FreelanceLeads.io ("we," "us," or "our") is committed to protecting your privacy. This Privacy Policy explains what data we collect, how we use it, and your rights regarding that data when you use our web application and related services (the "Service").
By using the Service, you agree to the practices described in this policy. If you do not agree, please do not use the Service.
2. Data We Collect
2.1 Account Information
Name, email address, and password (hashed)
Agency or business name, phone number, job title
Niche specializations and target cities
Avatar image URL
2.2 Business Data from Searches
Search queries you perform (niche, location) and the resulting business leads
Website analysis data for discovered businesses (page speed scores, SEO metrics, social profiles)
Saved leads, pipeline stages, notes, and outreach history
AI-generated pitch emails, proposals, and case studies
2.3 Billing Information
Payment processing is handled entirely by Stripe. We store your Stripe customer ID and subscription status but never store credit card numbers or full payment details on our servers.
2.4 Usage and Log Data
IP address, browser type, and device information
Pages visited, features used, and timestamps
Email open and click tracking (for outreach emails you send)
3. Third-Party Services
We use the following third-party services to operate FreelanceLeads.io. Each service has its own privacy policy governing its use of data:
Google APIs(Places API, PageSpeed Insights API, OAuth) — Used for business discovery, website performance analysis, and sign-in authentication.
Anthropic AI (Claude) — Powers AI-generated pitch emails, proposals, and content analysis. Business data from searches may be sent to Anthropic for processing.
Stripe— Handles all payment processing and subscription management.
DataForSEO— Provides SEO metrics including backlink data, domain authority, and SERP analysis.
Moz— Provides domain authority measurements when you audit a website or a lead's site. The target domain (never your personal data) is sent to Moz.
Semrush— Provides keyword research, organic traffic estimates, and competitor analysis. The target domain or keyword is sent; your personal data is not.
Brave Search— Used as a fallback search provider and for brand-mention monitoring. Only the search query is sent (usually a public keyword or brand name).
Google Places / PageSpeed — Provides business listing data and website performance scoring. The target business name/URL is sent; your personal data is not.
Upstash Redis— Used for rate limiting and caching to improve performance.
Neon PostgreSQL— Cloud-hosted database where your account data, leads, and content are stored.
When you analyze a website: the URL you submit is transmitted to our SEO data providers (DataForSEO, Moz, Semrush) so they can return metrics. We never send your account credentials or contact list to these providers.
3b. Legal Basis for Processing (GDPR Art. 6)
Performance of a contract: processing account data, subscription status, and usage counters so we can deliver the Service you signed up for.
Legitimate interest: security logging, fraud prevention, rate-limit enforcement, and aggregated product analytics. You can object at any time by contacting us.
Consent: any marketing communication (newsletters, product updates). Transactional emails (verification, password reset, subscription receipts) do not rely on consent — they rely on contract performance.
Legal obligation: retaining payment records for tax/accounting purposes as required by applicable law.
3c. California Residents (CCPA / CPRA)
If you are a California resident, you have the right to (a) know what personal information we collect and how we use it, (b) request deletion of your personal information, (c) opt out of the sale or sharing of personal information, and (d) not be discriminated against for exercising these rights. We do not sell or share your personal information for cross-context behavioral advertising. To exercise any of these rights, email us at the address at the bottom of this page.
4. How We Use Your Data
Lead generation: Searching for businesses, analyzing their online presence, and scoring them as potential clients.
AI analysis: Generating personalized pitch emails, proposals, case studies, and website reports.
Billing: Managing your subscription, processing payments, and enforcing usage limits.
Improvement: Analyzing aggregate usage patterns to improve the Service.
5. Cookies
We use session cookies via NextAuth.js to keep you signed in. These cookies are essential for the Service to function and are not used for advertising or cross-site tracking.
We do not use third-party advertising cookies. If we integrate analytics in the future, we will update this policy accordingly.
6. Data Retention and Deletion
We retain your data for as long as your account is active. When you delete your account, all associated data — including searches, saved leads, proposals, case studies, portfolios, and sent email records — is permanently removed from our database within 30 days.
Some anonymized, aggregated data (such as total search counts) may be retained for analytics purposes after account deletion.
7. Data Security
We implement industry-standard security measures including HTTPS encryption, hashed passwords, rate limiting, and account lockout protection. However, no method of transmission over the Internet is 100% secure, and we cannot guarantee absolute security.
8. Your Rights
Depending on your jurisdiction, you may have the following rights regarding your personal data:
Access: Request a copy of the personal data we hold about you.
Correction: Update or correct inaccurate data through your account settings.
Deletion: Delete your account and all associated data from your settings page.
Portability: Request your data in a portable format by contacting us.
Objection: Object to certain data processing activities.
To exercise any of these rights, please contact us using the information below.
9. Children's Privacy
The Service is not intended for users under the age of 18. We do not knowingly collect personal data from children. If we become aware that a child has provided us with personal data, we will delete it promptly.
10. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes your acceptance of the revised policy.
11. Contact Us
If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at: