Privacy Policy

Last updated: February 25, 2026

1. Overview

MyLeadScout is a web application that helps users find local business leads using the Google Places API and manage them through a built-in sales pipeline. This Privacy Policy explains what data we collect, how we use it, and how we protect it.

2. Data We Collect

We collect and store the following data when you use MyLeadScout:

2.1 Account Information (via Google OAuth)

• Email address — Used as your unique account identifier and for subscription management.
• Display name and profile picture — Displayed in the app interface for your convenience.

This information is obtained through Google OAuth when you sign in. We do not access your Gmail, Google Drive, contacts, or any other Google services beyond basic profile information.

2.2 Google Maps API Key

• Your API key is encrypted using AES-256-GCM encryption before being stored in our database.
• The encryption key is stored separately in our server environment variables and is never included in client-side code.
• We cannot read your API key in plaintext — even we cannot decrypt it without the server-side encryption key.
• Your API key is only decrypted momentarily on our server when executing a search on your behalf, and is never logged or cached.

2.3 Usage Data

• Subscription status — Your current plan (Free, Pro, or Max).
• Lead usage count — The number of leads you have found in the current billing period, used to enforce tier limits.
• Monthly reset date — When your lead usage count resets.

2.4 Pipeline / CRM Data

When you qualify leads into your sales pipeline, we store:

• Business information (name, address, phone, website, rating, review count, Google Maps URL, category).
• Pipeline metadata you create: deal stage, contact status, tags, notes, potential value, follow-up dates.
• Activity logs you create: call notes, email records, meeting notes, and other outreach activities.

This data is associated with your account and is accessible only to you.

2.5 Data We Do NOT Collect

• We do not use analytics, tracking pixels, or advertising cookies.
• We do not collect IP addresses, browser fingerprints, or device identifiers.
• We do not collect payment card details — all payments are handled by LemonSqueezy.
• We do not collect telemetry or behavioral tracking data.

3. How We Use Your Data

• Authentication — Your email identifies your account and links to your stored data.
• Search execution — Your encrypted API key is temporarily decrypted server-side to call the Google Places API on your behalf.
• Usage enforcement — Lead counts ensure you stay within your subscription tier limits.
• Subscription management — Your email is passed to LemonSqueezy to pre-fill checkout and link subscriptions to your account.
• Pipeline features — Your CRM data is stored and retrieved to provide pipeline, activity tracking, and reporting features.

4. Data Storage and Security

• Database: All user data is stored in Firebase Firestore (Google Cloud infrastructure).
• Firestore security rules block all direct client-side access. All data access goes through our authenticated server-side API routes.
• API key encryption: AES-256-GCM with a separate server-side key. Stored format: {iv}:{authTag}:{ciphertext}.
• Authentication: Google OAuth via NextAuth.js v5 with secure session management.
• Hosting: The web application is hosted on Vercel. Server-side functions run on Firebase Cloud Functions.

5. Third-Party Services

MyLeadScout uses the following third-party services:

• Google Places API — To fetch business data based on your search queries, using your own API key. Governed by the Google Maps Platform Terms and Google's Privacy Policy.
• Google OAuth — For authentication. Governed by Google's Privacy Policy.
• Firebase / Google Cloud — For data storage and server-side functions. Data is stored in Google Cloud data centers.
• LemonSqueezy — For payment processing and subscription management. Governed by LemonSqueezy's Privacy Policy. We share only your email address with LemonSqueezy for checkout pre-fill and subscription linking.
• Vercel — For web application hosting. Governed by Vercel's Privacy Policy.

6. Data Sharing

We do not sell, trade, or rent your personal data to third parties. We share data only as follows:

• Google Places API: Your search queries are sent to Google using your own API key. Google may process this data per their policies.
• LemonSqueezy: Your email address is shared for payment processing and subscription management.
• Legal requirements: We may disclose data if required by law, legal process, or government request.

7. Data Retention

• Account data is retained as long as your account is active.
• Pipeline/CRM data is retained as long as your account is active. You can delete individual leads from your pipeline at any time.
• API key can be deleted by you at any time through the Settings page.
• Account deletion: To request complete deletion of your account and all associated data, contact us at m70creativelabs@gmail.com.

8. Your Rights

You have the right to:

• Access your data — visible through the app interface (Dashboard, Pipeline, Settings).
• Delete your API key and individual pipeline leads at any time through the app.
• Request deletion of your entire account and all associated data by contacting us.
• Export your lead data as CSV or Excel at any time.

9. Cookies

MyLeadScout uses only essential cookies required for authentication session management (NextAuth.js session cookie). We do not use advertising cookies, analytics cookies, or tracking cookies of any kind.

10. Children's Privacy

MyLeadScout is not directed at children under the age of 13 and does not knowingly collect any information from children.

11. Changes to This Policy

If we update this Privacy Policy, we will revise the "Last updated" date at the top of this page. Continued use of the Service after changes constitutes acceptance of the revised policy. We encourage users to review this page periodically.

12. Contact

If you have questions about this Privacy Policy or wish to exercise your data rights, please contact us at:

m70creativelabs@gmail.com