aLead

Privacy Policy

Last updated: May 16, 2026

1. Introduction

SoftNova Solutions ("Company," "we," "us," or "our") operates the aLead CRM platform ("Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service, including our website, applications, AI-powered features, and any related services.

By accessing or using the Service, you agree to this Privacy Policy. If you do not agree, please discontinue use of the Service immediately.

2. Information We Collect

2.1 Information You Provide Directly

  • Account Information: Name, email address, password, and role when you register or are invited to the platform.
  • CRM Data: Companies, contacts, deals, activities, tasks, meetings, notes, email content, and any custom fields you create or populate.
  • Communications: Emails sent and received through the Gmail integration, email signatures, and email tracking data.
  • Booking Information: When prospects use the public booking page, we collect their name, email, phone number, company name, and any notes they provide.
  • Payment Information: If applicable, billing details processed through our third-party payment processors.

2.2 Information Collected Automatically

  • Usage Data: Pages visited, features used, clicks, time spent, and interaction patterns within the Service.
  • Device Information: IP address, browser type and version, operating system, device identifiers, and screen resolution.
  • Email Tracking Data: When email recipients open tracked emails, we collect the time of open, IP address, and user agent of the recipient.
  • Log Data: Server logs including access times, error logs, and referring URLs.
  • Cookies and Similar Technologies: Session cookies, authentication tokens, and preference cookies (see Section 8).

2.3 Information from Third-Party Services

  • Google APIs: When you connect your Google account, we access Gmail messages (send and read), Google Calendar events, and Google Meet conference data, strictly within the scopes you authorize.
  • Business Discovery: When using the business discovery feature, we may retrieve publicly available business information from third-party data providers.

3. How We Use Your Information

We use the information we collect for the following purposes:

  • Provide and Operate the Service: Manage your account, process CRM data, send and track emails, schedule meetings, and run workflow automations.
  • AI-Powered Features: Process your queries and CRM data through our AI assistant to provide intelligent responses, deal insights, activity scoring, and recommendations (see Section 5).
  • Google Calendar Integration: Create, read, and manage calendar events on your behalf; check availability for the booking page; generate Google Meet links for scheduled meetings.
  • Email Integration: Send emails via your connected Gmail account, track email opens, sync replies, and manage threaded conversations within deals.
  • Booking Page: Display your availability to prospects, process meeting bookings, and send calendar invitations to both parties.
  • Analytics and Improvements: Understand usage patterns, improve features, optimize performance, and develop new functionality.
  • Security: Detect, prevent, and address fraud, unauthorized access, and other illegal activities.
  • Communications: Send service-related notifications, updates, and administrative messages.
  • Legal Compliance: Comply with applicable laws, regulations, and legal processes.

4. Google API Services – Limited Use Disclosure

aLead's use and transfer of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically:

  • We only access Google user data that is necessary to provide and improve the features you explicitly use (Gmail sending/reading, Calendar event management, Google Meet link generation).
  • We do not use Google user data for serving advertisements.
  • We do not allow humans to read your Google data unless: (a) we have your explicit consent, (b) it is necessary for security purposes, (c) it is required to comply with applicable law, or (d) the data is aggregated and anonymized for internal operations.
  • We do not transfer Google user data to third parties except as necessary to provide or improve the Service, as required by law, or as part of a merger/acquisition with adequate data protection commitments.
  • Google OAuth tokens (access and refresh tokens) are stored encrypted and are only used to authenticate API requests on your behalf.

5. Artificial Intelligence and Automated Processing

5.1 AI Features

The Service includes AI-powered features that use large language models (LLMs) provided by Amazon Web Services (AWS Bedrock) to:

  • Answer questions about your CRM data (deals, contacts, companies, activities).
  • Provide deal insights, recommendations, and risk assessments.
  • Assist with drafting emails, notes, and other content.
  • Generate summaries and analytics from your pipeline data.

5.2 How AI Processes Your Data

  • When you interact with the AI assistant, relevant CRM data from your account may be sent to the AI model as context to generate accurate responses.
  • AI processing occurs through AWS Bedrock, which processes data in accordance with the AWS Service Terms.
  • Your data is not used to train AI models. AWS Bedrock does not use customer inputs or outputs to train or improve its foundation models.
  • AI-generated outputs are provided as suggestions and should not be treated as professional, legal, or financial advice.

5.3 Automated Decision-Making

  • Activity Scoring: The Service automatically calculates engagement scores based on activity types (emails, calls, meetings, notes) using predefined weights. This is rule-based, not AI-driven.
  • Stale Deal Detection: Deals with no activity for 5+ days are automatically flagged. This is rule-based.
  • Workflow Automation: User-configured triggers may automatically create tasks, send emails, change deal stages, or send notifications. These are explicitly configured by authorized users.
  • No fully automated decisions with legal or similarly significant effects are made without human oversight.

6. Data Sharing and Disclosure

We do not sell your personal information. We may share your information in the following circumstances:

  • Within Your Organization: CRM data is shared among users within your organization based on role-based access controls (Admin, Manager, Sales Rep).
  • Service Providers: We use third-party services to operate the platform, including:
    • Amazon Web Services (AWS) — hosting, AI processing (Bedrock), location services, email tracking infrastructure.
    • Google — Gmail API, Google Calendar API, Google Meet, Google Maps.
  • Booking Page Visitors: When a prospect books a meeting through your public booking page, their submitted information (name, email, phone, company, notes) is stored and visible to you within the Service.
  • Legal Requirements: When required by law, regulation, legal process, or governmental request.
  • Protection of Rights: To enforce our Terms of Service, protect our rights, privacy, safety, or property, and that of our users or the public.
  • Business Transfers: In connection with a merger, acquisition, reorganization, or sale of assets, your information may be transferred as a business asset.

7. Data Retention

  • Account Data: Retained for as long as your account is active or as needed to provide the Service.
  • CRM Data: Retained until deleted by you or your organization's administrator. Deleted deals are soft-deleted and can be restored from the Trash; permanent deletion removes data irreversibly.
  • Email Tracking Data: Open tracking records are retained for the lifetime of the associated email record.
  • Audit Logs: Retained for a minimum of 12 months for security and compliance purposes.
  • AI Interaction Logs: Conversation context is session-based and not permanently stored beyond the active session.
  • Google OAuth Tokens: Retained until you disconnect your Google account or revoke access.
  • After account termination, we may retain certain data as required by law or for legitimate business purposes (e.g., fraud prevention, dispute resolution).

8. Cookies and Tracking Technologies

We use the following cookies and tracking technologies:

Type Purpose Duration
Session Cookie Authentication and session management 120 minutes / session
CSRF Token Security — prevents cross-site request forgery Session
Preference Cookie Stores UI preferences (e.g., dark mode, AI chat state) Persistent (localStorage)
Email Tracking Pixel 1×1 transparent image to detect email opens Per email

We do not use third-party advertising cookies or cross-site tracking technologies. You can control cookies through your browser settings, but disabling essential cookies may impair Service functionality.

9. Data Security

We implement industry-standard security measures to protect your information, including:

  • HTTPS/TLS encryption for all data in transit.
  • Password hashing using bcrypt.
  • CSRF protection on all forms and state-changing requests.
  • Role-based access control and policy-based authorization.
  • SQL injection protection via parameterized queries (Eloquent ORM).
  • XSS protection via output escaping (Blade templating engine).
  • OAuth 2.0 for third-party integrations (Google) — we never store your Google password.
  • Audit logging of data changes for accountability.

While we strive to protect your information, no method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security.

10. Your Rights and Choices

Depending on your jurisdiction, you may have the following rights:

  • Access: Request a copy of the personal data we hold about you.
  • Rectification: Request correction of inaccurate or incomplete data.
  • Deletion: Request deletion of your personal data, subject to legal retention requirements.
  • Portability: Request your data in a structured, machine-readable format.
  • Restriction: Request that we limit processing of your data in certain circumstances.
  • Objection: Object to processing based on legitimate interests, including automated profiling.
  • Withdraw Consent: Where processing is based on consent, you may withdraw it at any time without affecting the lawfulness of prior processing.
  • Google Account Disconnection: You can disconnect your Google account at any time via Settings → Email → Disconnect Gmail. This revokes our access to your Gmail and Calendar data.

To exercise any of these rights, contact us at the address provided in Section 15.

11. International Data Transfers

Your information may be processed and stored in the United States or other countries where our service providers operate (primarily AWS regions). By using the Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

Where required, we rely on appropriate safeguards such as Standard Contractual Clauses (SCCs) or the service provider's compliance certifications to ensure adequate protection of transferred data.

12. California Privacy Rights (CCPA/CPRA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):

  • Right to Know: You may request the categories and specific pieces of personal information we have collected about you.
  • Right to Delete: You may request deletion of your personal information.
  • Right to Opt-Out of Sale: We do not sell personal information.
  • Right to Non-Discrimination: We will not discriminate against you for exercising your privacy rights.
  • Right to Correct: You may request correction of inaccurate personal information.
  • Right to Limit Use of Sensitive Personal Information: You may limit the use of sensitive personal information to what is necessary to provide the Service.

13. European Economic Area (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Contract Performance: Processing necessary to provide the Service you requested.
  • Legitimate Interests: Analytics, security, fraud prevention, and service improvement, where not overridden by your rights.
  • Consent: For optional features such as Google account integration, email tracking, and AI assistant usage.
  • Legal Obligation: Where processing is required to comply with applicable law.

You have the right to lodge a complaint with your local data protection authority if you believe your rights have been violated.

14. Children's Privacy

The Service is not intended for individuals under the age of 16. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child under 16, we will take steps to delete such information promptly.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this page and updating the "Last updated" date. Your continued use of the Service after changes are posted constitutes acceptance of the revised policy.

16. Contact Us

If you have questions about this Privacy Policy or wish to exercise your data rights, contact us at:

SoftNova Solutions

Email: privacy@alead.in

Website: https://alead.in