Skip to content
Partner Sign-In

LeadsON

Privacy Policy

Last updated: March 2026

LeadsON handles data that matters. Your business information, your prospect data, and your reputation. This policy explains exactly what we collect, why, and what we do with it.

Who we are

LeadsON is a done-for-you outbound system that delivers qualified discovery meetings to independent operators and professional service firms. We are operated by Peter C. Bennett. Our contact for privacy matters is peter@leadson.io.

Our services

LeadsON provides two distinct service phases:

  • Deal Flow Diagnostic. A $5,000, 7-day engagement that delivers 240 qualified prospects, a rewritten offer tested against real prospect profiles, and a complete 90-day outbound execution playbook. You keep everything regardless of whether you continue.
  • Ongoing delivery. Guaranteed qualified discovery meetings (SLA-Eligible Discovery Calls) with shortfall rollover protection. If we fall short, undelivered meetings roll forward at our cost.

What we collect from you (our clients)

When you engage LeadsON, we collect:

  • Account information. Name, email address, and organization name provided during sign-in via Google or Microsoft OAuth.
  • Service configuration. Your ideal client profile, qualification criteria, voice preferences, and calendar availability.
  • Meeting outcomes. Your binary delivery verdict (yes or no) confirming whether each discovery meeting met the agreed standard.
  • Knowledge base materials. Proof assets, case studies, and offer documentation you provide for outbound personalization.
  • Payment information. Processed by our payment provider. We do not store credit card numbers.

What we collect about prospects

To deliver qualified discovery meetings, we process prospect data including:

  • Professional information. Name, job title, company, industry, and company size sourced from business data providers.
  • Contact information. Business email addresses used for outbound communication.
  • Engagement data. Email delivery status, open and click activity, reply content, and meeting booking status.
  • Enrichment data. Publicly available business information used to verify prospect qualification against your agreed criteria.

We do not purchase or process personal consumer data. All prospect data is business-context professional information.

How we use data

  • Deliver qualified discovery meetings per your agreed criteria
  • Score and qualify prospects against your ideal client profile
  • Personalize outbound communication in your voice
  • Verify prospect qualification before booking
  • Generate weekly Truth Packet reports on delivery performance
  • Track SLA-Eligible Discovery Call (SEDC) delivery and rollover balances
  • Maintain deliverability health (bounce/complaint monitoring)
  • Enforce suppression lists and unsubscribe requests

We do not use your data to train AI models. We do not sell your data. We do not share prospect data between clients.

AI-powered personalization

LeadsON uses AI to personalize outbound communication and classify prospect responses. All AI-generated content passes through human quality gates before being sent. We use third-party AI providers (currently OpenAI) for content generation and classification.

Your data is processed through these AI services solely for the purpose of delivering your service. It is not used to train third-party models per our data processing agreements with these providers.

Suppression and unsubscribe

Every outbound email includes a one-click unsubscribe mechanism compliant with RFC 8058 and CAN-SPAM requirements.

When a prospect unsubscribes, requests removal, or files a complaint, suppression is immediate and permanent. We store suppression records as cryptographic hashes only. The original email address is not retained after suppression.

Permanent suppression triggers: unsubscribe request, ISP complaint, hard bounce, prompt injection attempt, or abusive content detection. These cannot be reversed.

Temporary suppression triggers: manual hold or soft bounce (lifted after 30 days if conditions resolve).

Data storage and security

  • Data is stored in Supabase-hosted PostgreSQL with row-level security
  • All data is encrypted at rest and in transit
  • Multi-tenant isolation ensures your data is never accessible to other clients
  • OAuth tokens are stored securely with encryption at rest
  • Suppression records use SHA-256 hashing for privacy-preserving enforcement
  • Email sending uses Amazon SES with authenticated domains (SPF/DKIM/DMARC)

Third-party services

We use the following services to deliver LeadsON:

  • Amazon SES. Email sending and delivery.
  • Supabase. Database and authentication.
  • Google / Microsoft OAuth. Client sign-in and calendar integration.
  • Google / Microsoft Calendar. Meeting booking and availability.
  • Business data providers. Prospect enrichment and verification.
  • OpenAI. Email personalization, response classification, and content scoring.
  • Google Analytics. Aggregate website usage analytics (cookieless mode, no personal identifiers stored).

We do not share data with advertising networks, data brokers, or social media platforms.

Email tracking

Outbound emails may include tracking for delivery confirmation, open detection, and link click measurement. This data is used exclusively for delivery verification, cadence management, and SLA measurement. Not for advertising or profiling.

Your rights (clients)

  • Access. Request a full export of your data at any time.
  • Correction. Update your information through the platform or by contacting us directly.
  • Deletion. Request deletion of your account and associated data. We will comply within 30 days.
  • Portability. Receive your data in a standard format upon termination.

Prospect rights

  • Unsubscribe. One-click unsubscribe in every email. Suppression is immediate and permanent.
  • Access and deletion. Prospects may request access to or deletion of their data by emailing privacy@leadson.io.
  • Complaint. Prospects may report concerns to privacy@leadson.io.

Data retention

  • Active accounts. Data retained for the duration of service.
  • After termination. Client data deleted within 90 days. Full data export provided within 24 hours of termination request. Suppression records retained permanently (hashed only) to prevent re-contact of opted-out prospects.
  • Delivery logs. Email delivery and engagement data retained for 12 months for compliance and dispute resolution.
  • Diagnostic deliverables. Deal Flow Diagnostic outputs (prospect lists, rewritten offers, playbooks) are yours to keep permanently.

CAN-SPAM compliance

  • All outbound email includes accurate sender identification
  • Subject lines are not deceptive
  • Every message includes a functioning one-click unsubscribe mechanism
  • Unsubscribe requests are honored within 24 hours
  • Physical mailing address is included where required

GDPR considerations

For prospects in the European Economic Area, our legal basis for processing business contact data is legitimate interest in business-to-business communication. We maintain records of processing activities and honor data subject access requests within 30 days.

Cookies

The LeadsON platform uses essential cookies for authentication session management only. We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

We use Google Analytics in cookieless mode (Consent Mode v2 with all storage denied). No analytics cookies are written to your browser. Google Analytics collects aggregate, anonymized usage data only. No personal identifiers are stored or transmitted.

Changes to this policy

We may update this policy. Clients will receive 30 days notice of material changes. The current version is always available at this URL.

Contact

Privacy questions or data requests: privacy@leadson.io

General questions: peter@leadson.io