Privacy Policy

1. Introduction

leedR AI (“we,” “us,” or “our”) is committed to protecting the privacy of our clients, their leads, and their patients. This policy outlines how we collect, use, and safeguard personal and health information through our AI automation services and Retrieval-Augmented Generation (RAG) systems.

2. Information We Collect

We process data on behalf of our clients across three categories:

• Client Data: Business contact details, technical infrastructure credentials, and financial information.
• Lead Data: Name, contact information, and interaction history collected via webchat, DMs, and email.
• Health Information: Specific to our medical aesthetics clients, this includes patient inquiries, treatment interests, and relevant health history processed for automated qualification.

3. Use of Artificial Intelligence and Data Processing

Data is processed using advanced Large Language Models (LLMs) and Vector Databases.

• RAG Systems: Lead and patient data are converted into numerical embeddings and stored in secure vector stores to provide context-aware automation.
• Third-Party AI: Data may be processed by providers such as OpenAI or Anthropic. We utilize enterprise-grade API connections ensuring that data submitted is not used to train public foundational models.
• Automation: Workflow automation (via n8n) handles the movement of data between lead intake and client CRMs.

4. Data Sovereignty and Security

We implement industry-standard security measures, including:

• Hosting: Technical infrastructure is hosted on secure VPS environments (e.g., Hetzner) with strict firewall protocols.
• Encryption: Data is encrypted at rest and in transit using TLS/SSL protocols.
• Compliance: For healthcare clients, we adhere to the requirements of the Office of the Australian Information Commissioner (OAIC) and the NZ Privacy Commissioner, including conducting Privacy Impact Assessments (PIA) where required.

5. Data Retention and Rights

We retain data only as long as necessary to fulfill our service obligations. Individuals (Leads/Patients) have the right to:

• Access their personal information.
• Request correction of inaccurate data.
• Request deletion of their data from our vector stores and databases.

6. Google API Services Data

leedR AI integrates with Google Workspace APIs (Gmail, Google Sheets, Google Docs) to automate client-facing workflows. This section discloses how Google user data is accessed, used, stored, and shared, in compliance with the Google API Services User Data Policy.

Data Accessed and Purpose

• Gmail API (read, write, send): Used to send automated outreach emails to leads and clients, and to read email replies for AI-powered response processing and sequence management on behalf of authenticated accounts.
• Google Sheets API (read, write): Used to record KPI metrics, lead tracking data, and campaign performance reports as part of service delivery for clients.
• Google Docs API (read, write): Used to generate client-facing reports, proposals, and documents as part of service delivery.

How Data Is Used

Google user data accessed through these APIs is used exclusively to execute automated workflows that directly serve the authenticated account's operational needs. Specifically, data is used to:

• Send and manage emails, spreadsheets, and documents on behalf of the service.
• Process AI-generated responses using email and document context, via enterprise-grade API connections to OpenAI and Anthropic that prohibit training on submitted data.
• Store workflow outputs (e.g., lead status, KPI records) in leedR AI's internal databases to maintain service continuity.

Google user data is not used for advertising, behavioural profiling, data brokering, or any purpose unrelated to providing the service.

AI/ML Model Training

leedR AI does not use Google user data obtained through Google Workspace APIs to develop, improve, or train generalized AI or ML models. Data processed via Gmail, Sheets, and Docs APIs is used solely to provide, maintain, and improve the leedR AI service for the authenticated account. This use complies with the Google API Services Limited Use Requirements.

Data Storage and Retention

• Email, spreadsheet, and document content is processed in-memory on our n8n automation infrastructure (Hetzner VPS) and is not permanently stored beyond the scope of a single workflow execution, unless explicitly required for service continuity.
• Workflow outputs (e.g., lead records, KPI entries) are retained in our secure databases only as long as necessary to fulfill service obligations.

Data Sharing

Google user data is not sold to or shared with third parties for their independent use. Data may be transiently processed by OpenAI or Anthropic under enterprise-grade agreements that prohibit use of submitted data for model training.

Revoking Access

Access to your Google account may be revoked at any time via Google Account Permissions. Upon revocation, automated workflows that rely on Google API access will cease to function for the associated account.