Privacy Policy

Last updated: 2026-05-01

DRAFT — pending legal review. This document is a working draft and is not legally binding. Real terms reviewed by a lawyer will replace it before paid usage opens to the public.

What we store

Email address (for sign-in), business profiles you create, scan results, reply drafts, subscription status, and audit logs of administrative actions. We do not store payment card numbers — those are held by Stripe.

What we send to third parties

Stripe — billing identity (email) and payment events.
Resend — your email address, for transactional email only.
Anthropic / Google (via Vercel AI Gateway) — prompt content from the AI steps of a scan. Prompts may contain text from the public Reddit posts we surface.
Reddit — your OAuth token (used to read public posts on your behalf).
Sentry — error stack traces (only when an error occurs and only with SENTRY_DSN configured).
PostHog — anonymous product-usage events, only after you accept the consent banner. Decline and no PostHog client is loaded.

Cookies

We set a Supabase auth cookie (required to keep you signed in) and a first-party consent cookie (required to remember your analytics choice). No third-party tracking cookies.

Data retention

Your data is kept for as long as your account is active. After cancellation we retain leads read-only for 30 days, soft-archive them for 60 more days, then hard-delete after 90 days total. You can request immediate deletion at any time by emailing support.

Your rights

You can export your leads as CSV/JSON from /app/account (Pro tier only in the MVP — Starter export ships in a future release). You can request deletion of all your data by emailing support@redditleadfinder.com.

Contact

privacy@redditleadfinder.com