Leadgen

Privacy Policy

Last updated: May 17, 2026

Leadgen ("we", "us", "our") is a B2B lead generation platform operated by Ashwani Jha. This Privacy Policy explains what we collect, how we use it, who we share it with, and the choices you have. By using Leadgen at leadgen.ashwanijha.dev ("the Service") you agree to this policy.

1. Information we collect

We collect three categories of data:

a. Information you give us

  • Account info: your email address (via Supabase authentication), workspace name, your business website, and a description of your business and ideal customer profile.
  • Search inputs: industries, locations, and queries you ask Leadgen to run against third-party lead sources (e.g., Google Maps via SerpApi).
  • Outreach content: email subjects, bodies, and templates you compose inside the product.

b. Information we collect on your behalf

  • Prospect data fetched from public sources (Google Maps via SerpApi): company name, address, phone, website, public email addresses, ratings.
  • Information enriched from prospect websites (publicly available HTML), including emails and social links.

c. Information you authorize us to access via OAuth

  • Gmail (Google): If you connect a Gmail account, we request only the gmail.send scope plus openid, email, and profile. We use this to send outreach emails from your address. We do not read your inbox, do not access existing messages, and do not list threads, labels, drafts, or attachments. We store your access token and refresh token to make those send calls on your behalf.
  • HubSpot: If you connect HubSpot, we request crm.objects.companies.write and crm.objects.contacts.write to push records into your CRM. We do not read other HubSpot data.

2. How we use your data

  • To operate and improve the Service: surface leads, enrich them, send outreach you author.
  • To personalize email templates by passing your business profile and the prospect's public information to Anthropic's Claude API.
  • To authenticate you (via Supabase Auth) and route requests to the correct workspace.
  • To diagnose errors and prevent abuse.

We do not sell your data, build advertising profiles, or train any machine-learning model on your data. We do not share your prospect lists with other customers.

3. Use of Google user data

This section applies specifically to data obtained via Google OAuth (Gmail). Leadgen's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements:

  • We only use Google user data to provide and improve user-facing email-sending features inside Leadgen.
  • We do not transfer Google user data to others except as necessary to provide or improve those features, to comply with law, or as part of a merger or acquisition with notice.
  • We do not use Google user data for serving advertisements.
  • No humans read your Google user data unless we have your explicit consent, it is needed for security investigations, or it is required by law.

You can revoke our access at any time at myaccount.google.com/permissions or from inside Leadgen at /integrations by clicking Disconnect.

4. Sub-processors

We use the following sub-processors to operate the Service:

  • Supabase (database + authentication) — hosted in AWS.
  • Render (backend application hosting).
  • Vercel (frontend application hosting).
  • Anthropic (Claude API) — only for AI personalization features you opt into; receives the prospect's public business info and the email template you wrote.
  • SerpApi (Google Maps search) — receives only the search queries you ask Leadgen to run.
  • Google (Gmail API) — only when you connect a Gmail integration.
  • HubSpot — only when you connect a HubSpot integration.

5. Data retention

Your account data, workspaces, and prospect lists are retained for as long as your account is active. OAuth tokens are retained until you disconnect the integration or delete your account. You can delete a workspace or your account at any time by emailing ashwanijha04@gmail.com; we will delete the associated data within 30 days.

6. Security

Data is encrypted in transit via TLS. Database storage (Supabase) encrypts data at rest. OAuth tokens are stored in our database. Access is limited to authorized application code and the operator. We do not have a formal SOC 2 or ISO 27001 certification yet.

No system is perfectly secure. If you discover a vulnerability, please email ashwanijha04@gmail.com.

7. Your rights

Depending on where you live, you may have rights under laws like GDPR, UK GDPR, or CCPA: access, correction, deletion, portability, objection, and restriction. To exercise any of these, email ashwanijha04@gmail.com. We will respond within 30 days.

8. International transfers

Leadgen is operated from India. Sub-processors may store data in other regions (currently AWS ap-southeast-1 for Supabase, plus the regions chosen by Render and Vercel for their edge networks).

9. Children

The Service is not intended for children under 16 and we do not knowingly collect data from them.

10. Changes to this policy

We may update this policy. When we do, we will revise the "Last updated" date and, for material changes, notify you in-app or by email.

11. Contact

Ashwani Jha — operator of Leadgen.
Email: ashwanijha04@gmail.com