Privacy Policy

Last updated: November 14, 2025

LeadMachine (operated by MistaJohn, Inc.) ("we", "our", or "us") operates https://leadmachine.fyi and https://app.leadmachine.fyi (the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our customer relationship management (CRM) platform and related services.

By using LeadMachine, you agree to the collection and use of information in accordance with this policy.

1. Information We Collect

1.1 Account Information

When you create an account, we collect:

Name (first and last)
Email address
Phone number
Company/organization name
Business address
Login credentials (password stored encrypted)
Profile photo (optional)

1.2 CRM and Lead Data

As a CRM platform, we store data you provide or collect:

Lead contact information (names, emails, phones, addresses)
Company and organization details
Notes, tags, and custom fields
Lead assignments and status tracking
Communication history and activity logs
Custom field data specific to your business

1.3 Third-Party Integration Data

When you connect third-party services, we may collect:

Shopify: Customer data, order information, product details, store metadata
MailChimp: Subscriber lists, campaign data, audience information
Instagram/Meta: Public business profile data (username, bio, follower count, media)
WordPress: Form submissions from your connected websites
Social Platforms: Publicly available social media profiles and business information

1.4 AI-Powered Enrichment Data

When you use our AI enrichment features, we may collect and process:

Company research data from public sources
Industry and business intelligence
Social media profiles and professional information
Technology stack and business details

1.5 Usage and Technical Data

We automatically collect:

IP address and location data
Browser type and version
Device information
Pages visited and features used
Access times and session duration
Referral sources
Error logs and performance data

1.6 Communication Data

Support ticket submissions and correspondence
Email communications with our team
Chat messages and feedback
System notifications and alerts
SMS/Text Message consent and preferences: When you opt-in to SMS notifications, we collect your explicit consent, opt-in timestamp, IP address, and preferences for receiving text messages

1.7 SMS Text Message Consent

By opting in to SMS notifications, you provide express written consent to receive automated text messages from LeadMachine (operated by MistaJohn, Inc.) at the mobile number you provide. These are service notifications about your LeadMachine CRM account activity. Message types include:

Lead assignment alerts when new leads are captured
Lead status update notifications
Daily activity summaries (optional)
Account and service-related messages

You are opting in to receive messages from LeadMachine about your account, not from or on behalf of any third parties. Message frequency varies based on your settings and lead activity (typically 1-20 messages per month). Message and data rates may apply. You can opt-out at any time by replying STOP to any message, adjusting settings in your profile, or contacting [email protected]. For help, reply HELP to any message.

2. How We Use Your Information

2.1 Service Provision

Provide, operate, and maintain the LeadMachine CRM platform
Process and store your CRM data securely
Enable lead capture, management, and organization
Facilitate team collaboration and lead assignments
Process third-party integrations (Shopify, MailChimp, etc.)

2.2 AI and Enrichment Features

Enrich lead profiles with publicly available business data
Generate AI-powered summaries and insights
Auto-populate social media profiles and company information
Perform intelligent data matching and deduplication

2.3 Communication

Send transactional emails (password resets, notifications)
Deliver system alerts and important updates
Respond to support inquiries
Send occasional product updates (you can opt-out)

2.4 Analytics and Improvement

Analyze usage patterns to improve the platform
Monitor system performance and reliability
Detect and prevent fraud or abuse
Develop new features based on user needs

2.5 Legal Compliance

Comply with applicable laws and regulations
Respond to legal requests and prevent harm
Enforce our Terms of Service
Protect our rights and property

3. How We Share Your Information

3.1 We Do NOT Sell Your Data

LeadMachine does not sell, rent, or trade your personal information or CRM data to third parties for marketing purposes.

3.2 Service Providers

We may share data with trusted service providers who assist us in operating our platform:

Cloud Hosting: DigitalOcean, AWS (secure infrastructure)
Email Delivery: SendGrid (transactional emails only)
AI Services: Google Gemini (for AI enrichment features)
Payment Processing: Stripe (payment data handled directly by Stripe)
Analytics: Anonymized usage analytics only

All service providers are contractually required to protect your data and use it only for specified purposes.

3.3 Third-Party Integrations

When you connect third-party services:

Data is synced according to your integration settings
You control which data is shared via API connections
You can disconnect integrations at any time
We only access data you explicitly authorize

3.4 Legal Requirements

We may disclose information if required by law or to:

Comply with legal processes (subpoenas, court orders)
Protect our rights, property, or safety
Prevent fraud or security threats
Investigate violations of our Terms of Service

3.5 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity. You will be notified of any such change.

4. Data Security

4.1 Security Measures

We implement industry-standard security measures to protect your data:

Encryption: SSL/TLS encryption for data in transit
Password Protection: Encrypted password storage with hashing
Access Controls: Role-based permissions and authentication
Secure Infrastructure: Enterprise-grade cloud hosting
Regular Backups: Automated data backups and recovery
Monitoring: 24/7 security monitoring and logging
Vulnerability Testing: Regular security audits

4.2 API Security

OAuth 2.0 authentication for third-party integrations
API tokens encrypted and securely stored
HMAC verification for webhooks (Shopify, etc.)
Rate limiting and abuse prevention

4.3 Your Responsibility

Keep your password secure and confidential
Enable two-factor authentication when available
Report any unauthorized access immediately
Log out from shared devices

5. Your Rights and Choices

5.1 Access and Portability

Access your account information at any time
Export your CRM data in standard formats
Request a copy of your personal data

5.2 Correction and Updates

Update your profile information in account settings
Correct inaccurate data at any time
Modify lead and company information

5.3 Deletion

Delete individual leads or records
Request account deletion (contact support)
Revoke third-party integration access
Data is permanently deleted within 30 days of request

5.4 Marketing Communications

Opt-out of marketing emails via unsubscribe links
Transactional emails (notifications, alerts) cannot be disabled
Manage notification preferences in account settings

5.5 Third-Party Access

Disconnect Shopify, MailChimp, or other integrations anytime
Revoke Instagram/Meta access in your Meta settings
Remove WordPress plugin connections

6. Data Retention

We retain your information for as long as necessary to provide our services:

Active Accounts: Data retained while account is active
Deleted Accounts: Data permanently deleted within 30 days
Archived Leads: Retained unless explicitly deleted
Logs and Analytics: Aggregated data retained for system improvement
Legal Requirements: Data may be retained longer if required by law
Backups: Backup data retained for 90 days then permanently deleted

7. Cookies and Tracking

7.1 Cookies We Use

Essential Cookies: Required for login and platform functionality
Session Cookies: Maintain your session while using the platform
Preference Cookies: Remember your settings and preferences

7.2 Third-Party Cookies

We do not use third-party advertising cookies or tracking pixels.

7.3 Managing Cookies

You can control cookies through your browser settings, but this may affect platform functionality.

8. Children's Privacy

LeadMachine is a business tool and is not intended for individuals under the age of 18. We do not knowingly collect information from children. If we become aware of data collected from children, we will delete it immediately.

9. International Data Transfers

LeadMachine is operated from the United States. If you are accessing our services from outside the U.S., your information may be transferred to, stored, and processed in the United States where our servers are located. By using LeadMachine, you consent to this transfer.

We ensure appropriate safeguards are in place for international data transfers in compliance with applicable data protection laws.

10. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights:

Right to Know: Request disclosure of personal information collected
Right to Delete: Request deletion of personal information
Right to Opt-Out: We do not sell personal information
Non-Discrimination: We will not discriminate for exercising these rights

To exercise these rights, contact us at [email protected]

11. GDPR Compliance (European Users)

If you are in the European Economic Area (EEA), you have rights under GDPR:

Legal Basis: We process data based on consent, contract, and legitimate interests
Right to Access: Request a copy of your personal data
Right to Rectification: Correct inaccurate data
Right to Erasure: Request deletion of your data
Right to Restriction: Limit processing of your data
Right to Portability: Receive data in a portable format
Right to Object: Object to certain processing activities
Right to Withdraw Consent: Withdraw consent at any time