Privacy Policy

1. Who We Are

Lead Router ("we," "us," "our") operates the lead management platform at thepaultash.app. This policy explains what data we collect, how we use it, and your rights.

2. Data We Collect

Account & Profile Data

When you register, we collect your name, email address, password (hashed), and optionally your phone number. This data is stored securely via Supabase.

Lead Data

We receive lead data on your behalf from Meta Lead Ads webhooks. This data may include the lead's full name, email address, and phone number as submitted in Meta advertising forms. This data is stored in our database and used solely to route leads to your agents.

Payment Data

Lead package purchases are processed through Stripe. We store only your Stripe Customer ID — we never store full card numbers or payment credentials. Stripe's privacy policy governs payment data handling.

Usage & Analytics Data

We use Vercel Analytics and Speed Insights to collect anonymised page-view and performance data (no personally identifiable information). This helps us improve the Service.

OAuth Tokens

When you connect your Meta account, we store encrypted page access tokens necessary to receive leads and send Conversions API events. These tokens are encrypted at rest.

3. How We Use Your Data

• To operate and deliver the Service — routing leads to agents, managing pipeline stages, and processing payments.
• To send transactional emails (account confirmation, password reset).
• To forward conversion events to Meta via the Conversions API on your behalf, where enabled.
• To improve the Service via anonymised analytics.
• To comply with legal obligations.

4. Lead Data — Your Responsibilities

Lead data processed through the Service belongs to you. We act as a data processor on your behalf. You, as the data controller, are responsible for:

• Ensuring a lawful legal basis for collecting and processing lead data.
• Complying with GDPR, CCPA, and any other applicable data protection laws.
• Providing required privacy notices to your leads.
• Honoring any deletion or data access requests from your leads.

5. Third-Party Services

The Service integrates with the following third parties, each governed by their own privacy policies:

• Supabase — database and authentication hosting
• Meta (Facebook) — Lead Ads webhooks and Conversions API
• Stripe — payment processing
• Calendly — appointment scheduling integration
• Vercel — hosting, analytics, and performance insights

6. Data Retention

Account data is retained for as long as your account is active. Lead data is retained indefinitely unless you request deletion. You may request deletion of your account and associated data at any time by contacting us.

7. Data Security

We implement industry-standard security measures including encrypted storage of sensitive tokens, HTTPS-only access, and row-level security on our database. No method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your jurisdiction, you may have the right to:

• Access the personal data we hold about you.
• Request correction of inaccurate data.
• Request deletion of your account and data.
• Object to or restrict certain processing.
• Data portability.

To exercise any of these rights, contact us at support@thepaultash.app.

9. Cookies

We use strictly necessary cookies for authentication (session management) and CSRF protection during OAuth flows. We do not use advertising cookies or third-party tracking cookies.

10. Children's Privacy

The Service is not directed at children under 18. We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us and we will delete it promptly.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify active users of material changes via email. Continued use of the Service after changes constitutes acceptance of the updated policy.

12. Contact

Privacy questions or data requests: support@thepaultash.app