Privacy Policy

Last updated: 12 May 2026

Leafer ("we", "us") is committed to protecting the privacy of our customers and the individuals whose data we help process. This policy explains what data we collect, how we use it, and your rights.

1. Data we collect

From customers (signed-up users): name, email, organization details, billing data via Stripe, usage analytics. From processed leads on behalf of customers: business contact details publicly available (names, roles, business emails, company names).

2. Legal basis (GDPR/KVKK)

For customer data: contract performance and our legitimate interest in providing the service. For processed leads on behalf of customers: our customers act as Data Controllers; Leafer acts as Data Processor under their lawful basis (typically Legitimate Interest with LIA).

3. Sub-processors

See our sub-processors list.

4. Data retention

Customer data: while the account is active and 30 days after deletion. Audit logs: 7 years (regulatory). Lead data: per customer instruction, default 24 months.

5. Your rights

Access, rectification, erasure, portability, objection, restriction. Email privacy@leafer.io for any data subject request — we respond within 30 days.

6. Contact

Data Protection inquiries: privacy@leafer.io