Privacy Policy

Activelead (“Activelead”, “we”, “us”) provides a software service that scores and filters form submissions (leads) for businesses that integrate our API (“Customers”). This policy applies to our website, web application, APIs, and related services (collectively, the “Service”).

When you create an Activelead account for your company, your organization is typically the controller of account data (such as your work email) and of instructions you give us (projects, API keys, rules, webhooks).

For data about individuals who submit forms to your properties (“End Users”), your organization is generally the controller and Activelead acts as a processor: we process that data only on your behalf to deliver scoring, logging, prepaid credit usage, and optional webhooks you configure, unless applicable law requires otherwise.

If you are an End User and have questions about a form you submitted, contact the organization that operates the website or form—not Activelead directly, unless we are required to respond under law.

Account and authentication: email address, name (if provided), password (stored only as a one-way hash), session identifiers in secure cookies, timestamps, and audit metadata related to sign-in and security events.

Billing: prepaid credit balance, pack purchase history, invoice records, and payment references. Card and payment-method details are entered only in Activelead’s in-app checkout and processed by our payment partners; we do not store full card numbers on our servers.

Projects and configuration: project names and identifiers, API key public identifiers, hashed API secrets, optional outbound webhook URLs, risk thresholds, and feature flags you enable (e.g. disposable email blocking).

Lead scoring (“ingest”) data: when your systems call our API, we may process identifiers and signals you send, such as a lead reference (leadId), optional form identifier, IP address (or the address we derive from request headers when you do not send one), email address, user agent string, and optional JSON metadata. We compute risk scores, labels, and flags and store an event record including decision (allowed/blocked), country hints where available, and a unique trace identifier.

Technical and security logs: IP addresses, user agents, and similar data in rate limiting, abuse prevention, and audit logs tied to API and application use.

Support and communications: content you send us when you contact support or respond to service emails, if applicable.

We process data to: provide, operate, and improve the Service; authenticate users; enforce the prepaid credit model and technical limits; bill and collect payment; detect abuse, fraud, and technical issues; comply with law; and fulfill instructions you give us (including delivering webhook payloads to URLs you configure).

Depending on your location and role, legal bases under the GDPR may include performance of a contract, legitimate interests (such as securing the Service and preventing abuse), consent where required, and legal obligation. Where we act as processor, we follow your lawful instructions and our data processing terms.

We use cookies or similar technologies that are strictly necessary to keep you signed in to the web application (for example, HTTP-only session cookies tied to your account). We do not use third-party advertising cookies on the Service for behavioral profiling as part of this product.

You can control cookies through your browser settings; blocking essential cookies may prevent login or certain features from working.

If you configure an outbound webhook URL, we will send HTTP requests to that endpoint with payload fields needed for your integration (for example, trace identifiers, lead identifiers, risk scores, decisions, and related flags). You are responsible for the lawfulness of that transmission and for the privacy practices of systems that receive those requests.

Use HTTPS URLs where possible and protect your endpoints appropriately.

When you purchase credit packs or other products, you complete payment through Activelead’s built-in checkout. A payment partner processes the transaction (identifiers, amounts, and payment-method data) under its own terms and privacy policy. We retain billing records, credit balances, and transaction references as needed for accounting, disputes, and legal compliance. Credited balances are consumed per Service rules and, except where law requires, are not refunded once credited.

We use infrastructure and vendors to host the Service, store databases, send email (if applicable), and process payments. They process data only under our instructions or their role as independent controllers for their own services (such as payment networks), and we require appropriate contractual and security safeguards where required by law.

We may update a list of material categories of subprocessors in documentation or upon request for enterprise customers.

Your data may be processed in countries where we or our providers operate. Where required, we use appropriate safeguards (such as standard contractual clauses) or rely on adequacy decisions or other permitted mechanisms under applicable law.

We retain account and billing information for as long as your account is active and for a reasonable period afterward to resolve disputes, enforce agreements, and meet legal, tax, and accounting requirements.

Lead events and related logs are retained for operational, security, and product integrity purposes for periods consistent with your use of the Service and our technical capacity; you may request deletion or export subject to legal exceptions and technical limits (for example, backups may persist for a limited time).

Aggregated or de-identified information may be retained where it no longer identifies individuals.

We implement administrative, technical, and organizational measures designed to protect personal data, including encryption in transit (HTTPS/TLS), hashing of passwords and API secrets, access controls on production systems, rate limiting on sensitive APIs, separation of customer data by project, and audit logging for important actions.

No method of transmission or storage is completely secure. If we become aware of a breach that requires notification under applicable law, we will follow legal requirements and, where appropriate, notify affected Customers.

Depending on your jurisdiction, you may have rights to access, rectify, delete, restrict, or object to certain processing, to data portability, and to withdraw consent where processing is consent-based. You may also have the right to lodge a complaint with a supervisory authority.

Account holders can exercise many requests through the application (for example, updating profile information) or by contacting us using the channel associated with your account or subscription. We may need to verify your identity before fulfilling requests.

If you are an End User of a Customer’s form, please contact that Customer first; we may need to route requests through them when we act as processor.

If California law applies, you may have rights to know, delete, and correct personal information, and to opt out of certain sharing (we do not “sell” personal information in the traditional sense or share it for cross-context behavioral advertising as part of this product). You may designate an authorized agent where permitted. We do not use sensitive personal information for inferring characteristics beyond what is necessary to provide the Service.

The Service is not directed to children under 16 (or the minimum age required in your jurisdiction). We do not knowingly collect personal information from children for marketing. If you believe we have collected such data, contact us so we can delete it where appropriate.

We may update this Privacy Policy from time to time. We will post the updated version on this page and adjust the “Last updated” date. Where changes are material and required by law, we will provide additional notice (for example, by email or in-app message).

For privacy questions, requests, or complaints regarding data for which Activelead is controller, contact us through the support or billing correspondence channel shown in your Activelead account or on our website. For End User requests related to a specific form or website, contact the organization that operates that property.