Privacy Policy

Lead2GrowMax ("we", "our", or "us") is committed to protecting your personal information and your right to privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your data when you use our platform.

Questions? Email us at support@lead2growmax.com.

We collect:

• Account info: name, email, phone, business name, password (stored as a hash).
• Business profile: business type, description, branch names and codes.
• Lead data: name, phone number, optional notes from customers who scan your QR.
• WhatsApp config: your Meta Business Account ID, phone number ID, access token (encrypted).
• Usage data: pages visited, features used, timestamps for security.
• Payment data: transaction IDs and billing status only. We do not store card numbers or UPI PINs.

We use your data to:

• Create and manage your account.
• Send WhatsApp lead alerts and reminders via Meta Cloud API.
• Generate and track your QR codes.
• Process subscription payments.
• Send emails (verification, password reset, receipts).
• Improve platform performance and security.
• Comply with laws.

We do NOT sell your data to anyone. We do NOT use it for targeted ads.

We process data on these grounds:

• Contractual necessity: to provide services you signed up for.
• Legitimate interests: to prevent fraud and improve our platform.
• Consent: for optional marketing (you can withdraw anytime).
• Legal obligation: to comply with applicable law.

We share data with:

• Meta Platforms, Inc. — to deliver WhatsApp messages via official Cloud API.
• Database provider — data stored in encrypted PostgreSQL.
• Payment processors (UPI gateways) — for billing.
• Legal authorities — when required by law.

Your data is kept while your account is active. After deletion, we keep it for 90 days for legal compliance, then permanently delete it.

Lead data is deleted within 30 days of account closure.

We use only essential cookies for login sessions. No advertising or analytics cookies. You can disable cookies in your browser but some features may not work.

We use industry-standard security:

• TLS/HTTPS encryption for all data in transit.
• AES-256 encryption for sensitive data at rest.
• Row-level security in our database.
• JWT-based authentication with short-lived tokens.
• Regular vulnerability scans.

No system is 100% secure. If a breach happens, we will notify affected users as required by law.

You may have the right to:

• Access: get a copy of your data.
• Rectification: correct inaccurate data.
• Erasure: delete your data ("right to be forgotten").
• Portability: receive data in machine-readable format.
• Objection: restrict certain processing.

To exercise these rights, email us. We respond within 30 days.

Our platform is not for children under 18. We do not knowingly collect data from minors.

We may update this policy. When we do, we update the date at the top and notify you if changes are major.

Questions about this policy? Contact us: