Privacy Policy
1. Introduction
LEADARRAY LLC ("LeadArray," "we," "us," or "our") is committed to protecting your privacy and handling personal data in a transparent, lawful, and secure manner.
This Privacy Policy explains how we collect, use, disclose, and safeguard information when you access or use our websites, applications, APIs, and services (collectively, the "Services").
By accessing or using the Services, you acknowledge that you have read and understood this Privacy Policy.
2. Scope of This Privacy Policy
This Privacy Policy applies to:
- Visitors to the LeadArray website
- Customers, users, and authorized account holders
- Lead and contact data uploaded or processed through the LeadArray platform on behalf of customers
This Privacy Policy does not apply to third-party websites, tools, or services that integrate with LeadArray, which are governed by their own privacy policies.
3. Roles & Responsibilities (Controller vs. Processor)
For clarity:
- LeadArray acts as a data processor for customer-provided lead data
- Our customers are the data controllers and determine the purpose and legal basis for processing lead data
- LeadArray processes data only according to customer instructions and contractual obligations
4. Information We Collect
4.1 Information You Provide Directly
We may collect information you voluntarily provide, including:
- Name, email address, phone number
- Company name, role, and business contact details
- Account credentials
- Billing and payment information
- Communications with LeadArray (support tickets, emails, calls)
4.2 Customer-Provided Lead Data (Processed Data)
Customers may upload or transmit data for processing, including:
- Names, email addresses, phone numbers
- Business and firmographic information
- CRM records and lead source metadata
- CSV files, API payloads, and webhook data
LeadArray does not own this data and processes it solely to provide the Services.
When users submit B2C consumer leads for processing, LeadArray may also handle the following categories of consumer personal data as part of its enrichment pipeline: verified name and mailing address returned from phone number lookup; property and household data including homeowner status, dwelling type, length of residence, home value indicators, and property characteristics; financial profile data including estimated household income band, wealth score, credit card holder status, and education level; vehicle ownership indicators; lifestyle and interest indicators; and phone validation data including line type, carrier name, active status, and Do Not Call registry status.
The following categories of consumer data are excluded from LeadArray's standard processing pipeline regardless of what third-party enrichment providers return, and are not collected, stored, processed, displayed, or delivered to users: gender, date of birth, marital status, presence of children, number of children, child age range, single parent status, household size, ethnicity, and neighborhood-level demographic percentage data. These exclusions are enforced at the system level and are not configurable by users.
4.3 Automatically Collected Information
When accessing the Services, we may automatically collect:
- IP address
- Device and browser information
- Usage logs, timestamps, and platform activity
- Pages viewed and features used
- Cookies and similar technologies
4A. Categories of Personal Information Collected and Disclosed (CCPA/CPRA)
The following table identifies the categories of personal information LeadArray collects, the sources from which it is collected, the business purposes for which it is used, and the categories of third parties to whom it is disclosed for business purposes. LeadArray does not sell or share personal information as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA).
| CCPA Category | Examples | Source | Business Purpose | Disclosed To | Retention |
|---|---|---|---|---|---|
| Identifiers | Name, email, phone number, IP address, account credentials | Customer-provided; automatically collected | Service delivery, account management, enrichment, security | Cloud infrastructure providers; third-party enrichment subprocessors; CRM/delivery systems per customer instruction | Duration of account term plus up to 24 months, or as required by law |
| Personal information (Cal. Civ. Code § 1798.80) | Name, address, telephone number, billing information | Customer-provided | Account management, billing, service delivery | Payment processors; cloud infrastructure providers | Duration of account term plus up to 7 years for billing records |
| Commercial information | Subscription plan, credit usage, purchase history | Generated through platform use | Billing, usage analytics, service improvement | Payment processors; cloud infrastructure providers | Duration of account term plus up to 7 years |
| Internet or other electronic network activity | IP address, browser type, pages viewed, feature usage, session logs | Automatically collected via cookies and platform logs | Security monitoring, platform analytics, fraud prevention | Analytics service providers; cloud infrastructure providers | Up to 24 months |
| Professional or employment-related information | Company name, job title, business contact details | Customer-provided at registration | Account management, service communications | Cloud infrastructure providers | Duration of account term |
| Inferences drawn from personal information | Lead scores, quality ratings, routing recommendations derived from customer-submitted lead data | Generated by LeadArray's AI and processing pipeline | Service delivery — returned to customer as processed output | Delivered to customer per customer instructions; not disclosed to unrelated third parties | Per customer data retention configuration; up to 24 months by default |
The categories of consumer personal data processed through LeadArray's enrichment pipeline on behalf of customers (as described in Section 4.2) are handled as a data processor acting on customer instructions. Retention of enrichment output data is governed by customer account configuration and LeadArray's Data Retention Policy. SpecialDataAccount users: audit log data is retained for the duration of the account term plus seven years.
5. How We Use Information
We use information to:
- Provide, operate, and maintain the Services
- Normalize, deduplicate, enrich, validate, score, and route leads
- Deliver processed data to customer-designated systems
- Provide analytics, summaries, and AI-generated insights
- Monitor system performance and security
- Communicate service updates and support messages
- Detect fraud, abuse, or misuse
- Comply with legal obligations
We do not sell or share personal data. LeadArray does not sell personal information, nor does it share personal information for cross-context behavioral advertising, as those terms are defined under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA). Disclosures to service providers and subprocessors are made solely for business purposes as described in this Privacy Policy and are governed by written data processing agreements. Note: if LeadArray's website uses third-party analytics or advertising cookies that transmit identifiers to third-party platforms, such use may constitute "sharing" under CPRA. Visitors may manage cookie preferences through the cookie consent banner on the LeadArray website.
6. AI & Automated Processing
LeadArray uses automated systems and artificial intelligence to:
- Score and qualify leads
- Generate summaries and insights
- Determine routing recommendations
- Draft suggested outreach messages (Drafts are templates; LeadArray does not send communications; Customer must determine legality of the outreach)
Key principles:
- AI operates only on customer-provided data
- Models are not trained on customer data
- Processing logic is configurable per customer
- Outputs are explainable and auditable
7. Sensitive Data & PHI Exclusion
LeadArray is not designed to receive, store, or process Protected Health Information (PHI) as defined under HIPAA.
Customers agree not to upload PHI unless explicitly authorized under a separate written agreement. LeadArray disclaims responsibility for PHI submitted in violation of this policy.
7A. Consumer Data Field Restrictions and Permitted Exceptions
LeadArray enforces system-level restrictions on certain categories of consumer personal data that constitute protected characteristics under applicable federal anti-discrimination law, including the Equal Credit Opportunity Act (ECOA), the Fair Housing Act (FHA), and related regulations. These restrictions apply to all user accounts by default.
Users who have established a documented permissible purpose under the Fair Credit Reporting Act (FCRA) Section 604 for pre-application marketing lead identification may apply for a SpecialDataAccount designation. Users granted this designation, having executed LeadArray's Permissible Purpose Certification Agreement, may receive a defined subset of otherwise-restricted consumer data fields solely for marketing lead prioritization purposes. Use of any such fields in credit underwriting, insurance underwriting, loan approval or denial, housing decisions, employment decisions, or any adverse action as defined under applicable federal law is strictly prohibited and constitutes a material breach of the user's agreement with LeadArray.
SpecialDataAccount designation may only be activated by a LeadArray platform administrator following review of the user's executed Permissible Purpose Certification Agreement. All processing of expanded fields under SpecialDataAccount designation is logged in LeadArray's internal compliance audit trail and retained for the duration of the account term plus seven years.
Ethnicity and all neighborhood-level demographic percentage data remain excluded from all user accounts regardless of SpecialDataAccount status.
8. Cookies & Tracking Technologies
LeadArray uses cookies and similar technologies to:
- Authenticate users
- Maintain sessions
- Analyze usage and performance
- Improve user experience
We use a cookie consent banner that allows users to manage cookie preferences in accordance with applicable law.
You may modify cookie settings through your browser or the consent banner. Disabling certain cookies may impact functionality.
9. Data Sharing & Disclosure
We share information only in the following circumstances:
9.1 Service Providers
With trusted vendors who assist with:
- Cloud hosting and infrastructure
- Data enrichment and validation
- AI and analytics services
- Payment processing
All vendors are contractually obligated to protect data and limit use to service delivery.
For B2C lead enrichment specifically, LeadArray transmits consumer contact data to third-party data providers that perform functions including consumer identity resolution, demographic attribute append, email append, phone validation, and Do Not Call compliance screening. Data shared with these providers is limited to the minimum necessary to perform the requested enrichment lookup. These providers operate under their own privacy policies and data use terms and are contractually obligated to protect data and limit use to service delivery.
9.2 Customer-Directed Disclosures
Data is shared according to customer instructions, including delivery to:
- Customer-designated CRM, marketing, and sales platforms
- APIs and webhooks
- Exported files
9.3 Legal & Compliance Obligations
We may disclose information where required by law, regulation, subpoena, or to protect the rights, security, or integrity of LeadArray and its users.
10. Data Retention
LeadArray retains data in accordance with its Data Retention Policy, which governs:
- Retention duration
- Deletion schedules
- Customer-configured persistence
- Legal and compliance holds
Customers control retention settings for their processed data where applicable.
11. Data Security
We implement reasonable administrative, technical, and organizational safeguards, including:
- Multi-tenant data isolation
- Access controls and authentication
- Encryption in transit and at rest (where applicable)
- Monitoring, logging, and audit trails
While no system is completely secure, we take appropriate measures to protect data.
12. International Data Transfers
LeadArray may process data in the United States and other jurisdictions where service providers operate. We implement appropriate safeguards for cross-border data transfers as required by law.
13. GDPR (EEA / UK) Privacy Rights
If you are located in the EEA or UK, you have rights including:
- Access to personal data
- Correction or deletion
- Restriction or objection to processing
- Data portability
Requests should be made to the data controller (the LeadArray customer). LeadArray will assist customers in fulfilling lawful requests.
14. California Privacy Rights (CCPA / CPRA)
California residents have the following rights under the California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA):
- Right to Know: The right to know what categories and specific pieces of personal information we have collected, the sources of that information, our business or commercial purposes for collecting it, and the categories of third parties with whom we share it. See Section 4A for a full category-by-category disclosure.
- Right to Delete: The right to request deletion of personal information we have collected, subject to certain exceptions.
- Right to Correct: The right to request correction of inaccurate personal information.
- Right to Opt Out of Sale or Sharing: The right to opt out of the sale or sharing of personal information for cross-context behavioral advertising. LeadArray does not sell or share personal information as defined under CCPA/CPRA. Accordingly, a formal opt-out mechanism for sale or sharing is not required. However, if you wish to limit any data processing associated with third-party cookies or analytics tools on our website, you may do so through the cookie consent banner.
- Right to Limit Use of Sensitive Personal Information: The right to limit the use or disclosure of sensitive personal information to purposes authorized by CPRA. LeadArray does not use sensitive personal information for purposes beyond those necessary to provide the Services.
- Right to Non-Discrimination: The right not to receive discriminatory treatment for exercising your privacy rights.
Do Not Sell or Share My Personal Information: LeadArray does not sell personal information, nor does it share personal information for cross-context behavioral advertising purposes, as those terms are defined under California law. No "Do Not Sell or Share My Personal Information" opt-out link is required because LeadArray does not engage in such activities with respect to its platform users. To the extent that third-party analytics or advertising cookies deployed on the LeadArray website could constitute "sharing" under CPRA, visitors may opt out through the cookie consent banner.
LeadArray acts as a Service Provider under CCPA and a Contractor under CPRA when processing consumer personal data on behalf of its users. Consumer personal data is processed only for the business purposes specified in LeadArray's agreements with users.
California consumers whose personal data has been processed through LeadArray's platform as part of a user's lead management activities should direct privacy rights requests — including requests to know, delete, correct, or opt out — to the user who submitted their data to LeadArray, as that user is the data controller. LeadArray will cooperate with users in responding to verified consumer rights requests in accordance with applicable law.
To submit a privacy rights request directly to LeadArray regarding your account or website data, contact: privacy@leadarray.ai. LeadArray will respond to verifiable requests within the timeframes required by applicable law.
14A. Privacy Rights Under Other U.S. State Laws
In addition to California, a number of U.S. states have enacted comprehensive privacy laws that grant residents similar rights with respect to personal information. These include, without limitation, the Colorado Privacy Act (CPA), Connecticut Data Privacy Act (CTDPA), Virginia Consumer Data Protection Act (VCDPA), Texas Data Privacy and Security Act (TDPSA), Oregon Consumer Privacy Act (OCPA), and Montana Consumer Data Privacy Act (MCDPA).
To the extent LeadArray is subject to these laws based on its processing activities, residents of those states may have rights to access, correct, delete, and obtain a portable copy of their personal information, and to opt out of certain processing activities including targeted advertising, profiling, and the sale of personal data. LeadArray does not sell personal data or engage in targeted advertising or profiling as those terms are defined under applicable state law.
Requests from residents of states with applicable privacy laws may be submitted to privacy@leadarray.ai. LeadArray will respond within the timeframes required by the applicable state law and will direct requests to the appropriate data controller where LeadArray is acting as a processor.
15. Children's Privacy
LeadArray is not intended for individuals under 18 years of age. We do not knowingly collect personal data from children.
16. Changes to This Privacy Policy
We may update this Privacy Policy periodically. Changes will be posted on this page with an updated "Last Updated" date.
17. Contact Information
For privacy-related inquiries:
LEADARRAY LLC
Email: info@leadarray.ai
For consumer privacy rights inquiries related to data processed by LeadArray on behalf of a user, consumers should direct requests to the business that collected their information. If you are unable to identify that business, you may contact LeadArray at privacy@leadarray.ai. LeadArray will respond to verified consumer inquiries within timeframes required by applicable law and will direct verified requests to the appropriate user data controller where applicable.