Privacy Policy
Last updated: February 19, 2026
1. Introduction
This Privacy Policy explains how Leadentify, operated by VHApps Mateusz Anikiej ("we", "us", or "our"), collects, uses, discloses, and protects your personal data when you use our website at leadentify.com and our B2B lead generation and cold outreach platform (collectively, the "Service").
We are committed to protecting your privacy and processing your data in compliance with the General Data Protection Regulation (GDPR) and applicable Polish data protection laws.
2. Data Controller
The Data Controller responsible for your personal data is:
- VHApps Mateusz Anikiej
- ul. Ptasia 26/8, 80-809 Gdańsk, Poland
- Email: contact@leadentify.com
3. Data We Collect
A. Account Data
When you register, we collect your first name, last name, and email address. If you sign up with Google OAuth, we receive your name and email from Google. Your password (if using email/password authentication) is stored as a secure hash - we never store plaintext passwords.
B. Lead Data
Leads you import (via CSV/XLSX upload or manual entry) are stored under your account. THe file used for import is removed from our servers after the import is completed. Lead data is scoped to you and is never shared with, reused by, or sold to other users.
C. Connected Account Data
When you connect your Gmail inbox, we store an encrypted token to send emails on your behalf and check for responses. We do not read, store, or analyze the contents of your inbox beyond tracking replies to emails sent through the Service.
D. Payment Data
Payments are processed by Stripe. We do not store your credit card numbers, bank account details, or other sensitive payment information on our servers. Stripe may share with us limited data such as the last four digits of your card, card brand, and billing address for record-keeping purposes. Please refer to Stripe's Privacy Policy for details on how they handle your payment data.
E. Usage & Analytics Data
We use Plausible Analytics, a privacy-friendly analytics tool that does not use cookies, does not collect personal data, and does not track users across websites. Plausible provides us with aggregate, anonymized traffic statistics only.
4. How We Use Your Data
We process your personal data to:
- Provide the Service - manage your account, store your leads, send emails via your connected inbox, and track responses.
- Send transactional emails - account verification, password reset, and email change notifications (sent via Scaleway Transactional Email).
- Generate AI content - when you request AI email draft generation, we send lead and company information to Mistral AI to produce personalized emails.
- Discover emails - when you request email discovery, we send lead name and company domain to Hunter.io to find contact email addresses.
- Process payments - subscription billing and payment management through Stripe.
- Improve the Service - analyze aggregate usage patterns via Plausible to understand how the platform is used.
5. Legal Basis for Processing (GDPR)
We process your personal data under the following legal bases:
- Contract performance (Art. 6(1)(b) GDPR) - processing necessary to provide you with the Service you signed up for.
- Legitimate interest (Art. 6(1)(f) GDPR) - improving the Service, ensuring security, and preventing fraud.
- Consent (Art. 6(1)(a) GDPR) - where you explicitly consent, such as connecting your Gmail inbox or accepting these terms at registration.
6. Third-Party Processors
We share your data with the following third-party processors, each bound by data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Hetzner | Infrastructure hosting (VPS) | EU (Germany/Finland) |
| Scaleway | Transactional email delivery | EU (France) |
| Plausible Analytics | Privacy-friendly website analytics | EU |
| Stripe | Payment processing | US / EU |
| Google (Gmail API) | Email sending and response tracking | US / Global |
| Hunter.io | Email discovery and enrichment | EU (France) |
| Mistral AI | AI email draft generation | EU (France) |
7. Data Storage & Security
We take the security of your data seriously and implement appropriate technical and organizational measures:
- All data is stored in a secure database, located in the EU.
- All connections are encrypted via HTTPS (TLS).
- Tokens for connected inboxes are encrypted and stored securely.
- Passwords are stored securely using industry-standard hashing algorithms.
8. Data Retention
We retain your personal data for as long as your account is active and as needed to provide you with the Service. When you delete your account, all associated data (leads, drafts, connected accounts, import jobs, and other records) is permanently deleted via cascading deletion.
We may retain limited data for a reasonable period where required by law (e.g., billing records, legal obligations).
9. Your Rights (GDPR)
As a user in the European Economic Area (EEA), you have the following rights regarding your personal data:
- Right of access - request a copy of the personal data we hold about you.
- Right to rectification - request correction of inaccurate or incomplete data.
- Right to erasure - request deletion of your personal data ("right to be forgotten").
- Right to data portability - receive your data in a structured, machine-readable format.
- Right to restrict processing - request that we limit how we process your data.
- Right to object - object to processing based on legitimate interests.
- Right to withdraw consent - withdraw consent at any time where processing is based on consent.
To exercise any of these rights, please contact us at contact@leadentify.com. We will respond within 30 days as required by GDPR.
10. Cookies
Leadentify uses minimal cookies:
- Session cookie (essential) - required for authentication. This is a functional cookie necessary for the Service to operate and does not require consent under ePrivacy regulations.
We do not use tracking cookies, advertising cookies, or any third-party cookies. Plausible Analytics operates without cookies entirely.
11. International Transfers
Our primary infrastructure is located in the EU. However, some third-party processors (Google, Stripe) may process data in the United States or other countries outside the EU/EEA.
Where data is transferred outside the EU/EEA, we ensure that appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the European Commission or adequacy decisions.
12. Children's Privacy
The Service is not directed at individuals under the age of 16. We do not knowingly collect personal data from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.
13. Supervisory Authority
If you believe that our processing of your personal data violates the GDPR, you have the right to lodge a complaint with the Polish data protection authority:
- Prezes Urzędu Ochrony Danych Osobowych (UODO)
- ul. Stawki 2, 00-193 Warszawa, Poland
- Website: https://uodo.gov.pl
14. Changes to This Policy
We may update this Privacy Policy from time to time. If we make material changes, we will notify you by updating the "Last updated" date at the top of this page and, where practicable, by sending a notification to the email address associated with your account.
We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your data.
15. Contact
If you have any questions about this Privacy Policy or wish to exercise your data protection rights, please contact us:
- Email: contact@leadentify.com
- Address: VHApps Mateusz Anikiej, ul. Ptasia 26/8, 80-809 Gdańsk, Poland