Legal Document

Privacy Policy

Effective Date: 29 April 2026 Last Updated: 29 April 2026 Version: 1.0

This Privacy Policy explains how Vedant Enterprise (operating under the brand name LeadFilter) collects, uses, stores, and protects the personal data of users who access our website and services available at leadfilterai.in.

This policy is published in compliance with the Digital Personal Data Protection Act, 2023 (DPDP Act) of India, the General Data Protection Regulation (GDPR) of the European Union, and applicable data protection laws of other jurisdictions where we may operate.

By using our services, you acknowledge that you have read, understood, and agreed to the practices described in this policy.

Table of Contents

About Us
Information We Collect
How We Use Your Data
Legal Basis for Processing
Data Sharing & Third Parties
External Tools & Public Searches
CRM & ATS Integrations
AI Processing
Data Storage & Security
Data Retention
Your Rights
Cookies
International Data Transfers
Children's Privacy
Data Breach Notification
Changes to This Policy
Grievance Officer & Contact

Section 01About Us

LeadFilter is a software-as-a-service (SaaS) platform that helps businesses qualify, score, and manage incoming leads or applicants through customised, AI-generated questionnaires.

The service is owned and operated by:

Service Operator

Legal Entity

Vedant Enterprise (Sole Proprietorship)

Proprietor

Vedant Duggal

Brand Name

LeadFilter / LeadFilterAI

Udyam Registration

UDYAM-UP-28-0215468

Registered Office

Noida, Uttar Pradesh - 201301, India

Website

leadfilterai.in

For the purposes of this policy, the terms "we," "our," or "us" refer to Vedant Enterprise, and "you" or "your" refers to any individual whose personal data is processed by our service.

Section 02Information We Collect

We collect different categories of personal data depending on how you interact with our platform. Our principle is to collect only the minimum data necessary to provide our service effectively.

2.1 Information from Account Holders (Our Customers)

When you sign up for a LeadFilter account, we collect:

Data Field	Purpose	Mandatory
Full Name	Account identification	Yes
Email Address	Login, communication, account recovery	Yes
Phone Number	Account verification, support	Yes
Password (hashed)	Authentication	Yes
Business or Company Name	Service personalisation	Yes
Tone & Goal Preferences	To configure your AI-generated questionnaire	Yes
Selected Message Templates	Communication style for outreach	Yes
AI-Generated Questionnaire	Stored configuration for your account	Auto-generated
Subscription Identifier	Linking your account to billing records	Yes (after payment)

2.2 Information from Leads or Applicants

When an individual submits a lead or application form created by one of our customers, we collect:

Data Field	Purpose	Mandatory
Full Name	Identification	Yes
Email Address	Communication and follow-up	Yes
Phone Number	Communication and follow-up	Yes
City	Location matching, relevance assessment	Yes
Custom Question Responses	Qualification scoring (questions vary by customer)	Yes

                Note for Leads & Applicants
                The customer (the business that shared the link with you) is the primary data controller for the responses you provide. LeadFilter acts as a data processor on their behalf. To request access, correction, or deletion of your data, contact the relevant customer directly, or write to us at the email below and we will route the request appropriately.
            

2.3 Information from Affiliates

If you join our affiliate programme, we collect your name, email, slug identifier, and commission tracking data.

2.4 Information We Do Not Collect

Payment card data: All payment processing is handled directly by Razorpay. We never see, receive, or store your card numbers, CVV, or banking credentials. We retain only a subscription reference identifier.
Government-issued identifiers: We do not request Aadhaar, PAN, passport numbers, or similar identifiers from leads or applicants.
LinkedIn or social profile data: We do not scrape, fetch, or store data from LinkedIn or other social platforms. (See Section 06.)

2.5 Information Collected Automatically

When you visit our website, our hosting infrastructure (Render) may log standard technical information such as IP address, browser type, device type, and request timestamps. This information is used solely for security, debugging, and abuse prevention.

Section 03How We Use Your Data

We use the personal data we collect for the following purposes:

To provide, operate, and maintain the LeadFilter service.
To authenticate users and secure their accounts.
To generate customised qualification questionnaires through AI processing.
To score, classify, and rank leads or applicants based on their responses.
To communicate service-related notifications, updates, and support responses.
To process subscription payments through Razorpay.
To track affiliate referrals and calculate commissions.
To prevent fraud, abuse, and unauthorised access.
To comply with legal obligations under Indian law.
To improve our service through aggregated and anonymised analytics.

We will never sell your personal data to third parties. We will not use your data for advertising or marketing by external parties.

Section 04Legal Basis for Processing

Under the DPDP Act, 2023 and the GDPR, we process your personal data on the following legal grounds:

Consent: When you sign up, submit a lead form, or join our affiliate programme, you provide explicit consent for the data processing described in this policy.
Performance of Contract: Processing necessary to deliver the service you have subscribed to.
Legitimate Interest: Operating, securing, and improving our service in a manner that does not override your fundamental rights.
Legal Obligation: Where processing is required by Indian law, including taxation, financial recordkeeping, and lawful requests from authorities.

You may withdraw your consent at any time. Instructions are provided in Section 10 (Your Rights).

Section 05Data Sharing & Third Parties

We share personal data only with carefully selected service providers who help us deliver our service. Each provider is bound by their own data processing agreements and security obligations.

Service Provider	Purpose	Data Shared	Location
Supabase Inc.	Database hosting and management	All account and lead data	United States / Global
Razorpay Software Pvt. Ltd.	Subscription billing and payments	Name, email, payment details (collected directly by Razorpay)	India
Render Services Inc.	Web application hosting	Technical logs and request data	United States
Anthropic, PBC	AI processing (questionnaire generation, scoring)	Customer business descriptions and lead responses	United States

In addition to the providers listed above, customers may choose to enable optional integrations with third-party CRM, ATS, or similar tools. Data transmitted through such customer-configured integrations is governed by Section 07 of this policy.

We may also disclose personal data when legally compelled to do so by Indian or foreign authorities, or when necessary to protect our legal rights, property, or the safety of others.

Section 06External Tools & Public Searches

Our platform may provide convenience features that allow customers to search for publicly available information about a lead using third-party services. These features include:

Google Search Links: Pre-formatted search URLs that open in a new browser tab.
LinkedIn Discovery: Boolean search strings that route through Google to identify a lead's publicly listed LinkedIn profile.
WhatsApp Click-to-Chat: Pre-filled message links that open the user's own WhatsApp application.

Important clarification: LeadFilter does not scrape, fetch, store, or process any data from LinkedIn, Google, WhatsApp, or any other external platform. We only generate URLs that the customer manually clicks. Any subsequent activity occurs entirely within the third-party platform under that platform's own terms and privacy policies.

Section 07CRM & ATS Integrations

LeadFilter offers optional integrations with third-party Customer Relationship Management (CRM), Applicant Tracking System (ATS), and similar business productivity tools. These integrations are configured at the discretion of the customer (the account holder) and are disabled by default.

7.1 How Integrations Work

When a customer enables an integration, they authorise LeadFilter to transmit specified lead or applicant data to their connected platform. Authorisation is provided either through:

An API key supplied by the customer from their CRM or ATS account, or
A standard OAuth authorisation flow, where applicable.

Once authorised, qualified lead or applicant records (including names, contact details, qualification scores, classifications, and reasoning) may be automatically pushed to the customer's connected system.

7.2 Categories of Supported Integrations

The categories of platforms that LeadFilter may integrate with include, but are not limited to:

Customer Relationship Management (CRM) platforms
Applicant Tracking Systems (ATS)
Human Resource Information Systems (HRIS)
Marketing automation and email platforms
Workflow automation services (such as webhook endpoints)
Spreadsheet and productivity tools

The specific list of available integrations may evolve over time as we expand our service. Any new integration we add will be governed by the same principles described in this section.

7.3 Customer Responsibility

When a customer enables an integration:

The customer becomes the data controller for the data transmitted to the connected platform.
The customer is responsible for the security, privacy practices, and compliance of the third-party platform they have selected.
The customer agrees that the recipient platform's own privacy policy and terms govern the data once it has been delivered.

7.4 Our Role

LeadFilter acts solely as a data transmitter in this context. We do not retain copies of data within the integration pipeline beyond what is necessary for the transmission to complete. We do not control how the connected platform stores, uses, or further shares the data once delivered.

                Disabling Integrations
                Customers may disable any active integration at any time from their account settings. Doing so will immediately stop further data transmission to that platform. Data already transmitted to the third-party platform must be removed by contacting that platform directly.
            

Section 08AI Processing

LeadFilter uses artificial intelligence services provided by Anthropic, PBC (the makers of Claude) for two specific purposes:

Questionnaire generation: When a customer describes their business, we send that description to Anthropic's AI to generate a tailored set of qualification questions.
Lead scoring and classification: When a lead submits their responses, we send those responses (along with the customer's qualification criteria) to Anthropic's AI to compute a qualification score, status, and reasoning.

Anthropic processes this data under their own enterprise data privacy terms, which prohibit the use of customer data for training their AI models. You can review Anthropic's privacy practices at anthropic.com/privacy.

You have the right to request human review of any automated decision that significantly affects you. To exercise this right, contact our Grievance Officer (Section 17).

                Transparency Notice
                Lead qualification scores produced by AI are advisory in nature. Our customers, not LeadFilter, make the final decision on whether to engage with a lead or applicant.
            

Section 09Data Storage & Security

We are committed to protecting your personal data through the following safeguards:

Encryption in transit: All data exchanged between your browser and our servers is protected using HTTPS / TLS encryption.
Encryption at rest: Data stored in our Supabase database is encrypted on disk by the hosting provider.
Password hashing: User passwords are stored using cryptographic hashing (scrypt). We never store, log, or have access to your plain-text password.
Row-level security: Database access is governed by row-level security policies that prevent unauthorised cross-account data access.
Access controls: Administrative credentials are stored in environment variables, isolated from source code, and rotated periodically.
Backups: Our database provider performs automated daily backups for disaster recovery.

Despite our best efforts, no system can guarantee absolute security. If we become aware of a data breach affecting your personal data, we will notify you and the Data Protection Board of India in accordance with Section 15 of this policy.

Section 10Data Retention

We retain personal data only for as long as necessary to fulfil the purposes for which it was collected, including legal, accounting, or reporting requirements.

Data Category	Retention Period
Active account data	For the duration of your active subscription
Account data after deletion request	30 days, after which it is permanently erased
Lead and applicant submissions	For the duration of the customer's active subscription
Payment and billing records	7 years (as required by Indian taxation law)
Server access logs	90 days
Backup copies	30 days rolling

Section 11Your Rights

Under the DPDP Act, 2023 and the GDPR, you have the following rights with respect to your personal data:

Right to Access: You may request a copy of the personal data we hold about you.
Right to Correction: You may request that inaccurate or incomplete data be corrected.
Right to Erasure: You may request that we delete your personal data, subject to legal retention requirements.
Right to Withdraw Consent: You may withdraw any consent you previously gave, at any time.
Right to Data Portability: You may request a machine-readable export of your account data.
Right to Grievance Redressal: You may raise concerns or complaints regarding the handling of your data.
Right to Nominate: You may nominate another individual to exercise these rights on your behalf in the event of your incapacity or death.

To exercise any of these rights, contact our Grievance Officer using the details in Section 17. We will respond within seven (7) working days, as required by the DPDP Act.

Section 12Cookies

LeadFilter uses only strictly necessary session cookies required to keep you logged into your account. We do not use:

Advertising or marketing cookies
Third-party analytics cookies (such as Google Analytics or Meta Pixel)
Cross-site tracking cookies
Behavioural profiling cookies

Because our cookies are strictly necessary for the service to function, no separate consent is required under the DPDP Act or the GDPR. You may, however, disable cookies in your browser settings, though doing so will prevent you from logging in.

Section 13International Data Transfers

Some of our service providers (including Supabase, Render, and Anthropic) are located outside India. By using our service, you acknowledge that your personal data may be transferred to, stored in, and processed in jurisdictions including the United States.

We rely on standard contractual safeguards offered by these providers to ensure that your data continues to receive protection comparable to that required under Indian and European law.

Should the Government of India notify any restrictions on cross-border data transfer under Section 16 of the DPDP Act, we will update our infrastructure accordingly.

Section 14Children's Privacy

LeadFilter is intended for use by individuals aged 18 years and above. We do not knowingly collect personal data from children under the age of 18.

If we become aware that we have inadvertently collected personal data from a child, we will delete that data promptly. If you believe a child has submitted personal data to us, please contact our Grievance Officer immediately.

Section 15Data Breach Notification

In the event of a personal data breach that is likely to result in risk to your rights and interests, we will:

Notify the Data Protection Board of India within 72 hours of becoming aware of the breach.
Notify affected individuals without undue delay, with details of the nature of the breach, the categories of data involved, and the steps we are taking in response.
Document the breach internally and review our security measures to prevent recurrence.

Section 16Changes to This Policy

We may revise this Privacy Policy from time to time. When we make material changes, we will:

Update the "Last Updated" date at the top of this document.
Notify registered account holders by email at least 14 days before the changes take effect.
Display a prominent notice on our website.

Your continued use of the service after the effective date of the revised policy constitutes acceptance of the revised terms.

Section 17Grievance Officer & Contact

In accordance with Section 8(9) of the DPDP Act, 2023, we have designated the following Grievance Officer to address concerns related to the handling of personal data.

Grievance Officer

Name

Vedant Duggal

Designation

Proprietor, Vedant Enterprise

leadfilterai.official@gmail.com

Phone

+91 8178928953

Postal Address

Noida, Uttar Pradesh - 201301, India

Response Time

Within 7 working days, as mandated by the DPDP Act

If you are not satisfied with the response provided by our Grievance Officer, you have the right to escalate your concern to the Data Protection Board of India once it becomes operational, or to your local data protection authority if you are located outside India.