Privacy Policy
Last updated June 2026
Local Lead Finder (a Browzey product) helps signed-in users research publicly-available Google Maps business listings as sales leads. This policy explains what we process, why, and the rights you have. Questions: privacy@localleadfinder.app.
Data residency
Data is stored in the United States (Supabase US region). EU users may sign up; transfers rely on the EU Standard Contractual Clauses (2021/914). Every record carries a region marker for a future EU-residency option.
What we process and why (lawful basis)
| Data | Where | Lawful basis (GDPR Art. 6) | Retention |
|---|---|---|---|
| Account / billing | Server | Contract (b) | Account lifetime + 7 yrs (invoices) |
| Product profile | Server | Contract (b) | Account lifetime |
| Discovery leads (capture) | Your device only (IndexedDB) | n/a — never sent to us | You control it |
| Saved leads | Server | Legitimate interest (f) | Until you delete |
| AI verdicts | Server | Legitimate interest (f) | 12 months unless on a saved lead |
| Email-finder results | Server | Legitimate interest (f) | 90 days unless on a saved lead |
| Website-crawl content | Server | Legitimate interest (f) | 30 days |
| Credit ledger / payment events | Server | Legal obligation (c) | 7 years |
Our legitimate-interest assessment (LIA) balances B2B sales prospecting against the limited, business-context nature of the data and the controls below (suppression list, removal portal, short retention). You can object at any time (see “Your rights”).
Sub-processors
| Sub-processor | Purpose | Region |
|---|---|---|
| Supabase | Auth + database | US |
| Vercel | Hosting | US |
| Resend | Transactional email | US |
| OpenAI | Lead scoring (LLM, training opt-out) | US |
| Anymailfinder | Email lookup | EU/UK |
| Stripe | Payments | US |
| Cloudflare Turnstile | Anti-abuse (removal portal) | US |
| PostHog | Product analytics | US |
| Sentry | Error tracking (PII scrubbed) | US |
Business owners (third-party data subjects)
We do not email business owners for marketing (Art. 14(5)(b) disproportionate-effort exception; transparency is provided via this policy). If your business appears in our data, use the data-removal portal to have it erased and suppressed.
Your rights
Signed-in users can export all of their server-side data and delete their account from Settings. Third-party data subjects can use the public removal portal. Email privacy@localleadfinder.appfor any request, including objections to legitimate-interest processing. Our target is ≤7 days (hard cap 30).
Cookies
We use only essential cookies to keep you signed in — no advertising or tracking cookies.
Security
TLS 1.2+, HSTS, secrets in managed secret stores, a strict content-security policy, and no remote code in the browser extension.