Privacy Policy

1. Information We Collect

Account Information: When you create an account, we collect your name, email address, company name, and password. If you connect an Outlook account, we store encrypted OAuth tokens to send emails on your behalf. If you connect via SMTP, we store your SMTP credentials encrypted at rest.

Usage Data: We track how you use AlwaysLeads, including campaigns created, leads found, emails sent, and feature usage. This helps us improve the product and enforce plan limits.

Lead Data: When you use our prospecting features, we pull publicly available business contact information from third-party data providers (Apollo.io). This data includes names, job titles, company information, and business email addresses.

Payment Information: Payment processing is handled by Stripe. We do not store your credit card numbers. We retain your Stripe customer ID and subscription status.

2. How We Use Your Information

We use your information to:

• Provide and operate the AlwaysLeads platform
• Send outreach emails from your connected email account on your behalf
• Generate AI-written email content using Anthropic's Claude API
• Score and qualify leads using AI analysis
• Process payments and manage subscriptions
• Send transactional emails (welcome, trial reminders, notifications)
• Improve our product and develop new features

3. AI Processing

AlwaysLeads uses artificial intelligence (Anthropic Claude) to score leads, write outreach emails, analyze replies, and generate follow-up content. Your business profile information and lead data are sent to the AI for processing. We do not use your data to train AI models. AI-generated content is always saved as drafts for your review before sending unless you configure automatic sending.

4. Data Sharing

We share data with the following third-party services to operate AlwaysLeads:

• Supabase — Database hosting and authentication
• Anthropic (Claude) — AI content generation and lead scoring
• Apollo.io — B2B contact data sourcing
• Stripe — Payment processing
• Resend — Transactional email delivery
• Google / Microsoft — OAuth for email account connection
• Vercel — Application hosting

We do not sell your personal information to third parties.

5. Email Tracking

Outreach emails sent through AlwaysLeads may contain a tracking pixel (a 1x1 transparent image) to detect when a recipient opens the email. Open data is used to calculate campaign performance metrics and adjust lead scores. Recipients are not individually identified beyond what is already known from the outreach context.

6. Data Security

We take security seriously:

• OAuth tokens and SMTP passwords are encrypted at rest using AES-256-GCM
• All data is transmitted over HTTPS
• Row-level security (RLS) ensures users can only access their own data
• API routes are authenticated and rate-limited
• Stripe webhook signatures are verified
• Passwords are hashed by Supabase Auth (bcrypt)

7. Data Retention

We retain your account data for as long as your account is active. If you delete your account, all associated data (leads, campaigns, outreach history, connected accounts) is permanently deleted via cascading database deletion. Stripe retains payment records independently per their own privacy policy.

8. Your Rights

You can:

• Access and export your data at any time through the dashboard
• Update your profile information in Settings
• Disconnect email accounts at any time
• Delete your account and all data from Settings → Danger Zone
• Contact us to request data deletion at support@alwaysleads.ai

9. Contact

For privacy questions or concerns, contact us at support@alwaysleads.ai.