Legal document

Privacy Policy

Last updated: June 8, 2026

1. Data Controller

The Data Controller for personal data collected through https://www.leaddirectly.com and the LeadDirectly service is:

LeadDirectly

Email: info@leaddirectly.com

Website: https://www.leaddirectly.com

2. Types of Data Collected

LeadDirectly collects the following categories of personal data:

  • Registration data: Name, email address, password (stored in encrypted form and not accessible to us).
  • Payment data: Processed directly by Stripe Inc. LeadDirectly never stores card numbers, IBAN or complete payment data.
  • Usage data: Generated leads, search history, number of icebreakers generated, active subscription plan.
  • Technical data: IP address, browser type, operating system, session cookies strictly necessary for the service to function.
  • Instagram profile data: Public third-party profiles extracted from Instagram via Apify (publicly accessible data). Such data is stored in your account and is your responsibility as a user.

3. Purposes and Legal Basis of Processing

Service delivery

Contract performance (Art. 6(1)(b) GDPR)

Account management, subscription processing, lead generation and icebreaker creation.

Legal and tax compliance

Legal obligation (Art. 6(1)(c) GDPR)

Retention of invoices and payment data for tax obligations under Italian law.

Service communications

Legitimate interest (Art. 6(1)(f) GDPR)

Transactional emails related to the account (registration confirmation, password reset, subscription expiry).

Service improvement

Legitimate interest (Art. 6(1)(f) GDPR)

Aggregated and anonymized analysis to improve features and performance.

4. Retention Period

  • Account data: for the duration of the account and for 12 months after deletion.
  • Payment data (Stripe): according to Stripe's policies and for 10 years for tax purposes.
  • Usage data and leads: for the duration of the account and until explicit deletion.
  • Technical logs: maximum 90 days.

5. Data Recipients

Data is shared only with technical providers necessary to deliver the service, all bound by specific Data Processing Agreements (DPA):

Supabase Inc.

Database & authenticationUSA (SCC)

Privacy policy →

Stripe Inc.

Payment processingUSA (SCC)

Privacy policy →

Vercel Inc.

Hosting & CDNUSA (SCC)

Privacy policy →

Anthropic PBC

AI for icebreakersUSA (SCC)

Privacy policy →

Apify Technologies

Instagram scrapingEU (GDPR)

Privacy policy →

6. Cookie Policy

LeadDirectly uses strictly necessary technical cookies for the service to function (session and preference cookies) and, only with your consent, anonymous statistical cookies (Google Analytics). We do not use profiling or advertising cookies. Full details in our Cookie Policy.

7. Your Rights

Under Arts. 15–22 GDPR, you have the right to: access, rectification, erasure, restriction, portability and objection. To exercise your rights, write to info@leaddirectly.com. We will respond within 30 days.

8. Data Security

We implement appropriate technical and organizational measures: TLS encryption in transit, bcrypt-hashed passwords, Supabase Auth, Row Level Security (RLS) on all database tables, limited administrative access. No payment data is stored on our servers.

9. Changes to this Policy

We may update this policy. For material changes, we will notify you by email at least 14 days in advance. The updated version will always be available at this page.

10. Contact

For any questions regarding this Privacy Policy: info@leaddirectly.com