Legal
Privacy Policy
Last updated: July 10, 2026· Draft, pending legal review
1. Who we are
Leagion is operated by Formacha Digital. This policy explains what information we collect when you use Leagion, why we collect it, and how it is handled.
2. Information we collect
- Account information. Name, email address, and a hashed password (or Google OAuth identifier) when you sign up. Stored via Supabase.
- Billing information. Payment details are processed by Stripe. We do not store your card number; we receive a customer ID and the last four digits for receipts.
- Usage data. Searches you run, leads you save, and pipeline activity inside your account.
- Technical logs. Standard server logs (IP, user agent, timestamps) used for security and debugging.
- Content you create. Your offer and positioning text, email and postcard templates you write, images you upload for postcards, and notes on leads.
- Prospect data. Business listings your searches return (names, addresses, phone numbers, websites, and publicly listed contact information), sourced from third-party directories and, when you use decision-maker research, from the prospect's own public website.
3. How we use information
- To provide the service and run searches you request.
- To power AI features you use, including lead scoring, email drafting, call scripts, and the chat assistant (see Section 4).
- To send outreach emails and postcards you compose to the prospects you choose.
- To process payments and issue receipts.
- To send transactional email (account, billing, security).
- To measure our own advertising (see Section 5).
- To improve product reliability and prevent abuse.
- To respond to support requests you send us.
4. AI features
Several Leagion features are powered by third-party large language models, currently Google (Gemini), with Anthropic and OpenAI available as alternate providers. When you use these features, the relevant data is sent to the model provider to generate the output:
- Lead scoring and verdicts: business listing details plus your offer and positioning text.
- Decision-maker research: content from the prospect's public website.
- Email drafts and personalization, call scripts, and the chat assistant: lead details, your offer, and text you type into those features.
We do not use your data to train models, and our provider agreements do not permit them to train on it. AI output can be wrong; review it before you rely on it or send it.
5. Advertising and analytics
Our marketing pages and signup flow use the Meta Pixel, which sets cookies and reports page views and signup or purchase events to Meta so we can measure our own advertising. When a purchase completes we also send Meta a hashed (not readable) form of the purchaser's email address for ad measurement. We use PostHog for product analytics and Sentry for error monitoring. We do not run third-party advertising trackers inside the logged-in dashboard.
6. What we do not do
- We do not sell your data. Sharing hashed email with Meta for ad measurement (Section 5) may count as “sharing” under some state privacy laws; you can opt out by emailing us (Section 10).
- We do not share your lead lists with other customers.
- We do not let AI providers train on your data.
7. Service providers
We share information only with vendors needed to operate the service:
- Supabase for database, authentication, and file storage.
- Stripe for subscription billing and payment processing.
- Apify for directory data ingestion on lead searches.
- Google, Anthropic, and OpenAI as AI model providers for the features in Section 4.
- Resend for delivering outreach and transactional email you send.
- Lob for printing and mailing postcards you send, including recipient postal addresses and your card content.
- Apollo for optional contact enrichment, where enabled on your plan.
- Meta for advertising measurement as described in Section 5.
- Vercel for hosting and edge delivery.
- Sentry and PostHog for error monitoring and product analytics.
Each vendor is bound by its own data processing terms and only receives the information required to perform its function.
8. Data retention
We retain your data while your account is active. If you cancel, we delete your account contents within 90 days, unless we are required to retain certain records for legal, tax, or fraud prevention purposes.
9. Security
Data is encrypted in transit (TLS) and at rest. Database access is scoped per organization through row-level security. We follow standard practices for credential storage and incident response, though no system can be guaranteed against all threats.
10. Your rights
You can access and update your account from the settings page, export your lead data as CSV at any time, and request deletion of your account or opt out of the ad-measurement sharing described in Section 5 by emailing hello@leagion.ai. Depending on where you live, you may have additional rights under applicable laws (for example, GDPR or CCPA); we will honor valid requests in line with those laws.
11. Cookies
We use cookies for authentication and session management, and on our marketing pages the Meta Pixel sets advertising cookies as described in Section 5. We do not set advertising cookies inside the logged-in dashboard.
12. Children
Leagion is intended for business use by adults. We do not knowingly collect information from anyone under 18.
13. Changes to this policy
We may update this policy. Material changes will be communicated by email or in-app notice. The “Last updated” date at the top of this page reflects the most recent revision.
14. Contact
Questions about this policy or how we handle your data? Email hello@leagion.ai.