Privacy Policy

Last updated: February 26, 2026

LeadPurity ("we", "our", "us") is committed to protecting the privacy of our users ("Form Owners" or "Customers") and the individuals ("Leads" or "Form Respondents") who interact with forms created on our platform. This Privacy Policy describes in detail how we collect, use, store, share, and protect personal information when you use the LeadPurity platform and related services (collectively, the "Service").

By accessing or using LeadPurity, you acknowledge that you have read, understood, and agree to be bound by the terms of this Privacy Policy. If you do not agree with any part of this policy, please do not use our Service.

1. Information We Collect

1.1 Information from Form Owners (Our Customers)

When you create an account with LeadPurity and use our Service, we may collect the following types of information:

Account registration information: Your name, email address, and an encrypted password that is used to authenticate your identity when you log in to the platform.
Billing and payment information: When you subscribe to a paid plan, your payment details are processed securely through our third-party payment processor. We do not store, access, or retain your full credit card numbers, CVV codes, or other sensitive payment credentials on our servers at any time.
Usage and activity data: Information about how you interact with the Service, including the number of forms you create, the number of leads you receive, feature usage patterns, and general platform analytics that help us improve the product.
Communication data: Any information you provide when you contact our support team, submit feedback, or otherwise communicate with us through email or other channels.

1.2 Information from Leads (Form Respondents)

When an individual fills out a form created by one of our Customers, we may collect the following information on behalf of the Form Owner:

Form response data: Name, email address, phone number, and any other fields that have been configured by the Form Owner in their form design. The specific data collected varies depending on how the Form Owner has set up their form.
Verification data: Phone verification status (confirmed via SMS one-time passcode), email verification status, and related verification metadata that is used to determine the validity of a lead submission.
Technical and device data: IP address, browser type and version, operating system, device type, referring URL, UTM parameters, and other standard technical information that is automatically transmitted when you access a web page.
Session and behavioural data: Form completion progress, timestamps for each step of the form, and submission status. This data may be used by Form Owners for analytics purposes where they have enabled such features.

1.3 Information Collected Automatically

Like most web-based services, we automatically collect certain technical information when you visit our website or use our Service. This includes your IP address, browser type, operating system, the pages you visit on our site, the time and date of your visit, the time spent on each page, and other diagnostic data. This information is collected through standard web server logs and essential cookies (see Section 8 below).

2. How We Use Your Information

We use the information we collect for the following purposes:

To provide and operate the Service: This includes rendering forms, processing phone and email verifications, storing and delivering lead data to Form Owners, and maintaining the core functionality of the platform.
To verify identity and prevent fraud: We send SMS one-time passcodes to confirm phone number ownership. We also use IP-based rate limiting, duplicate submission detection, and email validation to protect Form Owners from fraudulent or low-quality submissions.
To process payments: We use your billing information to process subscription payments, manage plan upgrades and downgrades, and handle refunds where applicable.
To send transactional communications: We send lead notification alerts to Form Owners via email and webhooks when new verified leads are submitted through their forms.
To provide customer support: We use your contact information to respond to support inquiries, resolve technical issues, and assist with account management.
To improve and develop the Service: We analyse aggregated, anonymised usage patterns and analytics to identify areas for improvement, develop new features, optimise platform performance, and enhance the overall user experience.
To comply with legal obligations: We may process your information where required to comply with applicable laws, regulations, legal processes, or enforceable governmental requests.

3. Data Sharing and Disclosure

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

With service providers: We engage trusted third-party companies and individuals to perform services on our behalf, such as payment processing, email delivery, error monitoring, and infrastructure hosting. These service providers are contractually obligated to protect your data and may only use it to perform the specific services we have engaged them for.
With Form Owners: Lead data submitted through a form is shared with the Form Owner who created that form. Form Owners are responsible for their own handling of lead data in accordance with their own privacy practices and applicable laws.
For legal compliance: We may disclose your information if required to do so by law, in response to a court order, subpoena, or similar legal process, or if we believe in good faith that such disclosure is necessary to protect our rights, protect your safety or the safety of others, investigate fraud, or respond to a government request.
In connection with a business transfer: If LeadPurity is involved in a merger, acquisition, reorganisation, or sale of assets, your personal information may be transferred as part of that transaction. We will notify you via email and/or a prominent notice on our website of any change in ownership or uses of your personal information.

4. Data Retention

We retain personal information only for as long as is reasonably necessary to fulfil the purposes for which it was collected, comply with our legal obligations, resolve disputes, and enforce our agreements. The specific retention periods are as follows:

Retention Schedule

Active accounts: Lead data is retained for 12 months from the date of submission. After 12 months, lead data is automatically purged from our systems unless the Form Owner has exported it prior to deletion.
Cancelled subscriptions: When a Form Owner cancels their subscription, lead data is retained for 30 days to allow sufficient time for data export. After 30 days, all lead data associated with the cancelled account is permanently and irreversibly deleted from our systems.
Account deletion requests: Upon receiving an account deletion request, all associated data — including forms, leads, sessions, analytics, and account information — is permanently deleted within 14 days of the request.
Session and analytics data: Partial form session data used for drop-off analytics and form completion tracking is retained for 90 days, after which it is automatically purged.
Security and rate limiting data: IP-based rate limiting records and other temporary security data is retained for no longer than 24 hours and is then automatically deleted.
Backup data: Encrypted backups containing personal data are rotated and permanently deleted according to the same retention schedules outlined above, with a maximum additional retention period of 30 days for disaster recovery purposes.

5. Data Security

We take the security of your personal information seriously and implement a comprehensive range of industry-standard technical and organisational measures to protect your data against unauthorised access, alteration, disclosure, or destruction. These measures include, but are not limited to:

Encryption in transit: All data transmitted between your device and our servers is encrypted using Transport Layer Security (TLS/SSL) with HTTPS protocol, ensuring that your information cannot be intercepted during transmission.
Encryption at rest: All data stored in our databases is encrypted at rest using AES-256 encryption, an industry-standard encryption algorithm used by financial institutions and government agencies worldwide.
Access controls: We implement strict role-based access controls to ensure that each user can only access their own data. Administrative access to production systems is limited to authorised personnel and requires multi-factor authentication.
Payment security: All payment processing is handled through a PCI DSS Level 1 compliant payment processor. We never store, process, or have access to your full credit card numbers or sensitive payment credentials.
Verification isolation: Our phone verification system operates on a completely separate and isolated infrastructure from your account data, preventing any cross-contamination of authentication credentials and personal information.
Regular security assessments: We conduct regular reviews of our security practices, infrastructure configurations, and access controls to identify and address potential vulnerabilities.
Error monitoring: Our error monitoring systems are configured with personally identifiable information (PII) stripping to ensure that no sensitive personal data is captured in error logs or diagnostic reports.

While we implement robust security measures, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we are committed to protecting your information to the highest commercially reasonable standard.

6. GDPR Compliance

LeadPurity is fully committed to compliance with the General Data Protection Regulation (GDPR) for users and leads located within the European Economic Area (EEA), the United Kingdom, and Switzerland. This section outlines our obligations and your rights under these regulations.

6.1 Legal Basis for Processing

We process personal data on the following legal bases:

Consent: Leads provide explicit, informed consent by completing and submitting forms. All forms created on LeadPurity include a required consent acknowledgement before submission can be completed. Consent may be withdrawn at any time by contacting us or the relevant Form Owner.
Contractual necessity: Processing of Form Owner (Customer) account data is necessary for the performance of our contract with you — specifically, to provide and maintain the LeadPurity Service that you have subscribed to.
Legitimate interest: We process certain data for the purposes of fraud prevention, rate limiting, platform security, and service improvement, where our legitimate interests are not overridden by your fundamental rights and freedoms.

6.2 Your Rights Under GDPR

If you are located in the EEA, the United Kingdom, or Switzerland, you have the following rights with respect to your personal data:

Right of Access: You have the right to request a copy of the personal data we hold about you. We will provide this information in a commonly used, machine-readable format within the timeframes specified by applicable law.
Right to Rectification: You have the right to request that we correct any inaccurate or incomplete personal data we hold about you without undue delay.
Right to Erasure: You have the right to request the deletion of your personal data ("right to be forgotten") where there is no compelling reason for its continued processing.
Right to Data Portability: You have the right to receive your personal data in a structured, commonly used, and machine-readable format, and to transmit that data to another controller without hindrance.
Right to Restriction of Processing: You have the right to request that we restrict the processing of your personal data in certain circumstances, such as when you contest the accuracy of the data or object to our processing of it.
Right to Object: You have the right to object to the processing of your personal data where we are relying on legitimate interests as our legal basis, and there is something about your particular situation that makes you want to object to processing on this ground.
Right to Withdraw Consent: Where we rely on your consent to process personal data, you have the right to withdraw that consent at any time. Withdrawal of consent does not affect the lawfulness of processing carried out prior to the withdrawal.
Right to Lodge a Complaint: You have the right to lodge a complaint with a supervisory authority in your country of residence if you believe that our processing of your personal data violates applicable data protection laws.

To exercise any of these rights, please contact us at hello@leadpurity.com. We will respond to your request within 30 days, or within the timeframe required by applicable law. We may ask you to verify your identity before processing your request to ensure the security of your personal data.

6.3 Data Controller and Data Processor Roles

Under the GDPR, Form Owners act as Data Controllers for the lead data collected through their forms. LeadPurity acts as a Data Processor, processing lead data on behalf of and under the instructions of the Form Owner. Form Owners are independently responsible for ensuring they have an appropriate legal basis (such as consent) for collecting personal data through their forms, for providing their own privacy notices to leads, and for responding to data subject access requests from their leads in a timely manner. LeadPurity provides tools and features to assist Form Owners in meeting their obligations, but ultimate responsibility for compliance rests with the Data Controller.

7. International Data Transfers

Our Service infrastructure is hosted in secure data centres operated by reputable cloud service providers. Your personal data may be processed in countries outside of your country of residence, including in the United States and other jurisdictions where our infrastructure providers operate data centres. When we transfer personal data internationally, we ensure that appropriate safeguards are in place to protect your data in accordance with applicable data protection laws. These safeguards may include Standard Contractual Clauses (SCCs) approved by the European Commission, adequacy decisions, or other legally recognised transfer mechanisms. By using our Service, you acknowledge and consent to the transfer of your data to these jurisdictions.

8. Cookies and Local Storage

LeadPurity uses only essential, strictly necessary cookies and local storage mechanisms to operate the Service. Specifically, we use authentication cookies to maintain your login session and to keep you securely signed in as you navigate the platform. We also use local storage to persist form session progress so that leads do not lose their place if they navigate away from a form temporarily. We do not use any third-party tracking cookies, advertising cookies, or analytics cookies. We do not share cookie data with third parties and we do not sell any data derived from cookies to advertisers or any other parties.

9. Third-Party Links and Integrations

Our Service may contain links to third-party websites or services that are not operated by LeadPurity. If you click on a third-party link, you will be directed to that third party's site. We strongly advise you to review the privacy policy of every site you visit. We have no control over and assume no responsibility for the content, privacy policies, or practices of any third-party sites or services. Additionally, Form Owners may configure integrations (such as webhooks or email notifications) that transmit lead data to external services. LeadPurity is not responsible for the data handling practices of those external services.

10. Children's Privacy

LeadPurity is not intended for use by individuals under the age of 18. We do not knowingly collect, solicit, or process personal data from children under the age of 18. If you are a parent or guardian and you become aware that your child has provided personal data to us or submitted data through a form on our platform, please contact us immediately at hello@leadpurity.com. If we become aware that we have collected personal data from a child under the age of 18 without verification of parental consent, we will take immediate steps to delete that information from our servers.

11. California Privacy Rights (CCPA)

If you are a California resident, you may have additional rights under the California Consumer Privacy Act (CCPA). These rights include:

The right to know what personal information we collect, use, disclose, and sell
The right to request deletion of your personal information
The right to opt out of the sale of your personal information (note: we do not sell personal information)
The right to non-discrimination for exercising your CCPA rights

To exercise your rights under the CCPA, please contact us at hello@leadpurity.com. We will verify your identity and respond to your request within the timeframes required by law.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technologies, legal requirements, or other factors. When we make material changes to this policy, we will notify registered users via email and update the "last updated" date at the top of this page. We encourage you to review this Privacy Policy periodically to stay informed about how we are protecting your information. Your continued use of the Service after any changes to this Privacy Policy constitutes your acceptance of the revised policy.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy, your personal data, or our data protection practices, please do not hesitate to contact us:

Email: hello@leadpurity.com
Company: LeadPurity
Location: Adelaide, South Australia, Australia

We aim to respond to all privacy-related inquiries within 30 days. If you are not satisfied with our response, you have the right to lodge a complaint with your local data protection authority.