Privacy Policy
Last updated: June 23, 2026
1. Who We Are
LeadProof (“we”, “us”, “our”) provides an AI-powered call quality auditing platform for insurance agencies. Our service is accessible atleadproof.app. For privacy-related questions, contact us atprivacy@leadproof.app.
2. What Data We Collect
- Account data: Name, email, organization name, and role (admin, agent, or caller).
- Call recordings:Audio files uploaded by your organization for quality auditing. These files are stored securely in your organization's isolated storage bucket.
- Transcriptions and AI scores:Text transcriptions and quality scores generated by our AI pipeline from uploaded recordings.
- Usage data: Log data, page views, and feature usage for product improvement (via PostHog analytics, anonymized).
- Integration credentials: OAuth tokens for connected platforms (e.g., Zoom). Stored encrypted and never logged.
3. How We Use Your Data
- To provide the call auditing and scoring service your organization subscribed to.
- To generate AI transcriptions and quality scores from uploaded recordings.
- To display performance metrics, leaderboards, and coaching insights to authorized users.
- To send operational notifications (e.g., weekly performance reports).
- To monitor and improve the reliability and quality of the Service using aggregated, anonymized operational metrics. We do not use your call recordings, transcripts, or scores to train or fine-tune AI models.
4. Data Isolation and Security
LeadProof is a multi-tenant platform. Each organization's data is strictly isolated via Row-Level Security (RLS) policies at the database level. An agent from Organization A cannot access any data from Organization B under any circumstances.
PII protection: Agent names and phone numbers are accessible only to admin-role users. Agent-role users cannot query, export, or view lead PII — this is enforced at the database level, not only in the UI.
All data is stored on Supabase (PostgreSQL) with encryption at rest and in transit. Audio files are stored in Supabase Storage with signed URLs that expire after 60 minutes.
5. Data Retention
While your account is active:call recordings, transcriptions, and audit results are retained according to your plan's retention tier (see ourSecurity page for tier details), so your historical archive stays available to you for as long as you remain a customer.
Upon cancellation: you have a 30-day window to export your data; after that window, all recordings, transcriptions, and audit results associated with your organization are permanently deleted. We do not retain your data beyond this period. You may request earlier deletion at any time by contactingprivacy@leadproof.app.
6. Third-Party Services
We share data with the following service providers, solely to operate the Service. Each provider processes only the minimum data required for its function.
- Supabase: Database, authentication, and file storage provider. All data resides in US-East data centers with encryption at rest and in transit.
- Deepgram: Audio transcription. Recordings are sent to Deepgram for transcription and are not retained by them beyond processing.
- Anthropic (Claude):Primary AI quality scoring. Transcription text (not audio) is sent to Anthropic's API for compliance scoring. Anthropic does not train its models on data submitted through its commercial API.
- OpenAI & Google (fallback): Secondary AI scoring providers, used only if the primary provider is unavailable. Transcription text (not audio) is sent with data retention disabled; these providers do not train on your data.
- Vercel: Application hosting. No user data is stored at the edge layer.
- PostHog: Product analytics. Collects anonymized usage events only — no recording content, transcriptions, or PII is sent to PostHog.
- Sentry: Error monitoring. Captures technical error data (stack traces, browser info) to help us fix bugs. No call content or PII is included in error reports.
7. Cookies and Tracking
LeadProof uses the following types of cookies and tracking technologies:
- Essential cookies: Required for authentication and session management (Supabase Auth). These cannot be disabled.
- Analytics cookies: PostHog sets cookies to track anonymized usage patterns (page views, feature usage). No personal information or call content is tracked.
We do not use advertising cookies or sell tracking data to third parties.
8. Your Rights
Depending on your jurisdiction, you may have rights to access, correct, export, or delete your personal data. To exercise these rights, contactprivacy@leadproof.app from the email address associated with your account. We will respond within 30 days.
Data portability:You may request an export of your organization's data (account info, call metadata, transcriptions, and scores) in a machine-readable format at any time.
Note on call recordings: Call recordings may contain personal data of third parties (callers, leads). Your organization is responsible for obtaining consent from all parties recorded, in accordance with applicable laws (e.g., TCPA, state wiretapping laws).
9. California Privacy Rights (CCPA)
If you are a California resident, the California Consumer Privacy Act (CCPA) provides you with specific rights regarding your personal information:
- Right to know: You may request details about the categories and specific pieces of personal information we have collected about you in the past 12 months.
- Right to delete: You may request deletion of your personal information, subject to certain exceptions (e.g., data needed to complete a transaction or comply with legal obligations).
- Right to non-discrimination: We will not deny you service, charge different prices, or provide a different quality of service because you exercised your CCPA rights.
- No sale of personal information:LeadProof does not sell personal information to third parties, as defined under the CCPA.
To submit a CCPA request, emailprivacy@leadproof.appwith the subject line “CCPA Request.” We will verify your identity before processing any request.
Our role. For purposes of the CCPA, the Texas Data Privacy and Security Act (TDPSA), and the Oregon Consumer Privacy Act (OCPA), your organization is the Business or Controller and LeadProof acts solely as a Service Provider or Processor. We process personal information only to provide the Service under your documented instructions, and we never sell or share it, use it for cross-context behavioral advertising, combine it with personal information from other sources, or use it to train or improve AI models across our customer base.
10. Children's Privacy
LeadProof is a business-to-business service and is not intended for use by individuals under 18. We do not knowingly collect personal information from children. If you believe a child has provided us with personal data, please contact us and we will promptly delete it.
11. Changes to This Policy
We may update this policy as our service evolves. We will notify active subscribers by email at least 14 days before material changes take effect. Continued use of LeadProof after the effective date constitutes acceptance of the updated policy.
12. Contact
Questions about this policy? Emailprivacy@leadproof.app.