Legal
Privacy Policy
This privacy notice explains how LeadRadar processes personal data across the marketing website, the authenticated product, billing, support, and optional analytics workflows.
Controller
Justus August - KI-Workshops und Webdesign (Einzelunternehmen)
Potsdam, Germany
Contact: contact@lead-radar.com
What this notice covers
This policy covers personal data processed when you browse the LeadRadar marketing website, create or use a LeadRadar account, run scans, contact support, purchase a paid plan, or interact with service communications. Processing is handled in line with the GDPR and applicable German and EU privacy law.
Categories of data and purposes
Website delivery and security
When you load the marketing site, technical data such as IP address, user agent, request timestamps, and referrer information may be processed to deliver the site securely and diagnose abuse or service issues.
Accounts and authentication
When you sign in to the product, LeadRadar processes account identifiers, email address, authentication tokens, and basic account metadata required to run the service and protect accounts.
Scans, results, and product usage
LeadRadar stores scan settings, discovered business data, lead states, notes, step metrics, screenshots, exports, and related usage data so scans can run, results can persist, and the workflow remains usable across sessions.
Billing and plan management
When you upgrade, billing-related data is processed to create checkout sessions, confirm subscription state, enforce plan gates, and maintain accounting records.
Support and contact handling
If you email LeadRadar, the contents of your message and related correspondence are processed to answer requests, resolve issues, and maintain a record of support interactions where necessary.
Legal bases
- Art. 6(1)(b) GDPR: processing necessary to provide the service, create an account, run scans, deliver paid features, and take pre-contractual steps at your request.
- Art. 6(1)(f) GDPR: processing based on legitimate interests in operating a secure product, preventing abuse, improving performance, and answering product enquiries.
- Art. 6(1)(c) GDPR: processing necessary to satisfy legal obligations such as record-keeping and tax or regulatory compliance.
- Art. 6(1)(a) GDPR: processing based on consent where optional analytics or similar voluntary features are introduced and consent is required.
Processors and infrastructure
- Vercel hosts the marketing website and may process technical request data and privacy-friendly analytics.
- Clerk is used for authentication and account identity management in the product app.
- Railway-hosted services process application runtime, API, worker, database, and queue infrastructure.
- Stripe processes subscription checkout, billing events, and payment-related metadata.
- Cloudflare R2 stores screenshots and exports where the SaaS storage backend is configured.
- Google APIs are used for Places, geocoding, and PageSpeed-related scan functionality.
- Gemini is used for AI-powered visual rating and related enrichment features where enabled.
International transfers
Some processors may process data outside the European Union. Where this happens, LeadRadar relies on appropriate safeguards such as contractual commitments and, where applicable, EU Standard Contractual Clauses or equivalent lawful transfer mechanisms.
Retention
Personal data is kept only as long as necessary for the purposes described above. Runtime logs and technical diagnostics are normally kept for a limited period unless they are needed longer for abuse prevention or security review. Account, billing, and business records may be retained longer where required by law.
If you want specific account data deleted, email contact@lead-radar.com and LeadRadar will review the request against applicable retention obligations.
Your rights
- Right of access under Art. 15 GDPR.
- Right to rectification under Art. 16 GDPR.
- Right to erasure under Art. 17 GDPR.
- Right to restriction of processing under Art. 18 GDPR.
- Right to data portability under Art. 20 GDPR where applicable.
- Right to object under Art. 21 GDPR to processing based on legitimate interests.
- Right to withdraw consent at any time for any consent-based processing.
- Right to lodge a complaint with a competent supervisory authority under Art. 77 GDPR.
Updates
LeadRadar may update this privacy notice when legal requirements or processing activities change. Material changes will be reflected on this page with an updated revision date.