Privacy Policy
getleadsheet.com processes personal information during account registration, inquiries, purchases, and site usage. This policy discloses the categories, purposes, and retention standards for such processing. (For review before purchase)
0) Document Information
- Service: getleadsheet.com
- Effective Date: 2026-01-08
- Contact: support@getleadsheet.com
1) Principles of Personal Data Processing
- Data Minimization: We process only what is necessary for the stated purpose.
- Purpose Limitation: Data is not used beyond the purposes disclosed herein.
- Storage Limitation: Data is promptly destroyed once the retention period expires.
2) Account Registration
The Service provides account registration to enable Customers to access a payment dashboard, view order history, and download purchased Products. The following personal information is collected during registration and account usage.
- Required: Email address
- Optional: Name, company name
- Automatically generated: Account creation date, login history, order/download history
Additional personal information may also be processed in the situations described below.
3) Categories and Methods of Personal Data Collected
3.1 When Submitting an Inquiry (via /contact or email)
- Required: Email address
- Optional: Name, company/department, job title, inquiry details (free-form)
3.2 When Making a Payment
- Information necessary for service delivery and verification (e.g., order identifier, product name, payment status, payment timestamp)
- Information for issuing invoices or receipts (may be generated during the payment process)
Payments are processed through a third-party payment platform designated by the Service (such as Paddle, Stripe, etc.). Information may be processed in accordance with the platform's own policies and terms during the payment process.
3.3 Information Automatically Generated During Site Usage
- Access logs, IP address, browser/device information, access timestamps, error records
- Visit and usage records through cookies and similar technologies (see Section 8 below)
4) Purpose of Personal Data Processing
- Account registration, authentication, and dashboard access
- Responding to inquiries and providing customer support
- Product delivery and order verification
- Enterprise purchase support (PO, invoices, tax documentation)
- Service operational stability: error analysis, security response, performance improvement
- Legal compliance and dispute resolution
5) Retention Periods
Data is promptly destroyed once its purpose has been fulfilled. Specific retention periods are as follows:
- Account information: Until account deletion (destroyed promptly upon Customer's request to delete their account)
- Inquiry/support records: 1 year (destroyed after inquiry resolution and follow-up support is complete)
- Purchase/billing records: 5 years (retention required under the Framework Act on National Taxes and the Act on Consumer Protection in Electronic Commerce)
- Security/operational logs: 90 days (destroyed after security incident response and service stability assurance)
- Email verification records (ZeroBounce): 1 year after product delivery (destroyed after quality assurance period)
6) Third-Party Sharing
The Service does not, in principle, share Customer personal information with third parties. Exceptions may apply in the following cases:
- When the Customer has provided prior consent
- When required by law or legal process
- When transferred to external services within the scope necessary for payment processing or service operations (processing delegation)
7) Data Processors
The Service uses the following external services for smooth operation. These apply during account usage, purchases, site access, and analytics.
| Category | Service (Provider) | Delegated Task | Data That May Be Processed (Examples) |
|---|---|---|---|
| Payment | Paddle / Stripe, etc. | Payment processing, invoice/receipt issuance | Order identifier, product name, payment status/timestamp, payment-related information (per platform policy) |
| Hosting / Security | Cloudflare | Website delivery, CDN/caching, security (e.g., DDoS protection), performance optimization | Access logs, IP address, browser/device information, security events (generated during service operation) |
| Email Verification | ZeroBounce | Verification of contact email addresses included in Products | Email addresses, verification results (valid/invalid/risky), verification timestamp |
| Behavioral Analytics | Microsoft Clarity | User behavior analysis (heatmaps, session replays) | Cookie identifiers, click/scroll behavior, browser/device information, IP (loaded only after cookie consent) |
| Visitor Analytics | Umami Analytics | Site visit/usage statistics | Page visits, browser/device information, referral paths (loaded only after cookie consent) |
| Visitor Analytics | Google Analytics (GA) | Site visit/usage analysis | Cookie identifiers, visit/click records, browser/device information, IP (loaded only after cookie consent; when implemented) |
8) Cookies and Analytics
The Service uses Microsoft Clarity and Umami Analytics for visitor analytics, and may additionally adopt Google Analytics.
- All analytics scripts are loaded only after the user selects "Accept" on the cookie consent banner. No analytics cookies are set before consent.
- Selecting "Decline" prevents analytics scripts from loading, with no restriction on Service usage.
- Customers may refuse or delete cookies through their browser settings.
- Consent preferences are stored in the browser's local storage (localStorage) and reset when browser data is cleared.
9) Overseas Processing
Payment platforms (Paddle, Stripe, etc.), Cloudflare, and Google operate global infrastructure. Personal information may therefore be processed (stored, transmitted, or analyzed) outside of the Republic of Korea during service delivery. Each provider's policies and data processing locations are subject to that provider's own disclosures and terms.
10) Your Rights
Customers may request access to, correction of, deletion of, or suspension of processing of their personal information.
- How to request: Email (support@getleadsheet.com) or /contact
- Processing: Requests will be handled promptly within a reasonable scope (identity verification may be required).
11) Data Protection Measures
- Minimized access permissions (need-to-know basis)
- Access controls and log management
- Transmission security (e.g., HTTPS)
- Security event monitoring and response
12) Information for EEA Residents
Customers residing in the European Economic Area (EEA) are subject to the EU General Data Protection Regulation (GDPR). This Service complies with GDPR as follows.
Legal Basis for Processing
| Processing Activity | Legal Basis | GDPR Article |
|---|---|---|
| Account registration and dashboard | Performance of contract | Art. 6(1)(b) |
| Payment processing and product delivery | Performance of contract | Art. 6(1)(b) |
| Email verification (ZeroBounce) | Performance of contract | Art. 6(1)(b) |
| Inquiry response and customer support | Legitimate interest | Art. 6(1)(f) |
| Security logs and service stability | Legitimate interest | Art. 6(1)(f) |
| Visitor analytics (Clarity, Umami, GA) | Consent | Art. 6(1)(a) |
| Purchase/billing record retention | Legal obligation | Art. 6(1)(c) |
Rights of EEA Residents
EEA residents may exercise the following rights under GDPR. Requests should be sent to support@getleadsheet.com.
- Right of Access: Confirm whether your personal data is being processed and obtain a copy
- Right to Rectification: Request correction of inaccurate personal data
- Right to Erasure: Request deletion of personal data when the legal basis for processing has ceased
- Right to Restriction of Processing: Request suspension of processing in certain circumstances
- Right to Data Portability: Receive your personal data in a structured, commonly used format
- Right to Object: Object to processing based on legitimate interest
- Right to Lodge a Complaint: File a complaint with your local EU Data Protection Authority
International Transfers
The Service operator is based in the Republic of Korea. Personal data of EEA residents may be processed in Korea and other third countries. In such cases, appropriate safeguards under GDPR Article 46 are applied (e.g., Standard Contractual Clauses (SCCs) or adequacy decisions).
13) Policy Changes
This Privacy Policy may be revised in response to changes in law, service features, or operational policies. Material changes will be announced through in-service notices or other reasonable means.
14) Related Documents
15) Contact
For privacy-related inquiries or requests, please reach out below.
- Email: support@getleadsheet.com
- Contact person: Marcus Park