LeadashLeadash
How It Works Pricing Interactive Demo

Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains what data Leadash ("we," "us," or "our") collects, how we use it, and the choices you have. It applies to leadash.app and the Leadash service.

If you have questions about this policy or want to exercise your rights, email us at hello@leadash.app.

Who we are

Leadash is operated by Amit Cohen as a sole proprietorship, while we transition to a US limited liability company. We will update this page when the legal entity changes. Our primary jurisdiction is New York, USA.

What we collect

We collect only the data we need to run the service. Specifically:

Account data

When you sign up, we collect:

  • Your name and email address
  • A password hash (we never store your plaintext password — we use bcrypt)

Credentials you provide

To connect your CRM accounts to Leadash, you give us API keys and credentials for third-party services like GoHighLevel. We store these credentials encrypted at rest. Only the Leadash application uses them, and only to fetch the conversations you ask us to qualify.

If you bring your own OpenAI or Google Gemini API key to use platform features, those keys are also stored encrypted at rest.

Conversations and user content

Leadash exists to qualify sales conversations across your lead accounts. To do that, we process:

  • SMS conversations synced from your connected CRM accounts (GoHighLevel, ListBlast)
  • AI-generated draft replies and your feedback on those drafts
  • Notes, settings, and prompt configurations you save

Your data stays isolated. Each Leadash customer gets their own dedicated database. Your conversations, credentials, and feedback are never mixed with another customer's data. This is a core architectural decision, not a policy promise.

Usage data

We log basic information about how you use the service so we can keep it reliable and secure:

  • IP address and browser user agent (for rate limiting and security)
  • Feature usage events (which screens you visited, which actions you took)
  • Error logs (when something breaks, so we can fix it)
  • Call metadata when you use click-to-call features (duration, time, which lead)

We store all usage data in our own database. We do not send usage data to any third-party analytics provider. We do not use usage data for advertising.

Cookies

We use only strictly-necessary cookies required for the service to work:

  • A session cookie (httpOnly) to keep you logged in securely
  • A CSRF protection cookie to prevent cross-site request forgery

We do not use analytics cookies, marketing cookies, or any third-party tracking.

Who we share data with

We do not sell your data. We share data only with the service providers listed below, and only to the extent they need it to run the service for you.

ProviderWhat they doWhat data they receive
Google Cloud PlatformHosts the Leadash application and stores the databaseAll data stored in Leadash, at rest in a Google Cloud datacenter
CloudflareDNS and SSL termination for leadash.appHTTP request metadata (IP, user agent, URL). Cloudflare does not see decrypted application data.
OpenAIGenerates AI draft replies and lead qualification scoresThe specific conversation being qualified and the prompt. OpenAI does not use API data to train their models per their API terms.
Google (Gemini API)Alternative AI provider for the same purposeSame as OpenAI. Google does not use API data to train their models per their API terms.
TwilioProcesses click-to-call voice callsThe phone number being called and call metadata. Twilio does not access your conversations or CRM data.
GoHighLevelYour source CRM (you authorize Leadash to read and send messages on your behalf)Leadash reads your conversations via GoHighLevel's API. Any messages sent via Leadash are transmitted through GoHighLevel to reach the recipient.
Google Cloud StorageDaily encrypted database backupsEncrypted copies of your application data for disaster recovery

Each provider is bound by their own privacy terms and, where applicable, data processing agreements with us.

We may add or change sub-processors as the service evolves. When we add a new sub-processor that materially changes how your data is handled, we will update this page.

AI and your content

Leadash uses OpenAI and Google Gemini to read conversations, assess lead quality, and draft replies. The content of your conversations is sent to these providers via their APIs. Per both providers' API terms, your data is not used to train their models.

You can choose which AI provider to use in your settings. You can also bring your own API key, in which case you have a direct commercial relationship with the AI provider and their terms apply to your data.

Analytics

We do not currently use any third-party analytics provider. All usage measurement is done in our own database on our own infrastructure. If we add privacy-friendly analytics in the future (for example, Plausible Analytics), we will update this page before enabling it.

How long we keep your data

We keep your data while your account is active. When you close your account or ask for deletion:

  • Your account, credentials, and stored conversations are deleted within 30 days
  • Encrypted backups may persist for up to 30 additional days for disaster recovery, after which they are purged
  • We may retain certain records (invoices, legal records) longer if required by law

You can request deletion anytime by emailing hello@leadash.app.

Your rights

Depending on where you live, you have rights over your data. These include:

  • Access — get a copy of the data we have about you
  • Correction — ask us to fix inaccurate data
  • Deletion — ask us to delete your data
  • Portability — receive your data in a machine-readable format
  • Objection — ask us to stop certain uses of your data

To exercise any of these rights, email hello@leadash.app. We'll respond within 30 days.

If you are a California resident

Under the California Consumer Privacy Act (CCPA) and CPRA, you have the rights listed above. We do not sell or share your personal information.

If you are in another US state with a consumer privacy law

Residents of Virginia, Colorado, Connecticut, Utah, Texas, Oregon, Montana, and other states with consumer privacy laws have the rights listed above. Contact us at hello@leadash.app to exercise them.

If you are outside the United States

Leadash is operated from the United States and currently serves US-based customers. If you access the service from outside the US, your data will be transferred to and processed in the United States. We do not currently target or solicit customers in the European Union or the United Kingdom.

Security

We take reasonable steps to protect your data:

  • All traffic is encrypted with HTTPS/TLS
  • Passwords are hashed with bcrypt
  • Third-party credentials (CRM API keys, AI provider keys) are encrypted at rest
  • Each customer's data lives in a dedicated isolated database
  • Access to production systems is restricted and logged
  • The architecture has been reviewed by a security auditor
  • We log security-relevant events and monitor for unauthorized access

No system is 100% secure. If a breach affects your data, we will notify you promptly and within the timeframe required by applicable law.

Your responsibilities under messaging laws

Leadash helps you manage conversations across your lead accounts. You remain solely responsible for compliance with laws governing your communications, including the Telephone Consumer Protection Act (TCPA), the CAN-SPAM Act, and any applicable state telemarketing laws. Leadash does not initiate messages on its own — you approve every reply (in Review mode) or set the rules the AI follows (in Auto mode).

Children

Leadash is a business tool intended for real estate professionals. It is not directed to children under 16, and we do not knowingly collect data from children. If you believe we've collected data from a child, contact us and we'll delete it.

Changes to this policy

We may update this policy from time to time. When we make material changes, we'll update the "Last updated" date at the top and notify you by email or in-app notice. Continued use of the service after changes means you accept the updated policy.

Contact us

Questions, complaints, or requests about this policy?

Email: hello@leadash.app


This policy is written in plain English to be easy to understand. If anything is unclear, email us and we'll explain.

LeadashLeadash — AI lead qualification for real estate wholesalers
Privacy Policy Terms of Service hello@leadash.app
Leadash does not independently initiate messages. You approve every reply in Review mode, or configure the rules in Auto mode — either way, you remain the sender of record. You are solely responsible for compliance with TCPA, CAN-SPAM, and the terms of service of any connected third-party platform.