Privacy Policy

Last updated: July 2026

1. About LeadNudge

LeadNudge is a multi-tenant CRM platform that helps businesses capture, manage, and nurture leads from sources including Meta (Facebook/Instagram) Lead Ads, website forms, and manual entry. This Privacy Policy explains how we collect, use, and protect personal data processed through our platform.

2. Data We Collect

We process the following categories of personal data:

  • Lead contact information: name, email address, phone number
  • Lead attribution data: ad name, campaign name, UTM parameters, Meta lead ID
  • Custom fields: any additional fields captured via lead forms or manual entry
  • Account information: name and email of platform users (agents, admins)
  • Activity data: stage transitions, comments, and audit logs within the platform

3. How We Use Data

Personal data is used solely for the following purposes:

  • Displaying and managing leads within the CRM pipeline
  • Sending automated notifications to platform users (agents, managers)
  • Reporting conversion events to Meta via the Conversions API (CAPI) on behalf of the tenant business
  • AI-assisted lead scoring and communication drafting (data is not used to train AI models)
  • Providing platform functionality including activity logs and audit trails

4. Meta Platform Data

LeadNudge connects to Meta via the Lead Ads API and Webhooks. Lead data received from Meta is used exclusively to populate the CRM for the tenant business that owns the Facebook Page. We do not share Meta-sourced lead data with third parties outside of the tenant's own business operations.

Personal data transmitted to Meta via the Conversions API (CAPI) is hashed using SHA-256 before transmission in accordance with Meta's requirements.

5. Google Ads / Google API Data

LeadNudge integrates with Google Ads through the Google Ads API using the https://www.googleapis.com/auth/adwords OAuth scope. When a tenant connects a Google Ads account — either directly or through a managing Google Ads Manager (MCC) account — we access Google Ads data solely to provide the following features:

  • Retrieving campaign, ad group, and ad performance metrics (cost, impressions, clicks) to display advertising reports within the tenant's CRM;
  • Uploading offline conversion events to Google Ads — attributed to the original ad click via the Google Click Identifier (GCLID) — when leads reach key pipeline stages, so the tenant can measure return on ad spend.

We store the associated OAuth tokens and the tenant's Google Ads customer ID securely at rest in our EU-based database, and use them only to make Google Ads API calls on the tenant's behalf. We do not sell Google user data, use it for advertising, or use it to train AI or machine-learning models. A tenant may disconnect their Google Ads account at any time from platform settings, which revokes our stored access.

LeadNudge's use of information received from Google APIs adheres to the Google API Services User Data Policy, including the Limited Use requirements.

6. Data Storage and Security

All data is stored in Supabase (PostgreSQL) with row-level security enforced at the database layer. Each tenant's data is strictly isolated — no tenant can access another tenant's data. Data is stored on servers located in the European Union region.

We implement reasonable technical and organisational measures to protect personal data against unauthorised access, loss, or disclosure.

7. Data Retention

Lead data is retained for the duration of the tenant's active subscription. Upon subscription termination, tenant data is deleted within 30 days unless a longer retention period is required by law.

8. Third-Party Services

We use the following third-party services to operate the platform:

  • Supabase — database and authentication
  • Vercel — hosting and edge delivery
  • OpenRouter / Google / OpenAI — AI features (no data retention by these providers)
  • Resend — transactional email delivery
  • Meta — Lead Ads data source and Conversions API
  • Google Ads — advertising performance reporting and offline conversion uploads

9. Your Rights

Individuals whose personal data is stored in LeadNudge have the right to request access, correction, or deletion of their data. Requests can be submitted to the business that collected your information, or directly to us at the contact below.

For data deletion requests, please visit our Data Deletion page.

10. Contact

For privacy-related inquiries, contact us at: info@leadnudge.ae