LeadBoxOutreachLB

Privacy Policy

Read the LeadBox privacy policy covering personal data collection, use, sharing, retention, and rights.

PRIVACY POLICY

Effective date: 10th of April 2026

1. Who we are

LeadBox is provided by Tamertech - Denmark, CVR 45780015, registered at Kildeagervej 241, 8361-DK Hasselager (“LeadBox”, “we”, “us”, “our”).

If you have questions about this Privacy Policy or want to exercise your privacy rights, you can contact us at:

support@getleadbox.com

1. What this Privacy Policy covers

This Privacy Policy explains how we collect, use, share, and protect personal data when you:

  • use the LeadBox application and related services
  • create or manage a workspace
  • upload or manage leads and contact data
  • use campaigns, sequences, webforms, triggers, templates, reporting, and related product features
  • visit our website or documentation
  • contact us for support

This Privacy Policy does not override any separate data processing agreement or other written agreement we may enter into with customers.

1. Our role

In most cases:

  • for account, billing, support, website, and service-administration data, LeadBox acts as a data controller
  • for lead, contact, campaign, workflow, activity, and other customer workspace data processed on behalf of a customer, LeadBox generally acts as a data processor or sub-processor, and the customer is responsible for the lawful basis and instructions for that data

This distinction is consistent with how major infrastructure providers frame customer content versus account/support data in their own legal materials. (Firebase)

1. The personal data we collect

We may collect and process the following categories of personal data.

A. Account and workspace data

  • name
  • work email address
  • login and authentication identifiers
  • workspace name
  • workspace membership and role information
  • settings and preferences

B. Customer workspace data

  • lead and contact data entered, uploaded, or synced by customers
  • company names, job titles, email addresses, LinkedIn URLs, notes, tags, and pipeline data
  • campaign, sequence, template, trigger, form, and activity data
  • outreach history, suppression status, unsubscribe status, and delivery-related state

C. Email and messaging data

  • sender information
  • recipient email address
  • bounce, complaint, delivery, open, click, unsubscribe, and related event data where enabled
  • support chat messages and support request information when you contact us

D. Billing and transaction data

  • plan, subscription, payment status, invoice-related metadata, and wallet/credit records
  • limited billing and customer identifiers from payment providers

E. Technical, usage, and security data

  • IP address
  • device/browser data
  • log records
  • request IDs
  • authentication and session data
  • error and diagnostics data
  • anti-abuse and security verification data

1. How we collect personal data

We collect personal data:

  • directly from you when you sign up, log in, contact support, configure your workspace, or use the product
  • from your workspace members and administrators
  • from customer uploads, imports, webforms, and product activity
  • from service providers that support authentication, infrastructure, billing, email delivery, and support
  • automatically through normal product, website, logging, security, and diagnostics operation

1. Why we use personal data

We use personal data for the following purposes:

A. To provide the service

  • create and manage accounts and workspaces
  • authenticate users
  • operate campaigns, sequences, webforms, triggers, templates, reporting, and CRM-style features
  • manage suppressions, unsubscribes, and permission-related controls

B. To administer subscriptions and billing

  • manage plans, credits, payments, renewals, and billing support
  • prevent duplicate or invalid billing actions
  • provide payment recovery and account administration flows

C. To secure and protect the service

  • detect abuse, fraud, spam, unauthorized access, and service misuse
  • enforce workspace, role, and policy boundaries
  • maintain logs, diagnostics, and operational visibility

D. To support customers

  • respond to support requests
  • review reported problems
  • improve reliability, usability, and documentation

E. To comply with legal obligations

  • maintain required records
  • respond to lawful requests
  • enforce our Terms and acceptable-use rules

1. Our legal bases

Where GDPR or similar laws apply, we rely on one or more of the following legal bases:

  • Contract: where processing is necessary to provide the service you requested, including account access, workspace management, billing, and core product functionality
  • Legitimate interests: where necessary for security, abuse prevention, product improvement, operational diagnostics, internal administration, and support, provided those interests are not overridden by your rights
  • Legal obligation: where we must process data to comply with law, regulation, or lawful requests
  • Consent: where consent is required under applicable law for a particular activity

Customers remain responsible for ensuring that any lead, contact, or outreach data they use in LeadBox has an appropriate lawful basis.

1. Permission-based email and customer responsibility

LeadBox is designed for permission-based email workflows.

Customers are responsible for:

  • ensuring they have an appropriate lawful basis and permissions for the contacts they use
  • honoring unsubscribe and suppression status
  • using LeadBox in compliance with applicable data protection, marketing, and communications laws

We may suspend, restrict, or investigate use that appears abusive, unlawful, deceptive, spam-like, or harmful to recipients, platforms, or service providers.

1. How we share personal data

We do not sell customer CRM/contact data.

We may share personal data only as necessary:

  • with subprocessors and service providers who help us operate LeadBox
  • with payment providers and billing infrastructure
  • with email delivery providers
  • with support and communications providers
  • with professional advisers where necessary
  • where required by law, regulation, legal process, or to protect rights, safety, and the service

1. Subprocessors and service providers

LeadBox uses third-party providers to operate the service. Depending on the feature used, these may include providers in categories such as:

  • authentication and identity
  • database and infrastructure hosting
  • frontend/application hosting
  • billing and payment processing
  • transactional or permission-based email delivery
  • support chat and support operations

Our current core providers include:

  • Google Firebase / Google Cloud — authentication and related infrastructure
  • MongoDB Atlas — database hosting and storage
  • Render — backend application hosting
  • Vercel — frontend and website hosting
  • Stripe — subscription and payment processing
  • Postmark — email delivery and related delivery event handling
  • Crisp — customer support chat and support communications

We may update our service providers from time to time as the service evolves. Where required, we will update this Privacy Policy or related legal information to reflect material changes.

We may update our service providers from time to time as the service evolves.

1. International transfers

Some of our service providers may process personal data outside your country, including outside the EEA or UK.

Where required, we rely on appropriate safeguards for such transfers, which may include contractual safeguards, data processing terms, or other lawful transfer mechanisms offered by our providers. Providers such as Google/Firebase, Stripe, Vercel, Postmark, and Crisp publish privacy and/or data processing materials addressing international transfers and related safeguards. (Firebase)

1. Data retention

We keep personal data only for as long as reasonably necessary for the purposes described in this Privacy Policy, including:

  • providing the service
  • maintaining product integrity and security
  • meeting legal, accounting, and contractual obligations
  • resolving disputes and enforcing agreements

Retention periods may vary depending on the type of data, the customer’s subscription status, the feature involved, and legal or operational requirements.

1. Security

We use reasonable technical and organizational measures to protect personal data against unauthorized access, loss, misuse, or alteration.

No service can guarantee absolute security, but we aim to use appropriate safeguards in relation to the nature of the data and the service we provide. Our providers also publish security and privacy materials relevant to their services. (Firebase)

1. Your rights

Where applicable law gives you rights over your personal data, you may have the right to:

  • access your personal data
  • correct inaccurate personal data
  • request deletion
  • object to certain processing
  • request restriction of processing
  • request data portability
  • withdraw consent where processing is based on consent
  • lodge a complaint with a supervisory authority

If LeadBox processes data on behalf of a customer, we may need to direct your request to the relevant customer, because that customer may be the controller of the relevant workspace data.

1. Cookies and similar technologies

We may use cookies or similar technologies on our website, documentation, application, and support surfaces for purposes such as:

  • authentication and session continuity
  • security
  • service functionality
  • support chat functionality
  • performance and diagnostics

Where required by law, we will provide appropriate notices or choices.

1. Support chat and support communications

If you use our support chat or contact us for support, we may process the information you provide, including your contact details, support messages, and related technical context needed to investigate and respond.

1. Children

LeadBox is intended for business use and is not directed to children.

1. Changes to this Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes, we will update the effective date and may provide additional notice where appropriate.

1. Contact

If you have questions, requests, or concerns about this Privacy Policy or our handling of personal data, contact:

Tamertech - Denmark

Kildeagervej 241, 8361-DK Hasselager

support@getleadbox.com