← LeadForge
// LEGAL_REGISTRY
// v1.0 — Effective 2026-04-26

Terms & Privacy

The agreement between you and LeadForge AI. Written in plain language. Built around one principle: your data is sacred.

Our Security Pledge

Security is not a feature. It is the foundation.

You trust us with the contact data of your prospects, the messaging that represents your brand, and the financial credentials that power your business. That trust is non-negotiable. Every architectural decision we make — from database schema design to deployment — is filtered through one question first: "Does this protect the customer?"

End-to-End Encryption

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Secrets and API keys are stored in an isolated vault — never in plaintext, never in logs.

Tenant Isolation

Row-Level Security (RLS) policies enforce strict per-organization data boundaries at the database layer. No customer can ever query another customer's data.

Zero Data Resale

We never sell, rent, or share your lead lists, campaigns, or business intelligence with third parties. Your data is yours — full stop.

Least-Privilege Access

Internal access is governed by role-based controls and audit logs. No engineer can read your data without an approved, logged break-glass procedure.

Transparent Processing

We disclose every subprocessor we use (Stripe, B2B data providers, AI providers) and the exact data they receive. No hidden pipelines.

GDPR & CCPA Aligned

Right to access, export, rectify, and delete your data — honored within 30 days. Data Processing Addendum (DPA) available on request.

01

Acceptance of Terms

By accessing or using LeadForge AI ("the Service"), operated by LeadForge ("we", "us", "our"), you ("the Customer") agree to be bound by these Terms. If you are using the Service on behalf of an organization, you represent that you have authority to bind that organization.

If you do not agree to these Terms, do not use the Service.

02

The Service

LeadForge AI is an autonomous lead acquisition platform that discovers, researches, and engages B2B prospects on your behalf using artificial intelligence. The Service includes lead discovery, enrichment, AI message generation, outreach automation, and analytics.

We grant you a limited, non-exclusive, non-transferable license to use the Service in accordance with your subscription plan.

03

Privacy & Data Protection

Critical Section

Your data belongs to you. We act solely as a data processor on your behalf. We do not claim ownership of any leads, campaigns, messages, or business data you input or generate through the Service.

What we collect: account information (email, name, organization), Service usage data (campaigns, leads, messages), and billing data (handled exclusively by Stripe — we never store full card numbers).

What we never do:

  • Sell or rent your data to third parties.
  • Train public AI models on your prospect data or messaging.
  • Read your leads, messages, or campaigns for marketing purposes.
  • Share data with advertisers, data brokers, or analytics resellers.

Subprocessors: We rely on a small set of vetted infrastructure partners — Stripe (payments), our verified B2B contact data provider (Pro tier only), and AI model providers (Google Gemini, OpenAI) for message generation. Each is contractually bound to confidentiality and data-protection standards equivalent to our own.

04

Security Practices

Critical Section

We employ industry-leading security controls to protect your data:

  • Encryption in transit: All traffic uses TLS 1.3. We enforce HSTS, secure cookies, and reject downgraded connections.
  • Encryption at rest: Database storage and backups are encrypted with AES-256. API keys and OAuth tokens are stored in a hardware-backed secrets vault.
  • Database isolation: Row-Level Security (RLS) policies enforce strict tenant boundaries at the database engine — not just at the application layer.
  • Authentication: Industry- standard OAuth 2.0 / JWT with httpOnly refresh tokens and rotation. We support Google SSO and email/password with strong hashing (bcrypt).
  • Webhook integrity: All inbound webhooks (Stripe, integrations) are signature-verified using constant-time comparison. Unsigned or malformed events are rejected.
  • Audit logs: Access to production systems is logged, monitored, and reviewed. Anomalies trigger automated alerts.
  • Incident response: In the event of a confirmed data breach affecting your account, we will notify you within 72 hours with a full disclosure of scope, cause, and remediation.
05

Your Rights (GDPR / CCPA)

You have the right to:

  • Access all personal data we hold about you.
  • Export your data in a portable format (JSON / CSV).
  • Rectify inaccurate data.
  • Delete your account and all associated data.
  • Object to specific processing activities.
  • Withdraw consent at any time.

To exercise any of these rights, email privacy@lead-forge.io. We respond within 30 days at no cost.

06

Acceptable Use

You agree NOT to use the Service to:

  • • Send spam, unsolicited bulk messaging, or content prohibited by CAN-SPAM, GDPR, or local anti-spam laws.
  • • Harass, defraud, or impersonate any person or organization.
  • • Scrape, reverse-engineer, or attempt to circumvent our security controls.
  • • Resell, sublicense, or white-label the Service without written agreement.
  • • Upload illegal content or contact data obtained through unlawful means.

We reserve the right to suspend accounts engaged in abusive behavior, with refund of unused prepaid time.

07

Subscriptions & Billing

Paid plans are billed monthly or annually in advance via Stripe. You may cancel anytime — your subscription remains active until the end of the current billing period. We do not offer prorated refunds for unused time except where required by law.

Prices are listed in USD and may include applicable VAT/GST. Failed payments result in a 7-day grace period before the account is downgraded to Free tier (no data loss).

08

AI-Generated Content

The Service uses large language models to generate research summaries and outreach messaging. You are responsible for reviewing AI-generated content before sending it to prospects. We do not warrant accuracy and are not liable for the content you choose to send.

All AI-generated outputs are owned by you. Inputs you provide are processed transiently — they are not used to train public models.

09

Limitation of Liability

To the fullest extent permitted by law, our total liability for any claim arising out of or related to the Service is limited to the amount you paid us in the twelve (12) months preceding the claim. We are not liable for indirect, incidental, or consequential damages.

10

Termination

You may terminate your account anytime from the Settings page. Upon termination, we permanently delete your data within 30 days, except where retention is required by law (e.g. tax records). Backups are purged within 90 days.

We may terminate accounts that violate these Terms, with notice where feasible.

11

Changes to These Terms

We may update these Terms to reflect changes in the Service or legal requirements. Material changes will be communicated via email at least 30 days in advance. Continued use after the effective date constitutes acceptance.

12

Contact

For all inquiries:

Responsible disclosure

Found a vulnerability? Email security@lead-forge.io with details. We respond within 24 hours and credit verified reports in our security acknowledgements.