EFFECTIVE · JULY 5, 2026
Who we are, and the two hats we wear
lead2inbound provides software that lets businesses ("customers") import sales leads, call them with AI voice agents through the customers' own provider accounts, and transfer qualified calls to buyers.
- For customer account data and this website, we are the data controller — we decide how it's used.
- For lead data our customers import (names, phone numbers, call recordings, transcripts), we are a processor/service provider — we handle it only on the customer's instructions. If your information ended up in a customer's account, the customer is responsible for having a lawful basis to contact you, and requests about that data are best directed to them; we'll assist either way.
What we collect
From customers and their team members
- Account details: name, email address, organization name, role.
- Billing details: handled by Stripe; we never store card numbers.
- Configuration: campaigns, destinations, provider connections (credentials stored encrypted and never shown again), and an audit trail of actions.
- Product usage and diagnostics: feature-usage events (no lead personal data included, by policy) and error reports with personal data scrubbing enabled.
From leads processed on customers' behalf
- Contact fields the customer imports (name, phone, state, custom fields), consent evidence, call attempts, dispositions, recordings, and transcripts.
From visitors to this website
- If you use the demo-call widget: the phone number you enter, your consent, and your IP address — used solely to place the single demo call you requested and to prevent abuse, then retained briefly for rate-limiting and abuse-prevention records.
- If you use the contact form: the name, email, and message you send, plus your IP address for spam prevention.
How we use data
- To operate the Service: place the calls customers configure, route transfers, track results, send transactional email (sign-in links, alerts).
- To secure it: fraud and abuse prevention, rate limiting, audit logging, incident investigation.
- To improve it: aggregate, de-identified usage analysis.
- We do not sell personal information, and we never share one customer's lead data with another customer.
Subprocessors
We use a small set of infrastructure providers, each bound by their own data-protection commitments:
- Cloudflare — hosting, DNS, TLS (traffic in transit)
- Neon — Postgres database (application data at rest)
- Stripe — billing and payment processing
- Resend — transactional email delivery
- Sentry — error tracking (personal-data scrubbing enabled)
- PostHog — product analytics (no lead personal data in events, by policy)
Customers additionally connect their own provider accounts (for example Retell, ElevenLabs, Twilio, DNC data providers). Data sent to those providers is governed by the customer's direct relationship with them.
Retention
- Customer account data: retained while the account is active; exportable for 30 days after termination, then deleted from production systems on our standard schedule.
- Lead data, recordings, transcripts: retained per the customer's configuration and instructions.
- Demo-call and contact-form records: kept only as long as needed for follow-up and abuse prevention.
Your rights
Depending on where you live (for example under CCPA/CPRA or GDPR), you may have rights to access, correct, delete, or export personal information, and to object to or restrict certain processing. To exercise them, use the contact form; we respond within the timelines the applicable law requires. If your data was imported by one of our customers, we will route or assist with the request as the law requires. Self-serve per-person export and deletion tooling (including call recordings) is on our near-term roadmap; until it ships we honor these requests manually.
Cookies
This marketing site sets no advertising cookies and runs no third-party trackers. The application at app.lead2inbound.com uses strictly-necessary session cookies to keep you signed in, plus first-party product analytics.
Children
The Service is for businesses and is not directed at anyone under 18. We do not knowingly collect information from children.
Changes
We'll post updates here and, for material changes, notify customers by email or in-app before they take effect.
Contact
Privacy questions or requests: use the contact form and mention "PRIVACY" — it goes straight to the operator of the platform.