Back
Privacy Policy for Coffee Leads
Last Updated: April 4, 2026
This Privacy Policy describes how Coffee Leads ("we," "us," or "our"), operated by Pierre Rondeau (micro-entrepreneur, France), collects, uses, and protects your personal information when you use our website at https://coffeeleads.ai (the "Service").
By using the Service, you agree to the collection and use of information in accordance with this policy.
IMPORTANT: This Service involves the collection and processing of publicly available LinkedIn data. Please read Section 3 carefully.
1. Data Controller
Pierre Rondeau
Micro-entrepreneur, France
SIREN: 850976713
5 Chemin Du Vieux Clos, 44340 Bouguenais, France
Email: hello@prometh-ai.com
2. Information We Collect
2.1 Account Information
When you create an account, we collect:
- Full name
- Email address
- Profile picture (via Google OAuth)
- LinkedIn profile URL (provided by you during onboarding)
- Company website URL (provided by you during onboarding)
- Industry and target audience preferences
2.2 Payment Information
When you subscribe, our payment processor Stripe collects:
- Credit/debit card details
- Billing address
- Transaction history
We do not store your card details on our servers. All payment data is handled by Stripe (https://stripe.com/privacy).
2.3 Usage Data
We automatically collect:
- Lead interaction data (ratings, notes, hooks copied)
- Dashboard activity and feature usage
- Login timestamps and session data
- Browser type, device, and IP address
2.4 LinkedIn Data (Publicly Available)
Our Service collects publicly available information from LinkedIn to generate leads for you, including:
- Professional names and job titles
- Company names and industries
- Public post content and engagement metrics
- Professional profile summaries
This data is sourced from publicly available LinkedIn profiles and posts. We do not access private LinkedIn messages, connections lists, or any non-public information.
2.5 Cookies
We use essential cookies for authentication and session management. See Section 9.
3. How We Use Your Information
We process your data for the following purposes:
| Purpose | Legal Basis (GDPR Art. 6) |
|---------|--------------------------|
| Provide and operate the Service | Performance of contract (Art. 6.1.b) |
| Process payments and billing | Performance of contract (Art. 6.1.b) |
| Generate and deliver daily leads | Performance of contract (Art. 6.1.b) |
| AI-powered lead scoring and hook generation | Legitimate interest (Art. 6.1.f) |
| Send daily morning lead emails | Performance of contract (Art. 6.1.b) |
| Improve the Service and fix bugs | Legitimate interest (Art. 6.1.f) |
| Prevent fraud and abuse | Legitimate interest (Art. 6.1.f) |
| Comply with legal obligations | Legal obligation (Art. 6.1.c) |
4. AI Processing
We use artificial intelligence (Anthropic Claude API) to:
- Analyze LinkedIn signals and score lead relevance
- Generate personalized outreach hooks
- Learn from your feedback to improve lead quality over time
AI processing is used to assist you, not to make automated decisions with legal effects. You always retain control over which leads to contact and how.
5. Data Sharing and Subprocessors
We share your data with the following third-party service providers, solely to operate the Service:
| Provider | Purpose | Location |
|----------|---------|----------|
| Supabase | Database hosting | United States |
| Vercel | Application hosting | United States |
| Railway | Backend engine hosting | United States |
| Stripe | Payment processing | United States |
| Resend | Transactional emails | United States |
| Unipile | LinkedIn data access | France |
| Anthropic (Claude API) | AI processing | United States |
| Google | OAuth authentication | United States |
For US-based providers, data transfers are protected under the EU-US Data Privacy Framework or Standard Contractual Clauses (SCCs).
We do not sell, rent, or trade your personal information to any third party.
6. Data Retention
| Data Type | Retention Period |
|-----------|-----------------|
| Account information | Duration of your account + 3 years |
| Payment records | 10 years (French tax law) |
| Usage data (ratings, notes) | Duration of your account |
| Lead data | 90 days after delivery |
| Server logs | 12 months |
When your account is deleted, we anonymize or delete your personal data within 30 days, except where retention is required by law.
7. Your Rights (GDPR)
Under the General Data Protection Regulation, you have the right to:
- Access: Request a copy of your personal data
- Rectification: Correct inaccurate data
- Erasure: Request deletion of your data ("right to be forgotten")
- Restriction: Limit how we process your data
- Portability: Receive your data in a structured, machine-readable format
- Objection: Object to processing based on legitimate interest
- Withdraw consent: Where processing is based on consent
To exercise any of these rights, contact us at hello@prometh-ai.com. We will respond within 30 days.
You also have the right to lodge a complaint with the French data protection authority:
CNIL - Commission Nationale de l'Informatique et des Libertes
https://www.cnil.fr
8. Your Rights (CCPA - California Residents)
If you are a California resident, you have the right to:
- Know what personal information we collect and how it is used
- Request deletion of your personal information
- Opt out of the sale of personal information (we do not sell your data)
- Non-discrimination for exercising your privacy rights
9. Cookies
We use the following cookies:
We use only strictly necessary cookies for the Service to function:
- Session token: used to keep you logged in during your browsing session. This cookie is essential for authentication and expires when you close your browser or after your session ends.
- CSRF token: used to protect against cross-site request forgery attacks. This is a security cookie that expires with your session.
We do not use analytics, advertising, or marketing cookies. Because we only use strictly necessary cookies, no cookie consent banner is required under the ePrivacy Directive.
10. Children's Privacy
Coffee Leads is a B2B professional service not intended for individuals under 18. We do not knowingly collect data from minors.
11. Security
We implement appropriate technical and organizational measures to protect your data, including:
- Encryption in transit (HTTPS/TLS)
- Row-level security on our database
- API key authentication with rate limiting
- Secure password hashing (bcrypt)
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the Service. Continued use of the Service after changes constitutes acceptance of the updated policy.
13. Contact
For any questions about this Privacy Policy or to exercise your rights:
Email: hello@prometh-ai.com
Website: https://coffeeleads.ai