Privacy Policy.

1. Scope

This policy covers VisitorLead(the "Service") operated by VisitorLead, Inc. ("we", "us"). It applies to the VisitorLead website, dashboard, and the pixel our customers embed on their own sites. It does not cover the practices of those customers on their own websites, they publish their own privacy policies.

2. Information we collect

From our customers

• Account email, name, and OAuth profile data when you sign in with Google or Microsoft.
• Billing identifiers (customer ID, plan, usage events). We do not store full payment card details, those live with our billing processor.
• Workspace configuration and content you upload (site list, exports you trigger, settings).

From visitors to our customers' sites

• IP address, user agent, referrer, pageviews, custom events, and session replay payloads.
• A person-level identification payload, only when the visitor is in the United States and passes our bot filter.

3. How we use it

We use the information above to deliver the Service, prevent fraud, bill accurately, secure the platform, and improve the product. We do not use customer data for advertising, do not sell it, and do not use it to train third-party models.

4. Person-level identification is US-only

Person-level identification runs only after a US GeoIP gate. Non-US visitors are never resolved to a person, their session is recorded as analytics only. This is a hard product constraint, not a configurable setting.

5. Cookies

The VisitorLead pixel sets a first-party cookie on the customer's domain so we can de-duplicate visits within a session. We do not set third-party cookies. We do not fingerprint browsers. We do not build cross-site profiles.

6. Sharing and subprocessors

We share information with subprocessors that help us deliver the Service, cloud infrastructure, the identity partner, transactional email, billing, and authentication. The current subprocessor list is available under NDA with our DPA. Subscribed customers receive 30 days' notice of any change. See our security page for our public security posture.

7. Your rights (CCPA)

If you are a US consumer, you have the right to know what we've collected about you, the right to request deletion, the right to correct, the right to opt out of any sale (we don't sell), the right to limit use of sensitive personal information, and the right not to be discriminated against for exercising these rights.

8. Public opt-out

To opt out of person-level identification across every VisitorLead customer, email [email protected] with the subject line OPT-OUT and the email address you want suppressed. We honor verified requests within 30 days by:

1. Suppressing future identification of the requesting visitor across all customer workspaces, and
2. Deleting prior identification records matching the same identifier across all workspaces.

Analytics and replay data on customer sites is governed by the customer's own policy, contact the site owner for those requests.

9. Retention

• Session replays: 30 days, then auto-deleted.
• Analytics events: 13 months by default.
• Identification ledger: lifetime of the workspace, this is what powers per-workspace dedup. Deleted on workspace deletion or verified opt-out.
• Account and billing records: as long as required by tax and contract law (typically 7 years).

10. Children

The Service is not directed to anyone under 18. We do not knowingly collect personal information from children. If you believe a child has provided information, contact us and we will delete it.

11. International transfers

Data is stored in the United States. For EU/UK/Swiss visitors, transfers occur under Standard Contractual Clauses where applicable.

12. Changes to this policy

We will email account owners and post a banner on the dashboard at least 14 days before any material change takes effect. The "Last updated" date at the top of this page reflects the most recent revision.

13. Contact

Privacy questions: [email protected]
Security disclosures: [email protected]
Postal: VisitorLead, Inc., address available on request from the email above.