Privacy Policy

Last updated: 31 March 2026

Leadsit ("we", "us", or "our") is operated by DNK Ventures and accessible at leadsit.io. This Privacy Policy explains how we collect, use, and protect your personal data when you use our platform.

1. Data We Collect

We collect the following categories of personal data:

  • Account information — your email address and password (hashed), provided when you create an account.
  • Business profile — business name, your name, service type, city, target radius, website URL, slogan, pricing preferences, and ad tone.
  • Campaign data — ad copy, headlines, budgets, and audience settings generated through the platform.
  • Facebook OAuth data — when you connect your Facebook Ads account, we store a long-lived access token (valid for approximately 60 days), your Facebook user ID, and your Meta ad account ID and name. This token is stored securely in our database and never exposed to the browser.
  • Usage data — page visits and feature usage collected through our infrastructure provider (Vercel).

We do not collect payment card details directly. Payments are processed by third-party providers.

2. How We Use Your Data

We use your data solely to operate the Leadsit platform:

  • To authenticate you and maintain your session.
  • To generate AI-powered ad campaigns tailored to your business using Anthropic's Claude API.
  • To create and manage campaigns on your Meta Ads account on your behalf, using your connected Facebook access token.
  • To display your campaign performance and lead data in your dashboard.
  • To send transactional emails (account confirmations, password resets).

We do not sell your data to third parties, and we do not use your data for advertising purposes.

3. Third-Party Services

We rely on the following third-party services to operate the platform:

  • Supabase — our database and authentication provider. Your profile, campaign data, and Facebook tokens are stored in Supabase. Data is hosted in the EU. See supabase.com/privacy.
  • Meta (Facebook) — when you connect your Ads account, we interact with the Meta Graph API to create and manage campaigns. Your use of Meta's services is governed by Meta's Data Policy. See facebook.com/privacy/policy.
  • Anthropic — we send your business profile details to Anthropic's API to generate ad copy. No personally identifying information beyond what you provide is sent. See anthropic.com/privacy.
  • Vercel — our hosting and deployment platform. Vercel processes request logs that may include IP addresses. See vercel.com/legal/privacy-policy.

4. Data Retention

We retain your account and business profile data for as long as your account is active. If you delete your account, all associated data — including your business profile, campaign history, and Facebook access tokens — is permanently deleted within 30 days.

Facebook access tokens expire automatically after approximately 60 days. You can also revoke access at any time from your Facebook account settings under "Apps and Websites".

5. Your GDPR Rights

If you are located in the European Economic Area, you have the following rights under the General Data Protection Regulation (GDPR):

  • Right of access — you can request a copy of the personal data we hold about you.
  • Right to rectification — you can update your personal data at any time from the Settings page.
  • Right to erasure — you can permanently delete your account and all associated data from the Settings page ("Delete account").
  • Right to data portability — you can request an export of your personal data in a machine-readable format by contacting us.
  • Right to object — you can object to any processing of your data at any time by contacting us.

To exercise any of these rights, contact us at dylan.kwant@gmail.com. We will respond within 30 days.

6. Cookies

We use a small number of strictly necessary cookies. No tracking or advertising cookies are set. See our Cookie Policy for full details.

7. Security

We implement industry-standard security measures including HTTPS encryption, hashed passwords, and server-side storage of sensitive tokens (Facebook access tokens are never exposed to the client). Our database is hosted on Supabase with row-level security policies enforced.

8. Changes to This Policy

We may update this Privacy Policy from time to time. When we do, we will update the "Last updated" date at the top of this page. We encourage you to review this page periodically.

9. Contact

For questions or requests related to this Privacy Policy, contact us at:

DNK Ventures
Leadsit
The Netherlands
dylan.kwant@gmail.com
Terms of ServiceCookie PolicyBack to Leadsit