Privacy Policy

Codas Labs, LLC, doing business as LeadTale (“LeadTale”, “we”, “us”) provides a B2B data, verification, and enrichment platform. This Privacy Policy explains how we collect, use, share, and protect information in connection with our website, web application, browser extension, APIs, MCP server, and related services (collectively, the “Service”).

This policy covers three groups of people:

• Customers — individuals and companies who sign up for and use the Service.
• Business contacts — professionals whose work-related information appears in the LeadTale database.
• Visitors — anyone who visits our marketing site or interacts with our content.

We act as a data controller for information collected about Customers and Visitors, and for business-contact information included in the LeadTale database. When we process data that Customers upload or submit through the Service (for example, a list of contacts uploaded for verification), we act as a data processoron that Customer’s behalf.

From Customers

When you create an Account, subscribe to a plan, or interact with our support team, we collect identifiers (name, business email, phone number), company details, payment information (processed by our payment processor — we do not store full card numbers), and any other information you choose to provide.

From use of the Service

We automatically collect usage, device, and log data when you interact with the Service, including IP address, browser and device identifiers, operating system, pages visited, feature interactions, API requests, session timestamps, and diagnostic information. We use this information to operate, secure, and improve the Service.

From Customer Data

Customers may upload lists of contacts, search queries, or CRM exports for enrichment or verification. We process this data on the Customer’s behalf strictly to provide the Service, unless the Customer has separately authorized other uses.

Business-contact information in the LeadTale database

LeadTale builds and maintains a B2B database containing professional information about individuals in their work capacity, including name, job title, employer, professional email address, professional phone number, general work location, and professional profile links. We compile this information from:

• Publicly available sources, such as company websites, public business directories, public profiles, press releases, public regulatory filings, and other public web sources.
• Licensed third-party data providers that have represented to us that they have collected and provided the data lawfully.
• Signals contributed by Customers of the Service through features that enrich, verify, correct, or update records as part of their B2B prospecting workflows.
• AI-assisted enrichment that extracts and structures professional information from public web sources, together with proprietary email-pattern detection based on observed verified business emails.

Additional detail about our sourcing methodology is available on our Our Data page.

From Visitors

We use cookies, pixels, and similar technologies on our website to operate the site, measure performance, and personalize our marketing. See Cookies below.

We use the information described above to:

• Provide, maintain, secure, and improve the Service.
• Authenticate Accounts, process transactions, and manage Subscriptions.
• Build, verify, enrich, and update the LeadTale business-contact database so our Customers can reach decision-makers in a lawful, professional context.
• Train and evaluate the verification and scoring models that power the Service, using information in a manner consistent with this policy.
• Respond to support requests, communicate product updates, and send transactional emails.
• Market our Service to prospective Customers, subject to opt-out rights under applicable law.
• Comply with legal obligations, respond to lawful requests, and enforce our Terms of Service.
• Detect, prevent, and investigate security incidents and abuse.

Where GDPR, UK GDPR, or similar laws apply, we process personal information on one or more of the following legal bases:

• Legitimate interests— to build and maintain a B2B contact database for professional outreach under Article 6(1)(f) GDPR, to secure and improve the Service, to prevent fraud, and to conduct direct marketing to business contacts in accordance with law.
• Contract — to provide the Service to you and perform our contractual obligations.
• Consent — where you have given consent (for example, to certain marketing communications or non-essential cookies). You may withdraw consent at any time.
• Legal obligation — to comply with applicable laws, court orders, and regulatory requirements.

Notice to business contacts (Article 14 GDPR)

Where we obtain business-contact information about you from public sources, licensed providers, or Customer signals rather than directly from you, providing individual notice to each person would involve disproportionate effort given the volume of records and the absence of direct contact channels outside the data itself. In reliance on Article 14(5)(b) GDPR, we (i) make this Privacy Policy publicly available, (ii) publish information about our data sources and processing purposes on our Our Data page, and (iii) provide a straightforward opt-out and suppression mechanism through leadtale.com/privacy/remove and the channels described in Your rights and choices.

Our Legitimate Interest Assessment (LIA) documenting the purpose, necessity, and balancing analysis for this processing is available on request to privacy@leadtale.com.

We share information with:

• Customers of the Service, who receive LeadTale Data (including B2B contact information about other businesses and professionals) as a core feature of the Service.
• Service providers and subprocessors who help us operate the Service (including cloud hosting, email and payment processors, analytics, customer support, and security providers). They are bound by contractual confidentiality and data protection obligations.
• Integrated third-party platforms at Customer direction (such as CRMs, outreach tools, and workspace providers), only when a Customer configures an integration and initiates a transfer.
• Authorities, regulators, or other parties when we reasonably believe disclosure is required by law, to respond to lawful requests, to enforce our Terms, or to protect our rights, property, or safety or those of others.
• Successors in a business transaction such as a merger, acquisition, or sale of assets, subject to standard confidentiality protections.

Sale and sharing under US state privacy laws.LeadTale’s core service involves making professional business-contact information available to our Customers for a fee. Under the California Consumer Privacy Act (as amended by the CPRA) and certain other US state privacy laws, this activity may constitute a “sale” or “sharing” of personal information. You may opt out of this sale or sharing at any time by submitting a request at leadtale.com/privacy/remove, by emailing privacy@leadtale.com, or by using the “Do Not Sell or Share My Personal Information” link in the footer of this website. We honor Global Privacy Control (GPC) signals as a universal opt-out of the sale or sharing of personal information, including with respect to the LeadTale database. See Your rights and choices for more detail.

We use cookies and similar technologies on our website for authentication, security, preferences, analytics, and marketing attribution. You can control cookies through your browser settings and, where we offer one, through our cookie preferences tool. Blocking certain cookies may affect site functionality.

We honor Global Privacy Control (GPC) signals as a universal opt-out of the sale or sharing of personal information under applicable US state privacy laws, including with respect to records in the LeadTale database.

We use Google reCAPTCHA v3 to protect the Service from automated abuse and to keep credit-based actions fair for legitimate customers. On pages where reCAPTCHA runs, Google may collect device, browser, and behavioral signals as described in the Google Privacy Policy linked below.

This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

We retain information for as long as needed to provide the Service, comply with legal obligations, resolve disputes, and enforce our agreements. Retention periods vary by data type and purpose; for example:

• Customer Account data: for the duration of the Account plus up to seven (7) years afterward for recordkeeping, tax, and legal-compliance purposes.
• Customer Data uploaded for processing: for the period necessary to deliver the Service, typically deleted from active systems within thirty (30) days after task completion unless the Customer directs longer retention. Backups expire within ninety (90) days per the Data Processing Addendum.
• Business-contact records in the LeadTale database: as long as the information is relevant for its stated purpose and accurate, subject to updates, removal on request, or suppression-list retention to honor opt-outs (the suppression list is retained indefinitely to prevent re-inclusion).
• Log and security data: typically retained for up to thirteen (13) months, with shorter windows for verbose diagnostic data and longer windows only where required for legal, security-investigation, or compliance purposes.

We maintain administrative, technical, and physical safeguards designed to protect information, including encryption in transit and at rest, access controls, least-privilege access, audit logging, secret management, dependency scanning, and regular security reviews. No method of transmission or storage is perfectly secure; if you believe your Account has been compromised or you detect a vulnerability, contact us immediately at security@leadtale.com.

We are headquartered in the United States and may process information in the US or other countries where we or our service providers operate. Where required by Data Protection Laws, we rely on the following transfer mechanisms to safeguard international transfers of personal information:

• For transfers from the European Economic Area, the EU Standard Contractual Clauses (Module Two: Controller to Processor, or Module Three: Processor to Processor, as applicable) are incorporated by reference.
• For transfers from the United Kingdom, the UK International Data Transfer Addendum (“IDTA”) issued by the UK Information Commissioner applies.
• For transfers from Switzerland, the SCCs apply with references to the EU adapted to refer to Swiss law and the Swiss Federal Data Protection and Information Commissioner as the competent authority.

Where required, we take supplementary technical and organizational measures designed to ensure an essentially equivalent level of protection to that guaranteed in the European Economic Area or the United Kingdom. Additional detail on these mechanisms is available in our Data Processing Addendum.

Depending on where you live, you may have rights under GDPR, UK GDPR, the California Consumer Privacy Act (as amended by the CPRA), and other US state privacy laws, including the right to:

• Access, correct, or delete your personal information.
• Restrict or object to certain processing, including direct marketing.
• Request a portable copy of your personal information.
• Opt out of the sale or sharing of personal information and of targeted advertising, where applicable.
• Know the specific categories of third parties to whom we have sold or shared your personal information in the preceding twelve (12) months.
• Limit the use of sensitive personal information (CPRA § 1798.121), to the extent we process any such information about you. Our B2B database generally does not include sensitive personal information; if you believe we are processing such information about you, email privacy@leadtale.com.
• Withdraw consent where processing is based on consent.
• Object to solely automated decision-making that produces legal or similarly significant effects (GDPR Article 22). LeadTale’s verification and scoring outputs are informational signals used by Customers in their own decision-making; we do not make automated decisions about individuals that produce legal or similarly significant effects.
• Lodge a complaint with a supervisory authority in the EU/UK or with your state’s attorney general in the US.

To exercise rights, email privacy@leadtale.com. We will verify your identity before acting on requests — typically by confirmation through the email address we have on file for Customers, or by reasonable additional information for non-Customer requests. We will respond within thirty (30) days of a verifiable request under GDPR or UK GDPR, and within forty-five (45) days of a verifiable request under CCPA or other US state privacy laws, except that we may extend these periods by up to an additional sixty (60) or forty-five (45) days respectively where necessary and permitted by law, in which case we will notify you of the extension. You will not be discriminated against for exercising your rights.

Opt out of the LeadTale database

If you are a professional whose information appears in the LeadTale database and you would like to update, restrict, or remove that information, submit a request at leadtale.com/privacy/remove, or email privacy@leadtale.com. We verify requests (typically by confirming ownership of the email address), remove the record from active production systems within thirty (30) days, and add your contact details to a permanent suppression list to prevent re-inclusion from any source. Backups expire within ninety (90) days.

The Service is intended for business use and is not directed to children. We do not knowingly collect personal information from anyone under 16 years of age. If you believe a child has provided us with personal information, contact privacy@leadtale.com and we will take appropriate action.

We may update this Privacy Policy from time to time. When we do, we will revise the “Effective” date at the top of the page and, for material changes, notify Customers by email or in-product notice. Your continued use of the Service after an update takes effect constitutes your acceptance of the updated policy.

For privacy questions or to exercise your rights, email privacy@leadtale.com. Our Data Protection Officer can be reached at dpo@leadtale.com.