← Back to Sonalead

Privacy Policy

Last updated: April 3, 2026

1. Introduction

This Privacy Policy explains how Sonalead ("we", "us", "the Service"), operated by an individual based in Poland, European Union, collects, uses, stores, and protects your personal data when you use sonalead.com.

As an operator based in the EU, we are subject to the General Data Protection Regulation (GDPR) (EU) 2016/679. We take your privacy seriously and are committed to processing your data lawfully, fairly, and transparently.

By using Sonalead, you acknowledge you have read and understood this Privacy Policy. If you do not agree, please do not use the Service.

2. Data Controller

The data controller for personal data collected through Sonalead is the individual operator of Sonalead, based in Poland, European Union. For privacy-related inquiries, contact us at: no-reply@contact.sonalead.com

3. Data We Collect

3.1 Account Data

When you register, we collect your email address and a hashed version of your password. We may also store your name or display name if provided. This data is necessary to provide you with access to the Service.

3.2 Onboarding and Profile Data

During onboarding, we collect information about your business, niche, offer, and target customer. This data is used to personalize your lead scanning results and AI-generated outputs. You can update or delete this data at any time through your settings.

3.3 Email code verification and anti-abuse checks

When you verify your account for the free trial, we send a one-time verification code to your email. To prevent abuse, we may process your email domain quality and IP reputation through trusted vendors. We store a verification timestamp, canonicalized email identity signals (for duplicate prevention), and risk decision logs for security and abuse prevention.

3.4 Subscription and Billing Data

We collect data about your subscription plan, trial status, and billing history. Payment processing is handled entirely by Stripe. We do not store your full credit card number, CVV, or other raw payment details. We store a Stripe customer ID and subscription ID to manage your account when you subscribe.

3.5 Usage Data

We collect data about how you use the Service, including the number of scans performed, leads viewed, analyses run, trends accessed, and feature usage. This data is used to enforce plan limits, improve the Service, and prevent abuse.

3.6 Lead and Pipeline Data

Leads you save, move through your pipeline (Active, Saved, Contacted), or dismiss are stored in association with your account. This data is stored so you can access your pipeline across sessions.

3.7 Communications Data

If you contact us or opt into marketing emails during signup, we store your email address and your marketing preference for that purpose. You can unsubscribe at any time.

3.8 Technical Data

We may collect standard technical information such as IP address, browser type, operating system, and timestamps of actions within the Service. This is used for security, debugging, and abuse prevention.

4. How We Use Your Data

We use your personal data for the following purposes, each supported by a lawful basis under GDPR:

  • Service delivery - to provide lead scanning, AI analysis, and other features (Contractual necessity)
  • Account management - to manage authentication, plan limits, and billing (Contractual necessity)
  • Transactional emails - to send account confirmations, trial warnings, and payment notifications (Contractual necessity)
  • Marketing emails - to send product updates and news, only if you opted in (Consent - withdrawable at any time)
  • Service improvement - to analyze usage patterns and improve product features (Legitimate interest)
  • Security and fraud prevention - to detect abuse, enforce limits, and protect the Service (Legitimate interest)
  • Legal compliance - to comply with applicable laws and respond to lawful requests (Legal obligation)

5. Third-Party Processors

We share data with the following third-party service providers who process data on our behalf. All processors are contractually obligated to protect your data and use it only for specified purposes.

Supabase

Database, authentication, and storage. Stores your account data, profile, leads, and usage data. Based in the US with EU data residency options. Privacy Policy

Stripe

Payment processing. Handles all billing data. We share your email and subscription status with Stripe. Stripe is PCI-DSS compliant. Privacy Policy

Resend

Transactional and marketing email delivery. Your email address is shared with Resend to deliver account-related emails. Privacy Policy

IPQualityScore (IPQS)

Email and IP risk assessment used to block disposable, high-risk, and abusive signup attempts. Privacy Policy

Groq

AI inference. Your onboarding data and lead content is sent to Groq's API to generate intent scores, outreach messages, and offer analysis. Data is processed in the US. Privacy Policy

Serper

Search API used to surface Reddit content. Your keywords and niche data are sent as search queries. No personal identity data is transmitted. Privacy Policy

Vercel

Cloud hosting and deployment. Processes request metadata and logs. Privacy Policy

We do not sell your personal data to any third party. We do not share your data with advertisers.

6. Data Retention

We retain your personal data for as long as your account is active. If you delete your account, we will delete or anonymize your personal data within 30 days, except where retention is required by law (e.g. billing records, which may be retained for up to 7 years under Polish accounting law).

Usage logs and technical data may be retained in anonymized or aggregated form indefinitely for product improvement purposes.

7. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

  • Right of access - you can request a copy of the personal data we hold about you
  • Right to rectification - you can request correction of inaccurate data
  • Right to erasure - you can request deletion of your data ("right to be forgotten")
  • Right to restriction - you can request that we restrict processing of your data in certain circumstances
  • Right to data portability - you can request your data in a machine-readable format
  • Right to object - you can object to processing based on legitimate interests
  • Right to withdraw consent - where processing is based on consent (e.g. marketing emails), you can withdraw it at any time

To exercise any of these rights, email us at no-reply@contact.sonalead.com. We will respond within 30 days. You also have the right to lodge a complaint with the Polish Data Protection Authority (UODO) at uodo.gov.pl.

8. International Data Transfers

Some of our third-party processors are based outside the European Economic Area (EEA), including in the United States. Where we transfer data outside the EEA, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) adopted by the European Commission, or transfers to countries with an adequacy decision.

9. Cookies and Tracking

Sonalead uses cookies and similar technologies solely for functional purposes, including authentication session management. We do not use advertising cookies, third-party tracking pixels, or behavioral analytics cookies.

You can disable cookies in your browser settings, but this may prevent you from logging in or using the Service.

10. Data Security

We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, loss, or destruction. These include encrypted storage, secure authentication, and access control. However, no system is completely secure and we cannot guarantee absolute security.

In the event of a personal data breach that is likely to result in a high risk to your rights and freedoms, we will notify you without undue delay as required by GDPR Article 34.

11. Children's Privacy

Sonalead is not directed at children under the age of 16. We do not knowingly collect personal data from anyone under 16. If we become aware that a user under 16 has created an account, we will delete their data promptly.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "last updated" date at the top of this page. For significant changes, we may notify you by email. Continued use of the Service after changes are posted constitutes acceptance of the updated Policy.

13. Contact

For any questions, requests, or complaints regarding this Privacy Policy or our data practices, contact us at:

no-reply@contact.sonalead.com

We aim to respond to all privacy inquiries within 30 days.