Privacy Policy

Last updated: February 27, 2026

LeadResponse ("we," "us," or "our") operates the website located at leadresponse.co and the LeadResponse application (collectively, the "Service"). This Privacy Policy explains what information we collect, how we use it, who we share it with, and how you can control or delete your data.

This policy applies to all users of our Service, including business account holders who connect their Instagram accounts and the individuals ("leads" or "end users") who interact with those accounts through Instagram.

By using our Service, you agree to the practices described in this Privacy Policy. If you do not agree, please do not use the Service.

1. Information We Collect

Information You Provide to Us

When you create an account or use our Service, we may collect:

  • Account information: Your name, email address, and password.
  • Billing information: Payment details processed through our payment provider, Stripe. We do not store your full credit card number on our servers.
  • Business information: Details about your business, services, and preferences that you provide during setup to customize the AI assistant's behavior.
  • Calendar information: When you connect a scheduling tool such as Calendly or Google Calendar, we access your availability and booking information to facilitate appointment scheduling on your behalf.

Information We Collect Through the Instagram API

Our Service integrates with Instagram through Meta's official Instagram Graph API and Instagram Messaging API. When you connect your Instagram Business or Creator account, we access and process the following data with your authorization:

  • Instagram account metadata: Your Instagram username, account ID, and profile picture (accessed via the instagram_basic / instagram_business_basic permission).
  • Direct messages: Messages sent to and from your Instagram Business account (accessed via the instagram_manage_messages / instagram_business_manage_messages permission). This includes message content, sender information (Instagram-scoped user IDs), and timestamps.
  • Comments on your posts: Comments made on your Instagram posts and Reels, including the commenter's username and comment content (accessed via the instagram_manage_comments permission).
  • Page metadata: Information about the Facebook Page linked to your Instagram account, used to establish and maintain the API connection (accessed via pages_show_list, pages_manage_metadata, and pages_messaging permissions).

We only access data from Instagram accounts that you explicitly authorize and connect through our Service. We do not access personal Instagram accounts, private user data from accounts you do not own, or any data beyond the scope of the permissions you grant.

Information Collected Automatically

When you visit our website or use our Service, we may automatically collect:

  • Device and browser information: Browser type, operating system, and device identifiers.
  • Usage data: Pages visited, features used, and interactions with the Service.
  • IP address and approximate location.
  • Cookies and similar technologies: We use cookies to maintain your session, remember preferences, and improve the Service. You can control cookies through your browser settings.

2. How We Use Your Information

We use the information we collect to:

  • Provide and operate the Service: Process Instagram messages, detect comment triggers, generate AI-powered responses, and facilitate appointment booking on your behalf.
  • Manage your account: Authenticate your identity, process payments, and communicate with you about your account.
  • Improve the Service: Analyze usage patterns, diagnose technical issues, and develop new features.
  • Communicate with you: Send service-related notifications, respond to support requests, and share product updates (you can opt out of non-essential communications at any time).
  • Ensure security and compliance: Detect fraud, enforce our Terms of Service, and comply with legal obligations.

We process Instagram data exclusively for the purposes described above and in accordance with the permissions you grant during setup. We do not use Instagram data for advertising, profiling, or any purpose unrelated to providing the Service.

3. How We Share Your Information

We do not sell your personal information. We do not sell or purchase data obtained through the Instagram API. We share information only in the following limited circumstances:

  • AI model providers: Message content is sent to third-party AI providers (currently Anthropic and OpenAI) to generate conversational responses. These providers process data solely to provide their AI services and are bound by their own data processing agreements. We do not send personally identifiable information beyond the message content necessary to generate a response.
  • Payment processors: Billing information is shared with Stripe to process payments. Stripe's privacy practices are governed by their own privacy policy.
  • Calendar integrations: When you connect Calendly or Google Calendar, appointment details are shared with these services to book appointments. Only the information necessary to create a booking is shared.
  • Infrastructure providers: We use third-party hosting and database services (such as Vercel and Supabase) to operate the Service. These providers act as data processors on our behalf and are contractually obligated to protect your data and use it only as we direct.
  • Legal requirements: We may disclose information if required by law, regulation, or legal process, or if we believe disclosure is necessary to protect the rights, safety, or property of our users or the public.
  • Business transfers: If our business is acquired or merged with another company, your information may be transferred as part of that transaction. We will notify you of any such change.

We do not share Instagram data with any third party for their own independent use, marketing, or analytics purposes.

4. Data Retention and Deletion

We retain your data only as long as necessary to provide the Service and fulfill the purposes described in this policy.

  • Account data: Retained for as long as your account is active. When you delete your account, we delete your personal data within 30 days, except where retention is required by law.
  • Instagram message data: Conversation data is retained for the duration of your active subscription to provide context for ongoing conversations and reporting. When you disconnect your Instagram account or delete your LeadResponse account, this data is deleted within 30 days.
  • Billing records: Retained as required by applicable tax and financial regulations.

How to Request Data Deletion

You can request deletion of your data at any time by:

  • Contacting us at privacy@leadresponse.co
  • Using the account deletion option within the Service settings

Upon receiving a valid deletion request, we will delete your data and instruct our service providers and sub-processors to delete your data without undue delay, except where retention is required by law.

If Meta requests deletion of data obtained through their platform, we will comply promptly.

If a user deletes their Instagram account or disconnects from our Service, we will delete the associated data in accordance with Meta's Platform Terms.

5. Data Security

We implement reasonable administrative, technical, and physical safeguards to protect your information, including:

  • Encryption of data in transit (TLS/SSL) and at rest.
  • Secure authentication and access controls.
  • Regular security reviews of our infrastructure and practices.

No method of transmission or storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

6. Your Rights and Choices

Depending on your location, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you.
  • Correction: Request that we correct inaccurate or incomplete information.
  • Deletion: Request that we delete your personal information (see Section 4).
  • Portability: Request a copy of your data in a portable format.
  • Opt out: Opt out of non-essential communications at any time.
  • Withdraw consent: Where processing is based on consent, you may withdraw consent at any time by disconnecting your Instagram account or contacting us.

To exercise any of these rights, contact us at privacy@leadresponse.co. We will respond within 30 days.

For California Residents (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act and the California Privacy Rights Act, including the right to know what personal information we collect and how it is used, the right to request deletion, and the right to non-discrimination for exercising your privacy rights. We do not sell personal information.

For European Residents (GDPR)

If you are located in the European Economic Area, you have rights under the General Data Protection Regulation, including the right to access, rectify, erase, restrict processing, and data portability, as well as the right to lodge a complaint with your local supervisory authority.

7. Use of Meta Platform Data

Our use of information received from Meta APIs adheres to Meta's Platform Terms and Developer Data Use Policy, including the following commitments:

  • We only process data received from Meta's Instagram APIs as described in this Privacy Policy and in accordance with the permissions granted by the user.
  • We do not use Instagram data for purposes unrelated to providing the Service.
  • We do not sell data obtained from Meta's APIs.
  • We do not use data received from Meta for surveillance, discriminatory practices, or to build independent user profiles beyond what is necessary to provide the Service.
  • We do not attempt to re-identify anonymized or de-identified data.
  • We delete data received from Meta's APIs when requested by Meta, when the user disconnects their account, when it is no longer necessary to provide the Service, or when required by applicable law.

This Privacy Policy does not supersede, modify, or conflict with Meta's Platform Terms.

8. Children's Privacy

Our Service is designed for businesses and is not intended for use by individuals under the age of 16. We do not knowingly collect personal information from children under 16. If we learn that we have collected information from a child under 16, we will delete that information promptly.

9. Third-Party Links and Services

Our Service may contain links to third-party websites or services (such as Instagram, Calendly, or Stripe). This Privacy Policy applies only to our Service. We are not responsible for the privacy practices of third-party services, and we encourage you to review their privacy policies.

10. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website and updating the "Last Updated" date. We retain all prior versions of this policy and will provide them to Meta upon request.

Your continued use of the Service after changes are posted constitutes your acceptance of the updated policy.

11. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us:

Email: privacy@leadresponse.co
Website: https://leadresponse.co