necessary to provide our service. We never sell your personal data. You have the right to access, correct, or delete your information at any time. For questions, contact us at hello@leadflow.io.
1. Who We Are
LeadFlow is a lead generation automation platform operated by Aelion Group LLC, headquartered in Los Angeles, CA, United States. References to "LeadFlow," "we," "us," or "our" in this policy refer to Aelion Group LLC.
If you have any questions about this Privacy Policy or our data practices, please contact us at:
2. Information We Collect
2.1 Information You Provide
When you create an account, subscribe to a plan, or contact us, we may collect:
- Full name and email address
- Password (stored as a bcrypt hash — we never see your plaintext password)
- Billing information (processed by our payment provider; we do not store raw card numbers)
- Business name, industry, and campaign preferences you configure inside LeadFlow
- Communications you send us (support tickets, emails)
2.2 Information Collected Automatically
When you use LeadFlow, we automatically collect:
- IP address and approximate geographic location
- Browser type, operating system, and device identifiers
- Pages visited, features used, and time spent (via analytics cookies)
- Referring URLs and search terms that led you to our site
- Session tokens and authentication data
2.3 Lead Data You Generate
When you use LeadFlow's scraping and outreach tools, the platform collects and stores third-party business data (business names, email addresses, website audit results) on your behalf. This data is considered your content and is processed under your instruction. We act as a data processor for this information.
3. How We Use Your Information
We use the information we collect to:
- Create and manage your account and subscription
- Operate and improve the LeadFlow platform
- Process payments and prevent fraud
- Send transactional emails (account creation, password reset, invoices)
- Send product updates and marketing communications (you can opt out at any time)
- Comply with legal obligations
- Provide customer support
- Analyze usage patterns to improve our service (aggregated, anonymized data)
We do not use your data to train AI models. We do not sell, rent, or trade your personal information to third parties for their marketing purposes.
4. Legal Basis for Processing (GDPR)
If you are located in the European Economic Area (EEA), UK, or Switzerland, we process your personal data under the following legal bases:
- Contract performance: Processing necessary to provide the LeadFlow service you have subscribed to.
- Legitimate interests: Security, fraud prevention, and improvement of our services.
- Consent: Marketing communications. You may withdraw consent at any time.
- Legal obligation: Compliance with applicable laws and regulations.
5. Cookies and Tracking
We use cookies and similar technologies to operate and improve LeadFlow. Cookies are small text files stored on your device.
Types of cookies we use:
- Strictly necessary cookies: Required for the site to function (authentication sessions, security tokens). Cannot be disabled.
- Analytics cookies: Help us understand how users interact with LeadFlow (e.g., Google Analytics). These can be disabled via your browser settings.
- Preference cookies: Remember your settings and preferences across sessions.
- Marketing cookies: Used only if you have opted in. Help us measure the effectiveness of our advertising.
You can manage or disable non-essential cookies via your browser settings or by contacting us. Disabling essential cookies may affect the functionality of LeadFlow.
6. Data Sharing and Third Parties
We share your data only in the following circumstances:
- Service providers: We use trusted third-party providers to operate LeadFlow, including Firebase (authentication), Stripe (payments), and cloud hosting providers. These providers are contractually bound to protect your data.
- Legal requirements: We may disclose data if required by law, court order, or governmental authority.
- Business transfers: In the event of a merger, acquisition, or asset sale, your data may be transferred. We will notify you before your data is subject to a different privacy policy.
- With your consent: Any other sharing requires your explicit consent.
7. Data Retention
We retain your personal data for as long as your account is active or as needed to provide services. If you delete your account:
- Your profile and campaign data are deleted within 30 days
- Billing records are retained for 7 years as required by law
- Anonymized analytics data may be retained indefinitely
8. Data Security
LeadFlow implements industry-standard security measures including:
- TLS 1.3 encryption for all data in transit
- AES-256 encryption for data at rest
- Multi-factor authentication options for user accounts
- Regular security audits and penetration testing
- Strict access controls — only authorized personnel can access user data
Despite these measures, no system is completely secure. We encourage you to use a strong, unique password and enable two-factor authentication.
9. Your Rights
Depending on your location, you may have the following rights regarding your personal data:
- Access: Request a copy of the data we hold about you.
- Correction: Request correction of inaccurate data.
- Deletion: Request deletion of your data ("right to be forgotten").
- Portability: Request your data in a machine-readable format.
- Restriction: Request that we restrict processing of your data.
- Objection: Object to processing based on legitimate interests.
- Withdraw consent: Withdraw consent for marketing at any time.
To exercise any of these rights, email us at hello@leadflow.io. We will respond within 30 days. EEA users may also lodge a complaint with their local supervisory authority.
10. International Data Transfers
LeadFlow is operated from the United States. If you are located outside the US, your data will be transferred to and processed in the US. For EEA/UK users, we ensure adequate safeguards are in place, including Standard Contractual Clauses (SCCs) where applicable.
11. Children's Privacy
LeadFlow is not intended for use by anyone under the age of 16. We do not knowingly collect personal data from children. If you believe we have inadvertently collected data from a minor, please contact us immediately and we will delete it.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or by displaying a notice on our website. Your continued use of LeadFlow after any change constitutes acceptance of the updated policy.
13. Contact Us
If you have questions, concerns, or requests regarding this Privacy Policy:
- Email: hello@leadflow.io
- Company: Aelion Group LLC
- Address: Los Angeles, CA, United States