lead source

Privacy

Privacy Policy

Last updated: 9 May 2026.

Plain-English summary

Lead Source helps website owners (our customers) see where the people who fill in their forms came from. To do that we receive form submissions from those websites and store them so the site owner can read them in their dashboard.

If you filled in a form on a website that uses Lead Source, you are a visitor. The website you submitted to is our customer; they decide what to do with your details. Lead Source is the processor — we hold the data on their behalf, encrypted, and never sell or share it with anyone else.

If you signed up for Lead Source as a website owner, you are a customer. Sections below cover both relationships.

What we collect from visitors

When a visitor submits a form on a Lead Source customer's site:

  • The values they typed into the form (name, email, phone, message, anything else the form has fields for).
  • The page they were on when they submitted.
  • The page they first landed on, if known, and how they got there (search engine, ad click, social referrer, etc.).
  • A randomly-generated browser cookie ID (ft_visitor) used solely to link a visitor's pageviews on the same site together. The ID is meaningless outside a single Lead Source customer's site — we cannot cross-track visitors between different customers' sites.
  • A salted hash of the visitor's IP address (the IP itself is never stored). Used to defeat duplicate submissions and spam.

We do not use third-party trackers, advertising pixels, or fingerprinting. The cookie is a single first-party cookie scoped to the customer's domain.

How we protect what we collect

  • Encryption at rest. Every visitor email and phone number is encrypted with AES-256-GCM before it hits our database. Lead Source operators can't read them from the database directly — the dashboard decrypts on render under the customer's authenticated session.
  • Row-level security. Postgres RLS policies guarantee a customer can only ever see leads from their own account. Cross-account leakage is structurally impossible by virtue of the database engine, not just the app code.
  • HTTPS everywhere. Every connection — to the dashboard, the tracking script, and the capture endpoint — is over TLS. The tracking script never sends data over plain HTTP.
  • No sale of data. Lead Source has never sold, traded, or shared customer or visitor data with any third party. We never will.

Your rights as a visitor

You can ask the website you submitted to (our customer) to delete your lead — they can do that themselves from their Lead Source dashboard, and the deletion is permanent (the row is hidden from every customer-facing surface and is dropped from backups within 30 days).

If you can't reach the website owner directly, email privacy@leadsource.co with a copy of the email address you submitted with, and we'll forward your request and follow up if you're a resident of a jurisdiction with a statutory right to erasure (GDPR, CCPA, etc.).

What we collect from customers (account holders)

  • The email address you signed up with.
  • The website domains you've added to your account.
  • Billing details processed by Stripe — Lead Source never sees your card number; Stripe holds the payment token.
  • Browser cookies needed to keep you signed in (sb-*-auth-token).
  • Aggregate platform metrics (latency, error rate) that don't identify any single account.

Sub-processors

Lead Source is built on a small set of third-party services:

  • Vercel — hosts the application and runs the API endpoints.
  • Supabase — Postgres database, authentication, and realtime updates.
  • Stripe — payment processing.
  • SendGrid — outbound transactional emails (lead notifications, digests, billing receipts).
  • Sentry (when enabled) — error reporting. Configured to scrub email addresses and other PII from error reports.

All sub-processors are GDPR-compliant data processors with their own privacy commitments. We have a data-processing agreement (DPA) on file with each.

Retention

Customer data is retained for the lifetime of the customer account plus 30 days after cancellation, after which it is permanently deleted (including from backups). Soft-deleted individual leads are retained on disk for an audit trail but are not visible from any customer surface; on customer account closure they're permanently dropped along with the rest of the account's data.

Children

Lead Source is a B2B product. We don't knowingly collect information from children under 16. If you believe a child has submitted a form on a Lead Source customer's site, please email privacy@leadsource.co.

Changes to this policy

We update this policy when our practices change. The "last updated" date at the top reflects the most recent revision. Material changes are emailed to active customers at least 14 days before they take effect.

Contact

Privacy questions: privacy@leadsource.co.

This policy is provided in good faith and reflects what Lead Source actually does. If you're a customer with a regulatory obligation that requires more formal language, contact privacy@leadsource.co for a signed DPA.