← Back to Home

Privacy Policy

Last Updated: January 21, 2026

1. Introduction

This Privacy Policy explains how LeadBooster ("we," "us," "our") collects, uses, shares, and protects information when you use our lead enrichment platform, including our Google Workspace Add-on and website (collectively, the "Service").

Data Controller: LeadBooster acts as a data processor when processing data on your behalf through the Service. You (the customer) are the data controller responsible for ensuring compliance with applicable data protection laws for the personal data you process using our Service.

2. Information We Collect

2.1 Information You Provide Directly

When you use LeadBooster, we collect:

• Account Information: Google account email address, name, and profile information (obtained via OAuth 2.0)
• Subscription Information: Payment details, billing address, subscription plan (processed by our payment processor, not stored on our servers)
• API Keys: Third-party API keys you provide (OpenAI, Hunter.io, serper.dev, etc.) - stored securely in your Google account, never transmitted to or stored on our servers
• Support Communications: Information you provide when contacting customer support, including email content, attachments, and related correspondence

2.2 Information from Google Services

With your explicit consent via OAuth 2.0, we access:

• Google Sheets Data: Spreadsheet content you choose to enrich using our Service
• Spreadsheet Metadata: Sheet names, column headers, cell ranges for enrichment task configuration
• Google Account Information: Basic profile information (name, email, profile picture) to identify your account

Limited Scope: We only access Google data necessary to provide the Service. We do not access Gmail, Google Drive (except Sheets), Calendar, or other Google services.

2.3 Data You Process Through the Service

When you use LeadBooster to enrich leads, you may process:

• Personal data: Names, email addresses, phone numbers, job titles, company information
• Business data: Company names, websites, addresses, industry classifications
• Enriched data: Information obtained from third-party APIs and web scraping

Your Responsibility: You are the data controller for this data. You must ensure you have legal basis and necessary consents to collect and process this personal data in compliance with GDPR, CCPA, and other applicable laws.

2.4 Automatically Collected Information

• Usage Data: Features used, enrichment tasks created, API integrations configured, session duration
• Technical Data: Browser type, IP address (anonymized), device information, operating system
• Error Logs: Technical error messages, stack traces (not containing personal data)
• Performance Metrics: Task completion times, API response rates, system performance data

2.5 Information We Do NOT Collect

• We do NOT store the actual content of your Google Sheets data on our servers
• We do NOT access, store, or transmit your third-party API keys
• We do NOT track your browsing activity outside of LeadBooster
• We do NOT sell your personal information to third parties
• We do NOT use your data to train AI models or for purposes unrelated to providing the Service

3. How We Use Your Information

3.1 Service Provision

We use your information to:

• Provide, maintain, and improve the LeadBooster Service
• Process enrichment tasks on your Google Sheets data
• Authenticate your account via Google OAuth 2.0
• Execute background processing tasks and auto-resume functionality
• Connect to third-party APIs using your provided API keys
• Store task configurations and preferences in your Google account

3.2 Service Operation and Security

• Monitor and analyze Service usage to improve functionality
• Detect, prevent, and address technical issues and security threats
• Ensure compliance with our Terms of Service
• Prevent fraud, abuse, and illegal activities
• Perform system maintenance and updates

3.3 Communications

• Send transactional emails (enrichment task completions, errors, account notifications)
• Respond to your support requests and inquiries
• Send important Service announcements (Terms updates, security alerts)
• Send optional marketing communications (with your consent, you can opt-out anytime)

3.4 Legal Compliance

• Comply with legal obligations and regulatory requirements
• Respond to lawful requests from authorities
• Enforce our Terms of Service and protect our legal rights
• Resolve disputes and enforce agreements

4. Legal Basis for Processing (GDPR)

Under GDPR, we process your personal data based on the following legal grounds:

Purpose	Legal Basis
Providing the Service	Performance of Contract (Article 6(1)(b) GDPR)
Processing payment information	Performance of Contract (Article 6(1)(b) GDPR)
Service improvement and analytics	Legitimate Interest (Article 6(1)(f) GDPR)
Security and fraud prevention	Legitimate Interest (Article 6(1)(f) GDPR)
Marketing communications	Consent (Article 6(1)(a) GDPR) - You can withdraw anytime
Legal compliance	Legal Obligation (Article 6(1)(c) GDPR)

5. How We Share Your Information

5.1 Third-Party Service Providers

We share limited data with trusted third-party providers who help us operate the Service:

• Google Cloud Platform: Infrastructure hosting and Google Sheets API access
• Payment Processors: Stripe or similar (for subscription billing)
• Email Service: Transactional email delivery providers
• Analytics Providers: Anonymized usage analytics (if applicable)

All third-party providers are bound by data processing agreements and are required to comply with GDPR and applicable data protection laws.

5.2 Third-Party APIs (Your Direction)

When you use the BYOK (Bring Your Own Keys) model, you direct LeadBooster to transmit data to third-party APIs:

• OpenAI (for AI processing)
• Hunter.io (for email finding)
• serper.dev (for Google search)
• Apollo.io (for contact data)
• Other APIs you configure

Important: We transmit data to these APIs only at your explicit direction and using your API keys. You are responsible for compliance with each third-party provider's terms of service and privacy policy.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in response to valid requests by public authorities (e.g., court orders, subpoenas, government agencies).

5.4 Business Transfers

If LeadBooster is involved in a merger, acquisition, or asset sale, your personal data may be transferred. We will provide notice before your data is transferred and becomes subject to a different privacy policy.

5.5 We Do NOT Sell Your Data

We do not and will never sell, rent, or trade your personal information to third parties for their marketing purposes.

6. Data Security

6.1 Security Measures

We implement industry-standard security measures to protect your data:

• Encryption: Data in transit is encrypted using TLS 1.3. Data at rest is encrypted using AES-256.
• API Key Security: Your third-party API keys are stored securely in your Google account using Google's PropertiesService, encrypted and never transmitted to our servers.
• Access Controls: Strict access controls limit employee access to customer data. Access is granted on a need-to-know basis.
• Authentication: OAuth 2.0 for secure Google account authentication without storing credentials.
• Regular Audits: Periodic security audits and vulnerability assessments.
• Incident Response: Documented security incident response procedures.

6.2 Google OAuth Security

LeadBooster uses OAuth 2.0 to access your Google account. This means:

• We never see or store your Google password
• You can revoke LeadBooster's access anytime through your Google Account Permissions
• Access tokens are stored securely and expire automatically
• We request only the minimum permissions required

6.3 Limitations

While we use reasonable security measures, no method of transmission over the Internet or electronic storage is 100% secure. We cannot guarantee absolute security of your data.

7. Data Retention

7.1 Account Data

We retain your account information for as long as your account is active or as needed to provide the Service.

7.2 Google Sheets Data

We do NOT store your Google Sheets data. Data is read from and written to your Google Sheets in real-time and is not stored on our servers. Temporary processing data is deleted immediately after enrichment tasks complete.

7.3 API Keys

Your API keys are stored in your Google account (not our servers) and remain until you delete them or uninstall the add-on.

7.4 Logs and Analytics

• Error Logs: Retained for 90 days for troubleshooting
• Usage Analytics: Anonymized and aggregated, retained for 24 months
• Backup Data: Retained for 30 days in encrypted backups

7.5 After Account Deletion

When you delete your account or uninstall the add-on:

• Your account data is deleted within 30 days
• Your API keys stored in your Google account are deleted
• We may retain some data for legal compliance purposes (e.g., billing records) for up to 7 years
• Anonymized, aggregated analytics data may be retained indefinitely

8. Your Privacy Rights

8.1 GDPR Rights (European Economic Area)

If you are in the EEA, you have the following rights under GDPR:

• Right to Access (Article 15): Request a copy of your personal data
• Right to Rectification (Article 16): Correct inaccurate personal data
• Right to Erasure (Article 17): Request deletion of your personal data ("right to be forgotten")
• Right to Restrict Processing (Article 18): Limit how we process your data
• Right to Data Portability (Article 20): Receive your data in a structured, machine-readable format
• Right to Object (Article 21): Object to processing based on legitimate interests
• Right to Withdraw Consent (Article 7): Withdraw consent for marketing communications
• Right to Lodge a Complaint: File a complaint with your supervisory authority

8.2 CCPA Rights (California Residents)

If you are a California resident, you have the following rights under CCPA:

• Right to Know: Request disclosure of personal data collected, used, and shared
• Right to Delete: Request deletion of your personal data
• Right to Opt-Out: Opt-out of the sale of personal data (we don't sell data)
• Right to Non-Discrimination: Not be discriminated against for exercising your rights

8.3 How to Exercise Your Rights

To exercise any of these rights, contact us at:

• Email: contact@leadbooster.dev
• Subject line: "Privacy Rights Request"

We will respond to your request within 30 days (GDPR) or 45 days (CCPA). We may need to verify your identity before processing your request.

8.4 Revoking Google Access

You can revoke LeadBooster's access to your Google account at any time:

1. Go to Google Account Permissions
2. Find "LeadBooster" in the list
3. Click "Remove Access"

9. International Data Transfers

LeadBooster operates globally, and your data may be transferred to and processed in countries outside your country of residence, including the United States.

9.1 EEA Data Transfers

For data transferred from the European Economic Area (EEA) to countries without adequate data protection:

• We use Standard Contractual Clauses (SCCs) approved by the European Commission
• We implement additional safeguards as recommended by the European Data Protection Board
• We ensure all service providers comply with GDPR requirements

9.2 Data Processing Locations

• Primary Processing: Google Cloud Platform (regions: EU/US as configured)
• Backup Storage: Encrypted backups in Google Cloud Storage
• Third-Party APIs: Data transmitted to third-party APIs based on their locations (OpenAI - US, etc.)

10. Children's Privacy

LeadBooster is not intended for individuals under 16 years of age. We do not knowingly collect personal information from children under 16. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately, and we will delete such information.

11. Cookies and Tracking Technologies

11.1 Cookies We Use

LeadBooster uses minimal cookies and tracking technologies:

• Essential Cookies: Required for authentication and Service functionality (cannot be disabled)
• Analytics Cookies: Anonymized usage analytics to improve the Service (optional, can be disabled)

We do NOT use: Advertising cookies, third-party tracking cookies, or social media pixels.

11.2 Google Analytics

We may use Google Analytics with IP anonymization enabled to understand how users interact with our website. You can opt-out using the Google Analytics Opt-out Browser Add-on.

11.3 Do Not Track

We respect Do Not Track (DNT) browser settings. If you have DNT enabled, we will not use optional analytics cookies.

12. Third-Party Links

The Service may contain links to third-party websites (e.g., third-party API provider websites). We are not responsible for the privacy practices of these external sites. We encourage you to review the privacy policies of any third-party sites you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of material changes by:

• Posting the updated Privacy Policy on our website with a new "Last Updated" date
• Sending an email notification to your registered email address
• Displaying a notice in the LeadBooster Add-on interface

Your continued use of the Service after changes take effect constitutes acceptance of the updated Privacy Policy. If you do not agree to the changes, you must stop using the Service and delete your account.

14. Data Protection Contact

For privacy-related inquiries, please contact us:

Privacy Team
Email: contact@leadbooster.dev
Subject: "Privacy Inquiry" or "Data Protection Request"

15. Supervisory Authority

If you are in the EEA and believe we have not addressed your privacy concerns adequately, you have the right to lodge a complaint with your local data protection supervisory authority.

Find your supervisory authority: European Data Protection Board - Members

16. Contact Us

For questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

LeadBooster
Email: contact@leadbooster.dev
Support: GitHub Issues
Website: https://leadbooster.dev

17. Google API Services Specific Disclosures

17.1 Limited Use Requirements

LeadBooster's use of information received from Google APIs adheres to Google API Services User Data Policy, including the Limited Use requirements. Specifically:

• We only request access to Google Sheets data necessary to provide the lead enrichment Service
• We do not use Google user data for serving advertisements
• We do not allow humans to read Google user data unless:
  • You provide explicit consent for specific messages
  • It is necessary for security purposes (e.g., investigating abuse)
  • To comply with applicable law
  • For internal operations with data that has been aggregated and anonymized
• We do not transfer Google user data to third parties except:
  • As directed by you (e.g., enrichment via third-party APIs using your API keys)
  • As necessary to provide or improve user-facing features
  • For security purposes
  • To comply with applicable law

17.2 Scopes Requested

LeadBooster requests the following Google API scopes:

• https://www.googleapis.com/auth/spreadsheets - Read and write access to Google Sheets
• https://www.googleapis.com/auth/userinfo.email - View your email address
• https://www.googleapis.com/auth/userinfo.profile - View your basic profile info

17.3 Data Usage Transparency

Data accessed from Google Sheets is used exclusively for:

1. Reading data you select for enrichment
2. Processing enrichment tasks (web scraping, AI analysis, API calls)
3. Writing enriched results back to your Google Sheets

We do not: Store Google Sheets data on our servers, use it for purposes unrelated to enrichment, or share it with third parties except as you direct (via BYOK API integrations).

By using LeadBooster, you acknowledge that you have read and understood this Privacy Policy.