Privacy Policy

Last updated: May 26, 2026

1. Who we are

Emerging Technology Group LLC ("we", "us") operates the LeadFuel suite at leadfuel.cloud and related subdomains. For questions about this policy contact privacy@leadfuel.cloud.

2. Data we collect

• Account data: email, name, organization, sign-in timestamps.
• Product usage: features used, sessions, AI prompts and responses, admin actions (kept in an audit log for 90 days).
• Customer-supplied content: ICPs, campaign drafts, prospect lists, documents you upload to the Knowledge System.
• Connected accounts: encrypted OAuth tokens for LinkedIn, Microsoft 365, Resend (we never see your provider passwords).
• Billing: Stripe stores your card and processes payments; we store only the Stripe customer/subscription identifiers.

3. How we use it

• Run the product features you signed up for.
• Send transactional emails (sign-in links, billing receipts, account notices).
• Send marketing emails only if you've opted in. You can opt out via any marketing email's Unsubscribe link.
• Improve the product (aggregated, de-identified usage analytics).
• Detect abuse, prevent fraud, and comply with legal obligations.

4. Sub-processors

We use a small set of vendors to operate the product:

• Railway: application hosting and managed Postgres.
• Resend: transactional and marketing email delivery.
• Stripe: payment processing.
• Anthropic: AI model inference for ICP intake and personalization.
• Sentry: error tracking (no request bodies, no cookies).

5. Your rights (GDPR / CCPA)

While logged in you can:

• Export every record we keep about you: GET /api/me/export
• Request deletion of your account and data: POST /api/me/delete Your access is revoked immediately, and your data is permanently purged after 30 days.

If you can't access the product, email privacy@leadfuel.cloud with proof of identity and we'll honor your request within 30 days.

6. Retention

• Account data: kept for the life of your account, then 30 days post-deletion.
• Audit logs: 90 days.
• Billing records: 7 years (US/EU tax law).

7. Security

HTTPS-only, encrypted at rest (Postgres + Fernet for OAuth tokens), session cookies signed and SameSite-strict, magic-link tokens hashed (SHA-256), CSRF protection on every form, rate limits on auth + send endpoints. We are not a HIPAA-eligible vendor, so please do not upload protected health information.

8. Changes

Material changes will be emailed to the account address on file at least 30 days before they take effect.

← Back to LeadFuel