Privacy Policy

DrLead ("we", "our", "us") is committed to protecting your personal information and respecting your privacy. This Privacy Policy explains how we collect, use, share, and protect information about you when you use our platform, website, and services at drlead.io.

This policy complies with the General Data Protection Regulation (GDPR), the Saudi Arabia Personal Data Protection Law (PDPL), and other applicable data protection regulations.

By using our services, you agree to the terms of this Privacy Policy.

We collect the following types of information:

Account Information: Name, email address, phone number, company name, and password when you create an account.

Contact & Lead Data: Information about your customers and leads that you import or capture through our platform, including names, phone numbers, email addresses, and conversation history.

Usage Data: How you interact with our platform, including features used, time spent, clicks, and navigation patterns.

Communication Data: Messages, conversations, and interactions processed through our unified inbox, including WhatsApp, email, and SMS messages.

Payment Information: Billing details processed through our secure payment partners (we do not store full card numbers).

Technical Data: IP addresses, browser type, device identifiers, and cookies to deliver and improve our services.

As an official Meta Business Solution Provider, we access WhatsApp Business API data under the following terms:

Message Content: We process message content on your behalf to deliver our inbox and automation features. Messages are encrypted in transit and at rest.

Meta Business Data: Business profile information and messaging statistics provided through the Meta API are used solely to deliver WhatsApp functionality within our platform.

Data Retention: WhatsApp conversation data is retained for up to 12 months unless you request deletion or your subscription expires.

Meta Compliance: All WhatsApp data processing is conducted in accordance with Meta's Platform Terms and Developer Policies. We do not sell or share WhatsApp message data with third parties for advertising purposes.

We use collected data to: - Deliver and operate our platform services - Process and route customer communications - Power AI agents and automation workflows - Provide analytics and reporting - Send service notifications and updates - Process billing and payments - Improve our platform through aggregate analytics - Comply with legal obligations - Prevent fraud and ensure security

We do not use your customer data to train AI models without your explicit consent.

We share data with:

Service Providers: Trusted third-party providers who help us deliver our service (cloud hosting, payment processing, email delivery). All providers are bound by data processing agreements.

Meta/WhatsApp: Data necessary to maintain our WhatsApp Business API integration as required by Meta's Terms.

Legal Requirements: When required by law, court order, or government authority.

Business Transfers: In the event of a merger, acquisition, or sale, your data may be transferred with appropriate protections.

We never sell personal data to third parties for advertising or marketing purposes.

Our platform integrates with third-party services including Google Workspace, Microsoft 365, OpenAI, Zapier, Stripe, and Twilio. When you connect these integrations:

- Data shared with these services is governed by their respective privacy policies. - We only request permissions necessary for the integration to function. - You can disconnect any integration at any time from your account settings. - We recommend reviewing the privacy policies of each connected service.

Under GDPR and the Saudi Arabia Personal Data Protection Law, you have the right to:

Right of Access: Request a copy of the personal data we hold about you.

Right to Rectification: Request correction of inaccurate or incomplete data.

Right to Erasure: Request deletion of your personal data ("right to be forgotten").

Right to Data Portability: Receive your data in a machine-readable format.

Right to Restrict Processing: Request we limit how we process your data.

Right to Object: Object to processing based on legitimate interests.

Right to Withdraw Consent: Withdraw consent at any time for consent-based processing.

To exercise any of these rights, contact us at: privacy@drlead.io. We will respond within 30 days.

We implement enterprise-grade security measures including:

- AES-256 encryption for data at rest - TLS 1.3 for data in transit - ISO 27001-certified information security management - Regular third-party security audits and penetration testing - Multi-factor authentication - Role-based access controls - 24/7 security monitoring

In the event of a data breach, we will notify affected users and relevant authorities within 72 hours as required by GDPR.

We use cookies and similar tracking technologies to: - Maintain your logged-in session - Remember your preferences - Analyze platform usage (aggregate, anonymized) - Prevent fraud and ensure security

You can control cookies through your browser settings. Disabling certain cookies may affect platform functionality.

Our primary data infrastructure is hosted in AWS data centers. For clients in Saudi Arabia, we offer data residency options in the KSA AWS region to comply with PDPL requirements.

International data transfers are conducted under Standard Contractual Clauses (SCCs) or equivalent legal mechanisms approved under applicable regulations.

For EU/EEA users, we process data under the following legal bases: - Contract performance (delivering our services) - Legitimate interests (fraud prevention, security) - Consent (marketing communications, AI training) - Legal obligation (compliance with applicable laws)

Our EU representative can be contacted at: eu-rep@drlead.io

We comply with Saudi Arabia's Personal Data Protection Law (PDPL) including: - Obtaining appropriate consent for data collection - Providing clear notice of data processing activities - Enabling data subject rights requests - Maintaining records of processing activities - Implementing technical and organizational security measures - Notifying the Saudi Data & AI Authority (SDAIA) of significant breaches

For privacy-related inquiries, requests, or complaints, contact:

Privacy Team: privacy@drlead.io General: info@drlead.io

Headquarters: Alexandria, Egypt US Office: Seattle, WA, United States

We will respond to all privacy requests within 30 days.

Last updated: January 2025