1. What stays on your device — and what passes through our servers
By default, what LeadQ works with stays in your browser. Flagged posts, draft replies, the leads in your queue, and your customer memory all live in your browser's local storage — not on our servers. If you uninstall the extension, that data goes with it.
If you turn on phone approvals (pairing the mobile app so you can approve drafts from your phone), the drafts waiting for your approval are relayed through our servers. The draft and message text itself is sealed on your computer with an encryption key that only your paired devices hold — our server passes it along but cannot read it. What our server does store in readable form for this feature: the routing details needed to deliver the queue (workspace and lead identifiers, platform, status, timestamps), short agent activity summaries shown in the app, the email address you sign in with, and your phone's push-notification endpoint so we can tell it a draft is ready. Turn phone approvals off and nothing new is relayed.
Billing and licence validation live on our servers so Stripe can manage your trial, invoices, and plan changes. Your workspace itself never syncs to a LeadQ account — only the approval queue described above passes through, and only when you've turned phone approvals on.
Your Facebook login. To attach each scanned post to the right account, LeadQ reads your existing Facebook session identifier (the c_user/i_user cookie) from facebook.com inside your own browser. This value stays on your device — it is never sent to our servers. LeadQ signs in as you using the Facebook session you already have; it never asks for or stores your Facebook password.
2. What we collect — only if you turn it on
Usage analytics is opt-in. You can turn it on in the extension settings. If it is on, we receive simple events like "extension opened", "scan completed", and "support ticket opened" — and that's it. The purpose is to know which features are actually used so we know what to improve.
For analytics we never collect, and we never sell or use for advertising: the text of Facebook posts, the content of your messages, your AI draft text, your browsing history, anything you copy to the clipboard, or your card details. There is one thing your content is used for — generating AI drafts — and because that involves sending it off your device, we describe it separately and plainly in section 3.
3. AI drafting — the text we send to draft your replies
Finding leads and writing draft replies is done by AI, and this is the one place your content leaves your device. When the agent scores whether a post is a lead, or drafts a reply to a post or message, it sends that post or conversation text — together with the instructions you've set — to our AI provider, OpenAI, which returns the score or the suggested draft. This is how the feature works; without it there are no drafts.
We don't keep that content. On LeadQ's servers we log only anonymous usage — how many AI requests you made and roughly how many tokens they used — so we can apply your plan's limits. We do not store the post text, the message content, or the draft itself on our servers. OpenAI processes the text as our sub-processor under their API terms, which state that content sent through their API is not used to train their models.
Your choice. By default this runs through LeadQ (your plan includes a bundled AI allowance). If you'd prefer your text go straight to OpenAI without passing through our servers, add your own OpenAI key in Settings → AI and switch bundled AI off — those requests then go directly from your browser to OpenAI. Either way the drafting happens on your computer, and nothing is sent or posted without your approval.
4. Error reports — a separate toggle
If a scan fails or the UI crashes, the extension can send us a short error report (e.g. "scan_failed: timeout"). It contains the error code and category, not the post or message content that triggered it. This is separately controlled from analytics and is off by default.
5. When you email support
If you email us or open a support ticket, we use what you sent to reply. If you opened the ticket from inside the extension, it may include a small diagnostic bundle (extension version, browser, licence state, workspace id/name, last error) — you'll see what's included before you send it, and it stays separate from analytics.
6. Payments
Stripe handles checkout, billing, invoices, and the customer portal. LeadQ never sees or stores your card details — they go directly to Stripe. Stripe's privacy policy covers card data; ours covers everything else.
7. Your choices
Inside the extension settings you can: turn off analytics, turn off error reporting, and delete your local data. From the billing page you can open Stripe's portal, cancel your subscription, or update your payment method.
8. How long we keep things
Telemetry (if you enabled it): 45 days, then deleted. Support emails: kept while your account is active, plus 12 months. Billing records: 6 years, because tax law. If you delete your account, we remove what we can within 30 days, except billing records that we're legally required to retain.
9. Trial and refunds
30-day free trial, no charge until day 31. 7-day refund window on your first paid month. Duplicate charges refunded in full, always. If your local law gives you stronger rights, those apply.
10. Questions or complaints
Email support@leadq.app for anything privacy-related — including data access requests, deletion requests, and complaints. We aim to reply within one working day.