Privacy Policy

This policy explains what we collect, why we collect it, and what we do with it. We try to keep it short and in plain English. If anything is unclear, contact support through your dashboard and we'll explain.

1. Who this applies to

LeadGrab has two kinds of users:

• Contractors — the businesses who sign up for an account, share their LeadGrab link, and manage their leads through the dashboard.
• Customers — the people who fill out a contractor's intake form, view a quote, accept it, and check on the status of their job.

This policy covers both. The contractor is the one who collects customer information through their LeadGrab link; LeadGrab is the tool they use to do it.

2. What we collect

From contractors

• Name, email address, business name, business phone
• Optional: business logo, brand color, address, Google review link
• Account credentials (managed by Firebase Authentication — we never see your password directly)
• Service offerings and pricing you set up
• Form submissions, quotes, payments, and notes you record about your jobs

From customers

• Name, email, phone, address (whatever fields the contractor enabled on their form)
• Photos and videos uploaded with the request
• Anything typed into the request description, follow-up updates, or quote-decline reason
• Whether and when the customer opened the quote, accepted/declined it, and made payments

Automatically

• Basic technical data: browser type, IP address (for rate limiting and abuse detection), and timestamps of your activity in the dashboard
• Email delivery metadata (was the email sent, did it bounce) for emails we sent on your behalf

We don't use third-party advertising trackers, and we don't sell or rent your data to anyone.

3. How we use your data

• To run the product. Store your form submissions, render your dashboard, send the customer-facing emails the product is built around (new request confirmation, quote ready, schedule confirmation, review request).
• To keep the product working. Rate-limit abuse, debug errors, prevent fraud.
• To talk to you. Reply to support requests, send you product updates if you opt in.

Customer data submitted through a contractor's form belongs to that contractor and is shown to that contractor in their dashboard. We don't use customer data for anything else.

4. Where your data lives

LeadGrab runs on Google Cloud Platform (Firebase). Data is stored in Google's managed services in the United States. Email delivery goes through Resend. Maps autocomplete (when you set up your review link) goes through Google Maps Platform.

5. Who sees your data

• You, on your dashboard.
• Your customers, on the status pages you've shared with them.
• The LeadGrab team, only when needed for support, debugging, or legal compliance.
• Service providers (Google Cloud, Resend) acting on our behalf, under their own privacy commitments.
• Law enforcement, when we're legally compelled to comply.

Data is isolated per contractor. One contractor cannot see another contractor's leads, customers, quotes, or settings. Firestore security rules enforce this at the database level — a contractor's session can only read and write documents tied to their own user ID.

6. Cookies and local storage

We use cookies and browser local storage for the basics: keeping you signed in, remembering your dashboard preferences (e.g. list-view vs. kanban), and persisting form drafts so closing a tab mid-typing doesn't lose your work. No third-party advertising or analytics cookies.

7. Email

Customer-facing emails (new job confirmation, quote ready, schedule confirmation, review request) are part of the product and always send when their trigger fires — turning these off would break the product for the customer. Contractor-facing notifications (new lead, quote viewed, etc.) can be turned on or off individually under Settings → Notifications.

8. Your rights

You can:

• Update your profile and email preferences any time in Settings.
• Delete a job and its associated data from the dashboard.
• Request a copy of your data, or request deletion of your entire account, by contacting support. We'll respond within 30 days.

If you're a customer (not a contractor) and want a contractor to delete data they hold about you, contact that contractor directly — they're the data controller for their own customer relationships.

9. Security

We use Firebase Authentication, encrypted-at-rest storage, and HTTPS everywhere. We follow the principle of least privilege — Firestore security rules restrict what each role (contractor, customer, public) can read and write. We don't store payment card details on our servers; when card payments are available, they'll be handled by Stripe.

10. Children

LeadGrab isn't directed at children under 13, and we don't knowingly collect data from them. If you believe a child has submitted information through the product, ask the contractor whose form was used to delete it — they're the data controller for that submission. Contractors can also reach support through their dashboard for additional help.

11. Changes to this policy

If we make material changes, we'll update the "Last updated" date at the top and, for significant changes, send a heads-up to contractors via email. Continued use after a change means you accept the updated policy.

12. Contact

Questions, concerns, or data requests: use the Contact support option in your dashboard account menu — your message lands directly with our team and we’ll reply within 24 hours.