Privacy Policy

1. Contact Information

Service: Quickest Leads

Location: Poland

Email: quickestleads@gmail.com

2. Who We Are

Quickest Leads is a lead notification platform that helps businesses respond to customer inquiries instantly via Telegram. We act as a data processor on behalf of our customers (data controllers).

3. Data We Collect

3.1 Customer Data (Our Direct Users)

When you sign up for Quickest Leads, we collect:

  • Account Information: Email address, password (encrypted)
  • Telegram Information: Telegram user ID, chat ID
  • Payment Information: Processed by Stripe (we don't store card details)
  • Project Information: Project names, integration settings
  • Usage Data: Number of leads received, subscription status

3.2 End-User Data (Lead Form Submissions)

We collect data on behalf of our customers from form submissions:

  • Contact Details: Name, email, phone number
  • Form Data: Any additional fields in the contact form
  • Metadata: IP address, submission timestamp, form source

Important: Our customers are the data controllers for this data. We process it on their behalf to deliver notifications.

4. How We Use Your Data

4.1 Customer Data

  • To provide our lead notification service
  • To send Telegram notifications when new leads arrive
  • To process payments via Stripe
  • To provide customer support
  • To improve our service and develop new features
  • To send important service updates (you can opt out of marketing emails)

4.2 End-User Data (Leads)

  • To deliver lead notifications to our customers via Telegram
  • To store leads temporarily for delivery and backup
  • We do NOT use lead data for marketing or other purposes
5. Legal Basis for Processing (GDPR)

5.1 For Customer Data

  • Contract Performance: To provide the service you signed up for
  • Legitimate Interest: To improve our service and prevent fraud
  • Legal Obligation: To comply with tax and accounting laws

5.2 For End-User Data (Leads)

  • Contract with Customer: We process data on behalf of our customers
  • Customer's Legal Basis: Our customers must have their own legal basis (usually consent or contract with the end-user)

⚠️ Customer Responsibility: Our customers must inform end-users about data collection and obtain necessary consents on their own websites/forms.

6. Data Sharing & Third Parties

We share data with these trusted third parties:

  • Supabase (USA): Database hosting - GDPR compliant, EU hosting available
  • Telegram (UAE/Germany): For delivering notifications
  • Stripe (USA): Payment processing - PCI-DSS compliant
  • Netlify (USA): Web hosting - GDPR compliant
  • Meta/Facebook (USA): Only if customer uses Facebook Lead Ads integration

We have Data Processing Agreements (DPAs) with all processors. We do NOT sell your data.

7. Data Storage & Retention
  • Customer Accounts: Stored while account is active + 30 days after deletion
  • Lead Data: Stored for the duration of customer's subscription + 30 days for backup
  • Billing Records: 10 years (legal requirement for accounting)
  • Backups: Deleted after 30 days

Data Location: EU/USA servers (Supabase, AWS). Data transfers comply with GDPR using Standard Contractual Clauses.

8. Your Rights (GDPR)

You have the right to:

  • Access: Request a copy of your data
  • Rectification: Correct inaccurate data
  • Erasure: Delete your account and data ("right to be forgotten")
  • Portability: Export your data in JSON format
  • Restriction: Limit how we process your data
  • Objection: Object to processing based on legitimate interest
  • Withdraw Consent: Opt out of marketing emails

To exercise these rights, email: contact@quickestleads.com

For end-users (people who filled out forms): Contact the website owner directly. We only process this data on their behalf.

9. Security Measures
  • HTTPS encryption for all data transmission
  • Passwords hashed with bcrypt
  • Database encryption at rest
  • Row-Level Security (RLS) in Supabase
  • Regular security audits
  • Stripe PCI-DSS Level 1 compliance for payments
  • Automated backups with 30-day retention
10. Cookies & Tracking

We use minimal cookies:

  • Essential Cookies: For authentication (Supabase session)
  • Analytics: We may use privacy-friendly analytics in the future
  • No Advertising Cookies: We don't track you for ads
11. Children's Privacy

Our service is not intended for users under 18. We do not knowingly collect data from children. If you believe we have data from a child, contact us immediately.

12. International Data Transfers

We transfer data to USA (Stripe, Netlify, Supabase). These transfers are protected by:

  • Standard Contractual Clauses (SCCs) approved by EU
  • Data Processing Agreements with all US providers
  • Providers' GDPR compliance commitments
13. Data Breach Notification

In case of a data breach, we will notify affected users within 72 hours and report to the Polish data protection authority (UODO) as required by GDPR.

14. Changes to This Policy

We may update this policy. Material changes will be announced via email. Last updated: January 2026.

15. Contact & Complaints

Data Protection Contact:

Email: quickestleads@gmail.com

Supervisory Authority:

You have the right to lodge a complaint with:

Urząd Ochrony Danych Osobowych (UODO)
ul. Stawki 2, 00-193 Warszawa, Poland
Website: uodo.gov.pl