Privacy Policy

Last updated: May 26, 2026

1. Who we are

Emerging Technology Group LLC ("we", "us") operates the LeadFuel suite at leadfuel.cloud and related subdomains. For questions about this policy contact privacy@leadfuel.cloud.

2. Data we collect

• Account data — email, name, organization, sign-in timestamps.
• Product usage — features used, sessions, AI prompts and responses, admin actions (kept in an audit log for 90 days).
• Customer-supplied content — ICPs, campaign drafts, prospect lists, documents you upload to the Knowledge System.
• Connected accounts — encrypted OAuth tokens for LinkedIn, Microsoft 365, Resend (we never see your provider passwords).
• Billing — Stripe stores your card and processes payments; we store only the Stripe customer/subscription identifiers.

3. How we use it

• Run the product features you signed up for.
• Send transactional emails (sign-in links, billing receipts, account notices).
• Send marketing emails only if you've opted in — you can opt out via any marketing email's Unsubscribe link.
• Improve the product (aggregated, de-identified usage analytics).
• Detect abuse, prevent fraud, and comply with legal obligations.

4. Sub-processors

We use a small set of vendors to operate the product:

• Railway — application hosting and managed Postgres.
• Resend — transactional and marketing email delivery.
• Stripe — payment processing.
• Anthropic — AI model inference for ICP intake and personalization.
• Sentry — error tracking (no request bodies, no cookies).

5. Your rights (GDPR / CCPA)

While logged in you can:

• Export every record we keep about you: GET /api/me/export
• Request deletion of your account and data: POST /api/me/delete — your access is revoked immediately, data is permanently purged after 30 days.

If you can't access the product, email privacy@leadfuel.cloud with proof of identity and we'll honor your request within 30 days.

6. Retention

• Account data — for the life of your account, then 30 days post-deletion.
• Audit logs — 90 days.
• Billing records — 7 years (US/EU tax law).

7. Security

HTTPS-only, encrypted at rest (Postgres + Fernet for OAuth tokens), session cookies signed and SameSite-strict, magic-link tokens hashed (SHA-256), CSRF protection on every form, rate limits on auth + send endpoints. We are not a HIPAA-eligible vendor — do not upload protected health information.

8. Changes

Material changes will be emailed to the account address on file at least 30 days before they take effect.

← Back to LeadFuel