Introduction

LeadJump AI Marketing ("LeadJump", "we", "us", or "our") provides business marketing automation and CRM services and operates the website leadjump.io (the "Site"). This Privacy Policy explains how we collect, use, disclose, retain and protect personal information, how you can exercise your rights, and how to contact us. This Policy applies to personal information collected through the Site and our Services.

Controller / scope

LeadJump (a product of Swan Media Solutions Inc.) is the controller of personal information collected in connection with the Services and Site, unless we state otherwise in a specific agreement. For customers who sign a separate written agreement that specifies otherwise, the contractual terms may define different roles.

This Policy applies to personal information collected via the Site, our APIs, telephony/voice services, chat, and when you otherwise interact with us.

Information we collect (categories)

We collect the following categories of personal information, depending on your interactions and the Services you use:

- Identity & contact data: name, business name, email, phone, job title, address, billing/contact details.

- Account & credentials: account user data, login identifiers, password hashes, multi‑factor auth data.

- Communications data: emails, SMS, MMS, chat transcripts, voice call recordings and transcriptions (where applicable), voicemail messages, conversation metadata.

- Payment & billing data: invoice and payment method information (note: card data is processed by our payment providers; LeadJump does not store full card numbers).

- Technical & usage data: IP addresses, device identifiers, browser and operating system, pages viewed, session times, cookies and analytics data.

- Customer content: data you or your customers upload or create within the platform (contacts, notes, files, CRM records).

- Support data: support tickets, troubleshooting logs, and related communications.

- Marketing & preference data: marketing preferences, consent choices, campaign responses.

- Financial data: wallet balances, transaction history, commission tracking for affiliate programs.

- Phone number data: provisioned phone numbers, portability requests, carrier relationship data.

- Review platform data: review content, responses, platform integration data from Google, Facebook, and other review platforms.

- Hardware interaction data: NFC Review Stand tap interactions, device usage analytics.

- Aggregated / anonymized data: non‑identifying statistics derived from user activity.

How we collect personal information

Directly from you: account registration, form submissions, purchases, support requests, surveys, phone calls.

Automatically: through cookies, web beacons, analytics and server logs.

From third parties: payment processors, integrations you enable (e.g., Google, social providers), public sources, and authorized third‑party data providers.

Use of personal information (purposes)

We use personal information to:

- Provide, operate and maintain the Services and Site.

- Process registrations, subscriptions, payments and billing.

- Communicate with you about your account, support, updates, and security notices.

- Provide and improve AI/voice features (including call handling, transcriptions and conversation AI).

- Deliver marketing and promotional communications where permitted and based on your preferences.

- Provide analytics, reporting and to monitor and improve platform performance and security.

- Comply with legal obligations and enforcement of our Terms.

- Facilitate transfers or exports of your data when you request account transfers.

Lawful bases for processing (where applicable)

- For customers and business users, processing is necessary for performance of a contract with you.

- For marketing communications and certain analytics, we rely on your consent (where required).

- For legal compliance and legitimate business interests (fraud prevention, security, platform improvement), we rely on legitimate interests, balanced against privacy rights.

- If you are an EU/UK resident, where applicable we will rely on GDPR lawful bases (contract, consent, legal obligation, legitimate interests) and will provide additional rights information on request.

Sharing and disclosure of personal information

We may share personal information with:

Service providers and subprocessors who help deliver the Services (hosting providers, telephony/communication providers, email delivery, analytics, payment processors). Subprocessors include, for example, cloud hosting providers, telephony providers (e.g., Twilio or LeadConnector), email providers (e.g., Mailgun), and payment processors. A current list of subprocessors is available upon request.

Affiliates, where required to operate the Services, subject to obligations to protect personal information.

Law enforcement, regulators, or third parties to comply with legal obligations, subpoenas, or lawful requests.

A buyer or successor in the event of a business sale or reorganization (we will require the acquirer to follow this Policy).

Your consented recipients (for example, integrations or platforms you connect to).

Subprocessors, DPA and data transfers

- We engage subprocessors to provide parts of the Services. You may request a current subprocessor list by contacting [email protected].

- LeadJump will make a Data Processing Agreement (DPA) available upon request and will include contractual protections for subprocessors that process personal data on our behalf.

- Cross-border transfers: personal data may be processed or stored in countries other than your own; by using the Services you consent to such transfers. Where required by law, we implement appropriate safeguards (e.g., standard contractual clauses) for transfers.

HighLevel infrastructure and white-label relationship

LeadJump is built on the HighLevel (GoHighLevel) platform infrastructure. This means:

- Core platform services are processed on HighLevel's infrastructure with HighLevel acting as a subprocessor

- Phone number provisioning and telephony services may involve HighLevel's operational processes

- Data transfers and exports may require coordination with HighLevel systems

- HighLevel's data processing practices and security measures apply to core platform functions

LeadJump remains the primary controller for your data and is responsible for compliance with privacy obligations. HighLevel processes data under contractual obligations to maintain appropriate security and privacy protections.

Cookies and tracking

We use cookies, analytics and similar technologies. Cookies fall into categories: essential (required for the Site and Services), performance/analytics, functionality, and marketing/advertising.

Essential cookies enable core features (login, security). Non‑essential cookies are used for analytics and marketing. We recommend implementing a cookie consent banner that allows users to opt in/out of non‑essential cookies.

To manage cookies: you can change browser settings to block or delete cookies; opt‑outs may affect functionality.

Voice, AI and call recordings

Voice calls handled by Voice AI may be recorded, transcribed and stored to improve service, for support, or to fulfill your service requests. We will notify account administrators about recording and retention settings. You are responsible for obtaining any consents required from call participants in your region.

Hardware data collection

LeadJump's Review Stand (NFC-enabled hardware device) facilitates review collection by directing users to review platforms. The device itself does not store personal data, but usage analytics (such as tap frequency and timing) may be collected to improve service delivery and provide usage reporting to account administrators.

Automated decision making and AI profiling

LeadJump uses AI for various automated processes including lead scoring, content generation, conversation routing, and review response generation. Where automated decision making significantly affects you, you have the right to:

- Request human review of automated decisions

- Express your point of view regarding automated processing

- Contest decisions made solely by automated processing

- Contact [email protected] to exercise these rights regarding automated decision making.

Retention and deletion

We retain personal information only as long as necessary to provide Services, comply with legal obligations, resolve disputes, enforce agreements, and for legitimate business purposes.

Account data: retained while account is active and for 30 days after account termination for export/retrieval (subject to contractual agreements). After the retrieval period data may be deleted unless legal holds apply.

Communications data: voice recordings, call transcripts, and message logs retained for up to 12 months for service improvement and support purposes.

Financial and wallet data: transaction records, wallet balances, and affiliate commission data retained for up to 7 years as required by tax and accounting laws.

Marketing and analytics data: retained for up to 24 months or until consent is withdrawn.

Support data: tickets and troubleshooting logs retained for up to 24 months.

Review platform data: review responses and sentiment analysis data retained for 12 months or as required by platform terms.

To request deletion or export, contact [email protected]. We will respond and process requests in accordance with applicable law.

Security

We use administrative, technical and physical safeguards to protect personal information (access controls, logging, encryption in transit).

Specific security measures depend on the Service.

Please note no system is 100% secure; we therefore cannot guarantee absolute security.

Breach notification

If LeadJump becomes aware of a confirmed personal data breach affecting your data, we will notify affected customers without undue delay and, where reasonably practicable, within 72 hours of confirming the incident, and provide reasonable details and mitigation steps.

Your privacy rights (how to exercise them)

Depending on your jurisdiction, you may have rights including:

Access: request access to personal data we hold about you.

Correction: request rectification of inaccurate data.

Deletion: request erasure of personal data (subject to legal/contractual restrictions).

Portability: request a machine‑readable copy of personal data you provided.

Restriction or objection: restrict or object to certain processing (marketing or profiling).

Withdraw consent: withdraw consent for processing based on consent (this does not affect processing based on other lawful grounds).

To exercise rights contact: [email protected]. We may ask for identity verification. We will respond in accordance with applicable law.

Opt‑out of marketing

You may opt out of marketing communications at any time by using the unsubscribe link in emails or contacting [email protected]. Transactional messages (account notices, billing) are not subject to opt‑out.

Children

The Site and Services are not intended for children under 13. We do not knowingly collect personal information from children under 13. If you believe we have collected such information, contact [email protected] to request deletion.

Third‑party links and social features

The Site may contain links to third‑party websites and services. This Policy does not apply to those third parties. Review their privacy policies before providing data.

International transfers

Personal data may be stored and processed in countries where our hosting and service providers operate. By using the Services you consent to cross‑border transfers. Where required, LeadJump applies appropriate safeguards.

Complaints and supervisory authority

If you are in British Columbia and dissatisfied with our response, you may contact the Office of the Information and Privacy Commissioner for British Columbia:

Office of the Information and Privacy Commissioner for British Columbia — https://www.oipc.bc.ca/

For other jurisdictions, you may contact your local data protection authority.

Changes to this Policy

We may update the Policy; material changes will be posted on the Site with updated effective date. Continued use after posting constitutes acceptance.

Contact us

For privacy questions, data requests or to request the DPA or subprocessor list: [email protected]

Effective date

This Policy is effective as of the "Last updated" date above.

Appendix — cookie examples & common subprocessors (example)

Essential cookies: session identifiers, security cookies.

Analytics cookies: Google Analytics (or other analytics provider).

Marketing cookies: third‑party ad networks and retargeting platforms.

Common subprocessors (examples; current list available on request):

- Infrastructure providers: HighLevel (GoHighLevel) for core platform services, cloud hosting providers

- Communication providers: email delivery services (e.g., Mailgun), telephony/voice providers (e.g., LeadConnector/Twilio)

- Financial services: payment processors for subscriptions and wallet transactions

- Analytics and monitoring: platform performance and security monitoring services

- AI and content services: providers supporting AI functionality for voice, content generation, and automation features