Privacy Policy

1. Information we collect

• Account data: email address and profile information returned by Google Sign-In (managed by Supabase Auth), plus timestamps of sign-in/sign-out events.
• Google OAuth credentials: a long-lived authorisation that lets LeadAce send email from your connected Gmail address. It is encrypted at rest and used only to send outbound email on your behalf when you trigger an outreach action. We do not request, store, or read your inbox — reply checking is performed locally through claude.ai's Gmail MCP. See Section 3 below for the full disclosure on Google user data.
• Subscription and billing data: plan tier, billing period, Stripe customer and subscription identifiers. Card details are handled by Stripe and never touch our servers.
• Application data: projects, prospects, organisations, outreach logs, response records, evaluations, and documents you create or upload through the service.
• Operational logs: request logs, error reports, and quota counters used for debugging, abuse prevention, and rate limiting.

2. How we use it

• Provide and operate the service, including authentication and quota enforcement.
• Process payments and prevent fraud (via Stripe).
• Send transactional email (billing receipts and service notifications).
• Investigate and respond to security or abuse incidents.
• Improve reliability and performance using aggregated, non-identifying telemetry.

We do not sell your data. We do not use your application data to train third-party AI models.

3. How LeadAce accesses, uses, stores, shares, and deletes Google user data

LeadAce's use and transfer of information received from Google APIs to any other app will adhere to the Google API Services User Data Policy, including the Limited Use requirements. The subsections below describe, in detail, the Google user data LeadAce accesses, how it is used, who else processes it, how it is protected, and how long it is kept.

3.1 Data accessed

LeadAce accesses the following Google user data, and only after you explicitly authorise each item on Google's consent screen.

Sign-in information

When you sign in with Google, LeadAce receives the basic account profile that Google returns at sign-in: your account's email address, your name, your profile picture URL, and an OpenID Connect identifier used to establish your LeadAce session. These items identify your account and do not grant access to any service-specific Google data such as Gmail messages, Drive files, Calendar events, or Contacts.

Permission to send email from your Gmail address

If you connect Gmail, LeadAce receives an authorisation that lets it send email as you via the Gmail API. This authorisation is the only Google credential LeadAce stores beyond your sign-in identity.

The permission is send-only: it does not grant the ability to read, list, label, modify, or delete any message in your Gmail mailbox. LeadAce calls only the Gmail endpoint that sends a fully composed message, and does not request any broader Gmail permission such as inbox read access, message modification, or message metadata.

3.2 Data usage

• OAuth identity data is used to create and identify your LeadAce account, populate the "from" address shown in your outreach flow, and route session cookies.
• The Gmail refresh token is used solely to obtain short-lived access tokens that send outbound email composed by you, or composed at your direction by the LeadAce Claude Code skill, from your connected Gmail address. Every send is triggered by an explicit user action in the product or skill.
• We do not use Google user data to develop, improve, or train any AI / ML models, generalised or personalised.
• We do not use Google user data for advertising, profiling, or any purpose unrelated to delivering the outreach feature you have enabled.

3.3 Data sharing

We do not sell, rent, or transfer Google user data to third parties for their own independent use. Google user data is processed only by the sub-processors strictly required to run the service:

• Supabase — hosts the Postgres database where the encrypted Gmail refresh token and your account identifiers are stored.
• Cloudflare — hosts the LeadAce application and forwards encrypted API requests between your browser, our backend, and Google.
• Anthropic — when you explicitly invoke the LeadAce Claude Code skill to draft or send email, the email content you and the model produce is processed by Anthropic under their Limited Use commitments. The Gmail OAuth refresh token itself is never transmitted to Anthropic.

We do not allow human review of Google user data except (i) with your explicit consent, (ii) for narrowly-scoped security or abuse investigations, or (iii) where required by applicable law.

3.4 Data storage and protection

• The Gmail OAuth refresh token is encrypted at rest in our Postgres database using pgp_sym_encrypt (pgcrypto) with a symmetric key managed outside the database. The plaintext token is never logged.
• All transit between your browser, the LeadAce backend, our sub-processors, and Google is over TLS 1.2 or later.
• The database enforces Postgres row-level security keyed on tenant identity, so each account can only reach rows belonging to its own tenant.

3.5 Data retention and deletion

• The Gmail OAuth refresh token is retained only while Gmail is connected to your LeadAce account. You can revoke LeadAce's access at any time from Google Account → Third-party apps; once revoked, the stored token can no longer be used to call the Gmail API and will be deleted on your next account interaction or within 30 days, whichever comes first.
• If you delete your LeadAce account, all Google user data tied to your account (refresh token, OAuth identity fields, derived metadata) is deleted within 30 days, along with the rest of your application data.
• To request deletion of your Google user data outside the in-product flow, email contact@surpassone.com from your account address. We confirm receipt within 5 business days and complete the deletion within 30 days.

4. Sub-processors

We rely on the following providers to operate the service:

• Supabase — authentication and PostgreSQL database hosting.
• Cloudflare — application hosting, DNS, and CDN (Workers, Pages, KV).
• Stripe — payment processing and subscription billing.
• Anthropic — when the Claude Code plugin invokes Claude on your behalf, the inputs you provide are processed by Anthropic under their terms.

Each sub-processor is contractually required to handle data securely and only as instructed.

5. Data retention

We retain account and application data for as long as your account is active. After account deletion, we delete or de-identify your data within 30 days, except where retention is required by law (e.g. tax or accounting records).

6. Your rights

Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data, and to object to or restrict certain processing. You can delete individual projects from the Project settings page, and your entire account (workspace, all data, login) from the Account settings page. For anything else you cannot do in-product, contact contact@surpassone.com.

7. Cookies and local storage

The application (app.leadace.ai) uses only first-party browser storage that is strictly necessary to operate the service, plus storage to remember preferences you have set yourself — no analytics, advertising, or cross-site tracking technologies. The marketing site (leadace.ai) additionally uses Google Analytics, but only if you accept it via its cookie notice.

Strictly necessary

• Authentication tokens (set by Supabase Auth as first-party cookies whose names begin with sb-). Required to keep you signed in.
• lp-next — short-lived cookie (10 minutes) that remembers the page you were trying to reach when you started signing in, so we can return you there after Google authentication. Cleared automatically once you arrive.

Preferences (set by you)

• leadace.theme — your light/dark mode choice.
• leadace_active_project — the project currently selected in the sidebar.
• leadace.cookie_consent — records your cookie-notice choice (on leadace.ai, your analytics accept/decline decision), so we don't ask again.

Analytics (marketing site only, opt-in)

If you click "Accept" on the leadace.ai cookie notice, we load Google Analytics to understand how visitors use the marketing site. It sets first-party cookies (_ga, _ga_*) and sends usage data — pages viewed, referrer, device and browser information, and approximate location derived from your IP address — to Google LLC, which processes it on our behalf under Google's privacy policy. If you decline, Google Analytics is never loaded. To change your decision, clear the site data for leadace.ai and choose again on your next visit.

Third parties

When you are redirected to Stripe (for checkout or billing portal) or Google (for sign-in), those services set their own cookies under their own domains, governed by their respective privacy policies. The landing page and application load web fonts from Google Fonts, which may transmit your IP address to Google as part of that request.

To revoke your stored preferences, clear the site data for leadace.ai and app.leadace.ai in your browser settings.

8. Security

We rely on industry-standard transport encryption (TLS), database-level row-level security for tenant isolation, and OAuth/JWT-based authentication. No system is perfectly secure; please report suspected vulnerabilities to contact@surpassone.com.

9. International transfers

Our hosted service relies on globally distributed providers: Cloudflare for application hosting, edge, and DNS; Supabase for database hosting; Stripe for payment processing; and Anthropic for Claude Code inference. Where personal data crosses borders, we rely on the contractual safeguards and data processing terms offered by these sub-processors under their respective agreements.

10. Changes

We will post material changes to this policy at this URL and notify you by email or in-product banner before they take effect.

11. Contact

SurpassOne Inc.
contact@surpassone.com