LeadShield Privacy Policy

Effective Date: June 10, 2026 · Last Updated: June 10, 2026
Service: LeadShield CRM & Missed Call System · Provider: Chaotically Organized AI
Contact: privacy@coaibakersfield.com

Our Commitment to Your Privacy

We do not sell your personal data. Period.
We do not share your data for advertising or marketing purposes.
Client phone numbers and lead data are stored in encrypted databases with row-level security — each client can only see their own data.
We collect only the minimum data required to deliver the missed-call detection, auto-reply SMS, and CRM dashboard features.

1. Data We Collect and Why

1.1 Call Metadata

What we collect: Incoming caller phone number, called number (your tracking number), timestamp of the call, and call disposition (missed, answered).

Why: This is required to detect missed calls, log leads in the CRM, and trigger the auto-reply SMS to the caller.

Storage: Stored in encrypted Supabase Postgres database with row-level security. Retained as part of your lead history.

1.2 SMS Content

What we collect: The auto-reply SMS message content (configured by you) and confirmation that the message was sent.

Why: To send the automated reply to your missed callers and log the communication in your CRM history.

Storage: Message templates are stored in your account settings. Delivery logs are stored as part of the lead record.

1.3 Account Information

What we collect: Business name, email address, account password (hashed), and telephony configuration (tracking phone number, forwarding number).

Why: Required to create and manage your account, authenticate you to the CRM dashboard, and route calls correctly.

1.4 CRM Lead Data

What we collect: Lead contact name, notes, status changes, callback timestamps, and any custom fields you fill in.

Why: To provide the CRM pipeline management features you explicitly use.

1.5 Website Usage Data

What we collect: Standard web server logs (IP address, browser type, pages accessed) and anonymized analytics via Vercel Analytics.

Why: For site operation, performance monitoring, and improving the user experience. This data is anonymized and not linked to your personal identity.

2. How We Use Your Data

2.1 Missed Call Detection & Auto-Reply

When a call to your tracking number goes unanswered, our system detects the missed call, looks up your SMS template, and sends an automated reply to the caller. This is the core function of the service.

2.2 CRM Dashboard

All missed calls are logged as leads in your CRM dashboard. You can update lead statuses, add notes, and manage your pipeline from the web interface at leadshield.live.

2.3 Account Management

Your email and business information are used to authenticate you, communicate service updates, and process account-related requests.

3. Data We Do NOT Collect

We do not record call audio or listen to conversations
We do not access your device microphone, camera, or file system
We do not track your activity across other websites or apps
We do not use advertising SDKs or ad identifiers
We do not collect any data from children
We do not sell or share your personal data with third parties for any commercial purpose

4. Data Sharing

We do not sell your data.

LeadShield does not rent, sell, or share your personal information with third parties for their own marketing or advertising purposes.

Telnyx (telephony provider): Call metadata (caller number, called number) is transmitted to Telnyx to route calls and deliver SMS messages. This is required for the core service to function.
Supabase (database provider): All persistent data is stored in Supabase Postgres, hosted on AWS. Row-level security ensures data isolation between clients.
Vercel (hosting provider): The CRM dashboard and website are hosted on Vercel. Standard web server logs are collected per Vercel's policies.
Resend (email provider): If email notifications are enabled, your email address and notification content are processed by Resend for delivery.
Legal compliance: We may disclose information if required by law, court order, or governmental regulation.

5. Data Storage & Security

5.1 Database Storage

All data is stored in an encrypted Supabase Postgres database. Row-level security (RLS) restricts access so that each client can only see their own data. Connections are encrypted via TLS 1.3.

5.2 Passwords

Account passwords are hashed using bcrypt and stored in Supabase Auth. We never store or transmit plain-text passwords.

5.3 Data Isolation

Each client account is fully isolated. No client can access another client's leads, settings, or configuration. Admin access is restricted via a separate authentication token.

6. Data Retention & Deletion

Data Type	Storage Location	Retention Period
Lead records (call logs + CRM data)	Supabase	Until account is terminated; auto-purged 90 days after account deletion
Account settings & templates	Supabase	Until account is terminated or user modifies them
SMS delivery logs	Supabase	Retained as part of lead record
Web server logs	Vercel	Per Vercel's data retention policy
Telnyx call records	Telnyx	Per Telnyx's data retention policy

Data deletion on account termination

When an account is terminated, all associated data is automatically purged within 90 days. Contact us at any time to request expedited data deletion.

7. Third-Party Services

Telnyx — Voice and SMS routing. Call metadata and message content are processed by Telnyx to deliver the core service. Governed by Telnyx's privacy policy.
Supabase — Database and authentication provider. All persistent data is stored in Supabase Postgres with row-level security. Governed by Supabase's privacy policy.
Vercel — Web hosting provider for the CRM dashboard and website. Standard web server logs collected per Vercel's policies.
Resend — Email delivery provider for account notifications and password resets. Email content processed per Resend's privacy policy.

8. Children's Privacy

LeadShield is a business productivity tool designed for professional contractors, tradespeople, and business owners aged 18 and older. We do not knowingly collect any personal information from children under 13. If you believe a child has provided personal data, contact privacy@coaibakersfield.com and we will delete the data immediately.

9. Your Rights & Choices

Access your data — All data collected is visible within the CRM dashboard at leadshield.live/crm.
Export your data — Contact us to request a copy of your data in a portable format.
Delete your data — Contact us at any time to request full data deletion.
Request full data deletion — Email privacy@coaibakersfield.com with "Data Deletion Request" in the subject line. We will process all requests within 30 days.

10. California Residents (CCPA)

If you are a California resident, you have the following rights under the California Consumer Privacy Act (CCPA):

Right to Know: You may request disclosure of the personal information we collect, use, and share.
Right to Delete: You may request deletion of your personal information that we hold.
Right to Opt-Out: We do not sell personal information — but you have the right to opt out of any future sale should our practices change.
Right to Non-Discrimination: We will not discriminate against you for exercising any CCPA right.

To make a CCPA request, email privacy@coaibakersfield.com with "CCPA Request" in the subject line.

11. Policy Updates

We may update this Privacy Policy from time to time to reflect changes in the service, legal requirements, or our data practices.

When we make material changes, the "Last Updated" date at the top of this page will be revised.
For significant changes, we will notify account holders via email.
We encourage you to review this policy periodically for any updates.

12. Contact

Chaotically Organized AI
https://coaibakersfield.com
privacy@coaibakersfield.com
support@coaibakersfield.com

We respond to all privacy inquiries within 5 business days. If you have questions about this policy, your data, or your privacy rights, please reach out.