Privacy Policy

Who we are

LeadGen Engine is a service operated by Jon Lynch Financial Group LLC (a Disabled Veteran-Owned Small Business headquartered in Miami, Florida). For privacy questions, contact [email protected].

What we collect

• Account data: when you sign up — email address, optional name, optional company.
• Usage data: pages you visit, features you use, API calls you make. We collect this in aggregate via a privacy-first self-hosted analytics tool (Umami) that does not use cookies and does not track across sites.
• Payment data: when you subscribe — handled entirely by Stripe; we never see your card number, only a Stripe customer ID.
• Email subscription: if you opt into our list, your email address only. You can unsubscribe at any time via the link in every email.
• Support communications: if you email us, we keep the thread for support purposes.

What we don't collect

• We do not track you across third-party sites.
• We do not use cookies for advertising. The only cookies we set are functional (e.g., session token while signed in).
• We do not sell your data. Ever. Not to advertisers, not to data brokers, not to anyone.
• We do not use your usage data to train AI models.

How we store data

All customer data is stored on infrastructure operated by Jon Lynch Financial Group: PostgreSQL 17 with daily encrypted backups (14-day retention), MinIO for any file uploads, all behind a Cloudflare-managed tunnel with TLS termination at the edge. We do not use third-party data processors for core data. Email delivery is the one exception — transactional and marketing email is sent through Resend or our own self-hosted Listmonk.

Your rights

• Access: you can request a full export of all data we hold about you. We respond within 14 days.
• Deletion: you can request that we delete your account and all associated data. We respond within 30 days.
• Correction: you can update most data yourself in your account settings; for anything you can't, email [email protected].
• Opt-out of marketing: every marketing email has an unsubscribe link. One click, immediate.
• EU/UK residents (GDPR): all of the above plus the right to portability and the right to lodge a complaint with your data protection authority.
• California residents (CCPA): all of the above plus the right to know what categories of personal information we collect.

Data sharing

We share data only:

• With service providers who help us operate the service (Stripe for payments, Cloudflare for CDN/tunnel, Resend for email). Each is bound by their own contract and processes data only on our instructions.
• When required by law (subpoena, court order, regulatory request). We will notify you unless legally prohibited.
• If we ever undergo a merger or acquisition, your data will transfer to the successor entity, who will be bound by this policy.

Data retention

We keep account data for the lifetime of your account plus 90 days after deletion (in case you change your mind). Backup snapshots persist for 14 days after they're created. After both windows, data is permanently deleted.

Changes to this policy

If we materially change this policy, we'll email all account holders at least 30 days in advance. Material changes include: new categories of data we collect, new third parties we share with, or any reduction in your rights.