Legal

Privacy Policy

Version 1.0 — Last updated: April 2026

This document is a translation of the Italian version. In case of conflict, the Italian version shall prevail.

1. Data Controller

Methodia S.r.l.s.
Via Generale Giuseppe Valle, 83
00148 Rome (RM), Italy
VAT number: 17073671004
Email: info@leadoop.com

2. Types of Data Processed

2.1 Platform Users Data

  • Full name
  • Email address
  • Password (stored in encrypted form)
  • Role and access information
  • Account settings

2.2 Contact Data (Leads)

Provided by platform users:

  • Name
  • Role
  • Email
  • Phone number
  • WhatsApp
  • Notes and commercial information

2.3 Activity Data

  • Appointments (date, time, location, outcome)
  • Activities and interactions
  • Operational notes
  • Lead status and progression

2.4 Technical Data

  • Session cookies
  • System logs (timestamps, actions, user identifiers)

2.5 Integration Data

In case of calendar synchronization:

  • Access tokens (encrypted)
  • External account email
  • Event data (title, time, location)

3. Purpose of Processing

  • Providing and operating the Leadoop platform
  • Authentication and access security
  • Managing leads and commercial activities
  • Calendar synchronization (e.g. Microsoft services)
  • Sending service communications (e.g. login credentials)
  • Maintenance, security and service improvement

4. Legal Basis

  • Performance of a contract (Art. 6(1)(b) GDPR)
  • Legal obligations (Art. 6(1)(c) GDPR)
  • Legitimate interests of the Controller (security, fraud prevention)

5. Role in Processing Lead Data

With respect to lead data entered by users:

  • Users act as Data Controllers
  • Methodia S.r.l.s. acts as Data Processor

Users are solely responsible for the lawfulness of the data they input and how they use it.

6. Processing Methods and Security

Data is processed using IT systems and appropriate technical measures, including:

  • Password encryption
  • Encryption of sensitive tokens
  • Role-based access control
  • Tenant data isolation
  • Input validation

7. Data Retention

Data is retained:

  • For the duration of the contractual relationship
  • Until the account is deleted

Upon deletion, data may be erased or made inaccessible, unless legal obligations require otherwise.

8. Data Sharing with Third Parties

Data may be shared with:

  • Microsoft (Microsoft Graph) for calendar synchronization
  • Email service providers (Resend or SMTP) for service communications
  • Infrastructure providers (DigitalOcean) for hosting and database
  • Microsoft Clarity — behavioral analytics tool that collects usage data (mouse movements, clicks, session recordings, heatmaps). Data may be combined with other personal data collected by Leadoop. More information: Microsoft Privacy Statement.
  • PostHog — product analytics tool that tracks user interactions (e.g. pages visited, actions performed). Data is processed on EU-based infrastructure. More information: PostHog Privacy Policy.

Data is not sold to third parties.

9. International Data Transfers

Some service providers may process data outside the European Economic Area (EEA). In such cases, transfers are carried out in compliance with GDPR using appropriate safeguards (e.g. Standard Contractual Clauses).

10. Cookies and Tracking Technologies

The platform uses the following categories of cookies and tracking technologies:

Technical (Necessary) Cookies

  • Session cookies — required for authentication and platform functionality
  • Preference cookies — used to store user settings (e.g. language, theme)

Analytics and Tracking Cookies

  • PostHog — tracks user interactions and navigation events for product analytics. Uses localStorage and cookies to identify sessions. Data is processed within the EU.
  • Microsoft Clarity — records user sessions (mouse movements, clicks, scrolling) and generates heatmaps. May correlate data with personal information to improve the platform experience. Privacy policy: Microsoft Privacy Statement.

Sensitive fields (e.g. passwords, credentials, payment data) are excluded from tracking through the use of the data-clarity-mask property.

Use of analytics tools is based on the explicit consent of the user (Art. 6(1)(a) GDPR), collected via the cookie banner upon first access. Users may withdraw consent at any time through the link available in the website footer.

11. Data Subject Rights

Users may exercise their rights under Articles 15–22 GDPR, including:

  • Right of access
  • Right to rectification
  • Right to erasure
  • Right to restriction of processing
  • Right to object

Requests can be sent to: info@leadoop.com

12. Changes to this Privacy Policy

The Data Controller reserves the right to update this Privacy Policy at any time. Changes will be published on leadoop.com.