Privacy Policy

How LEO Bizdev protects personal data, handles GDPR obligations, and works with subprocessors.

Privacy Policy and Data Processing Agreement

LEO Bizdev is a solution provided, developed and marketed by SalesTech.

SalesTech is a French simplified joint-stock company ("société par actions simplifiée") with share capital of EUR 12,500, registered with the Nanterre Trade and Companies Register under number 834 439 861, whose registered office is located at 120, rue Jean Jaurès, 92300 Levallois-Perret, France.

This document describes LEO Bizdev's commitments regarding the protection of personal data. It serves as a privacy policy and data processing agreement within the meaning of Article 28 of Regulation (EU) 2016/679 of April 27, 2016 (GDPR), when LEO Bizdev processes personal data on behalf of a Client.

By using the LEO Bizdev solution, the Client acknowledges that they have read and accepted the terms of this document.

The Services are intended for professional users.

For any question relating to data protection, including breach notifications or rights requests, contact Céline Froidefond at celine@leobizdev.ai.

1. Definitions

Client: means any individual professional or legal entity using the LEO Bizdev solution.

User: means any individual using LEO Bizdev on behalf of the Client or in their own name in a professional context.

Prospect: means an individual or professional contact identified, imported, analyzed, enriched or monitored in connection with the use of LEO Bizdev.

Personal Data: means any information relating to an identified or identifiable natural person.

Controller: means the person who determines the purposes and means of processing. In connection with prospecting campaigns carried out through LEO Bizdev, the Client generally acts as Controller.

Processor: means the person who processes personal data on behalf of the Controller. In this context, SalesTech, through LEO Bizdev, generally acts as Processor for the Client.

Subprocessor: means a provider used by LEO Bizdev to provide certain technical components of the Service.

Compatible Third-Party Services: means external services connected to or used with LEO Bizdev, including LinkedIn, compatible messaging services, payment providers, hosting providers, support providers or artificial intelligence providers.

2. Roles and responsibilities

In connection with the use of LEO Bizdev, the Client determines the purposes and means of the processing operations it carries out, including the prospects to contact, the messages to send, the channels used, the contact databases imported or built, and the prospecting rules configured.

The Client remains responsible for the lawfulness of its processing operations, the information provided to data subjects, respect for their rights, the compliance of its prospecting campaigns and the applicable legal basis.

LEO Bizdev acts as Processor when the solution processes personal data on behalf of the Client, according to the Client's documented instructions and for the purposes necessary to provide the Services.

LEO Bizdev may also act as Controller for certain processing operations carried out on its own behalf, including client account management, billing, support, security, maintenance, website management and Service improvement within the limits set out in this document.

3. Purposes of processing

LEO Bizdev may process personal data for the following purposes:

  • creating, managing and securing User accounts;
  • providing the B2B prospecting features of the Platform;
  • identifying, selecting, analyzing, scoring, enriching and adding prospects;
  • generating personalized prospecting messages, emails, LinkedIn messages and call scripts;
  • preparing or executing certain prospecting actions in Copilot Mode or Autopilot Mode, depending on the active plan, available credits, configured rules and User validations;
  • synchronizing, when the Client or authorized User activates it, compatible messaging services, including Outlook and Gmail, in order to enable the sending of prospecting emails, reply tracking and targeted verification of prior exchanges with identified prospects;
  • tracking action history, replies, tags, stages and prospecting performance;
  • managing subscriptions, payments, invoices and payment methods;
  • providing customer support, technical maintenance, security and abuse prevention;
  • analyzing use of the solution in order to maintain and improve its performance, reliability and usability;
  • complying with applicable legal, accounting, tax and regulatory obligations.

LEO Bizdev does not make telephone calls on behalf of the User. The Platform may search for a phone number, generate a call script, request the outcome of a call and record the information entered by the User.

4. Categories of data processed

The Platform may process several categories of data, including:

  • User account data: last name, first name, email address, telephone number, encrypted password, login information;
  • billing and payment data, processed in particular through Stripe;
  • business data entered or generated: offers, personas, sales strategy, prospecting preferences, campaign rules;
  • prospect data: professional profiles, company information, contact details, scoring, tags, stages, action history;
  • data from LinkedIn Synchronizations when the User activates the relevant features;
  • data from compatible messaging services, including Outlook and Gmail, when email synchronization is activated;
  • usage data, technical logs, support information and communications with SalesTech.

Data from compatible messaging services may include the email address of the connected User, message metadata, senders, recipients, dates, subjects, and the content or excerpts of messages strictly necessary for the activated features, including sending emails, detecting existing exchanges with identified prospects, tracking replies and preventing duplicate contacts.

Email synchronization does not constitute a generalized analysis of the connected mailbox. LEO Bizdev uses email access only for the purposes documented in this document.

The Platform is not intended to collect sensitive data within the meaning of the GDPR, such as data relating to racial or ethnic origin, political opinions, religious beliefs, health, sex life or sexual orientation. The Client and the User undertake not to communicate such data through the Platform, except where required by law or with express and properly framed agreement.

5. Legal basis and information of data subjects

The Client declares that it has an appropriate legal basis for the data processing operations carried out through the LEO Bizdev solution, including in the context of B2B commercial prospecting, based on its legitimate interest within the meaning of Article 6(1)(f) of the GDPR where this basis is applicable.

In connection with this prospecting, the Client undertakes in particular to:

  • contact only persons acting in a professional context and for offers related to their duties or professional needs;
  • inform data subjects clearly and proportionately, including by indicating its identity and the purpose of the message;
  • provide, in each communication, a simple and free opt-out mechanism.

The Client remains solely responsible for assessing the applicable legal basis, informing data subjects, maintaining its own records and complying with the rules applicable to commercial prospecting.

LEO Bizdev does not use data processed on behalf of the Client for purposes other than those provided for in this document and does not carry out any direct prospecting on its own behalf using such data.

6. Data, AI and model training

Client data, User data and prospect data processed in LEO Bizdev are not resold.

Client and prospect data are not used by LEO Bizdev to train internal or third-party artificial intelligence models.

LEO Bizdev may use artificial intelligence providers to deliver certain generation, analysis, scoring, recommendation or enrichment features, within the limits necessary to provide the Service and in accordance with the safeguards provided for in this document.

Content generated by LEO Bizdev may require human verification by the User. The User remains responsible for the content validated, sent or used in connection with their campaigns.

7. Retention period

Personal data is retained for the period strictly necessary for the purposes described in this document and while the Client has an active account.

Upon closure or deletion of the account, LEO Bizdev applies a maximum retention period of three (3) months for legal or technical reasons, possible post-contractual requests, support needs or the defense of SalesTech's rights.

After this period, the data is irreversibly deleted, subject to applicable retention obligations.

Certain data necessary to comply with legal, accounting or tax obligations, including billing data, may be retained for the period required by applicable regulations.

Anonymized technical logs or aggregated data may be retained for a longer period for security, maintenance, analysis or Service improvement purposes.

The Client is responsible for exporting and backing up its data before closure of its account or the end of its paid subscription.

8. Security measures

LEO Bizdev implements appropriate technical and organizational measures to ensure the confidentiality, integrity and availability of personal data, in accordance with Article 32 of the GDPR.

These measures include in particular:

  • secure hosting through MongoDB and AWS;
  • password encryption;
  • secure HTTPS/TLS exchanges;
  • restricted access management through authentication and roles;
  • regular backups and restoration tests;
  • internal security and confidentiality policies;
  • a contractual confidentiality obligation applicable to SalesTech employees.

The User nevertheless acknowledges that the Internet is not a perfectly secure environment and that LEO Bizdev cannot guarantee the total absence of unauthorized access.

9. Data location

Personal data processed through the LEO Bizdev solution is hosted in France, within the European Union.

The main infrastructure relies on Amazon Web Services (AWS), with servers located in France, as well as MongoDB Atlas configured on infrastructure located in France.

No data is stored outside the European Union as part of the main hosting of the solution.

10. Subprocessors

LEO Bizdev may use subprocessors to perform certain technical services necessary to provide the Service, including hosting, support, payment, synchronization and artificial intelligence.

The current list of subprocessors is as follows:

Subprocessor Purpose
MongoDB Hosting and secure management of databases
Amazon Web Services (AWS) Cloud hosting and server infrastructure
OpenAI Generative artificial intelligence
Anthropic Generative artificial intelligence
Intercom Customer support, support messaging and management of user exchanges
Stripe Secure payment processing
Unipile Synchronization of compatible professional messaging services, including Outlook and Gmail
FullEnrich Corp Search, enrichment and verification of professional contact details, including emails and phone numbers

Stripe processes payments securely. LEO Bizdev does not store full payment card data.

Unipile acts as a technical synchronization subprocessor and enables, in particular, email sending, reply tracking and targeted review of exchanges related to identified prospects.

FullEnrich Corp acts as a technical enrichment subprocessor and enables, in particular, the search, enrichment and verification of professional contact details associated with identified prospects.

LEO Bizdev makes available to the Client the up-to-date list of its subprocessors and the documentation relating to the compliance safeguards implemented.

11. Transfers outside the European Economic Area

The main hosting of data is carried out in France, within the European Union.

However, certain specific subprocessors, in particular those related to artificial intelligence features, may involve transfers of data outside the European Economic Area, including to the United States.

LEO Bizdev ensures that these transfers are governed in accordance with the requirements of the GDPR, in particular through the implementation of Standard Contractual Clauses (EU Decision 2021/914) and/or adherence to the Data Privacy Framework where this mechanism is applicable.

These measures are intended to ensure an adequate level of protection in accordance with Articles 44 to 49 of the GDPR.

12. Cookies and trackers

The LEO Bizdev website uses only technical cookies necessary for the proper functioning of the site and associated services, as well as cookies or trackers related to Intercom for support and management of user exchanges.

LEO Bizdev does not use advertising cookies or advertising tracking pixels on the marketing website.

The User may configure their browser to block certain cookies. However, blocking technical cookies may affect the normal functioning of the site or certain services.

13. Rights of data subjects

In accordance with Articles 15 to 22 of the GDPR, each data subject has in particular a right of access, rectification, erasure, restriction, objection and portability, under the conditions provided for by the applicable regulations.

When LEO Bizdev acts as Processor for the Client, LEO Bizdev assists the Client within the limits of its technical and organizational means in order to enable the Client to respond to rights requests.

In the event of a direct request received from a data subject, LEO Bizdev may inform the Client without undue delay and does not respond directly to the request without prior instruction from the Client, unless otherwise required by law.

The Client, as Controller, remains responsible for assessing the merits of requests received, communicating responses to data subjects and complying with the legal deadlines provided for by the GDPR.

Any request relating to personal data may be sent to Céline Froidefond at celine@leobizdev.ai.

14. Data export by the Client

If the Client exports data from LEO Bizdev, including in CSV files or by any other means made available by the Platform, the Client becomes fully responsible for the management, security and compliance of these files.

LEO Bizdev shall not be held liable for the processing of this data outside the Platform after its export by the Client.

15. Audit and cooperation

The Client may request reasonable information enabling it to verify compliance with this document, within the limits necessary to protect the security, confidentiality, trade secrets and proper functioning of LEO Bizdev.

LEO Bizdev undertakes to cooperate in good faith and provide the information reasonably necessary to verify compliance with this document.

In the event of an inspection by a competent authority, LEO Bizdev will inform the Client to the extent permitted by law and provide appropriate assistance when the inspection concerns processing operations carried out on behalf of the Client.

16. Data breach

In the event of a personal data breach affecting data processed on behalf of the Client, LEO Bizdev will notify the Client within a maximum period of forty-eight (48) hours after becoming aware of it.

This notification will specify, to the extent information is available:

  • the nature of the breach;
  • the categories of data concerned;
  • the likely consequences of the breach;
  • the corrective and preventive measures implemented or envisaged.

The Client remains responsible for notifying the CNIL and, where applicable, the data subjects, when such notification is required by the applicable regulations.

17. End of contract

At the end of the contractual relationship, data is deleted within a maximum period of three (3) months, unless otherwise required by law or temporarily required for technical reasons.

The Client may request the return of data before deletion, through the available export features or by written request where technically possible.

No return of data may be carried out after permanent deletion of the data.

18. Amendments

SalesTech may update this document to reflect legal, regulatory, technical or operational developments.

In the event of a significant amendment, the Client may be informed by any appropriate means, including by email, notification or display on the Platform.

Continued use of LEO Bizdev after notification or publication of the updated version constitutes acceptance of the amended document, subject to mandatory applicable legal provisions.

19. Applicable law and competent jurisdiction

This document is governed by French law.

Any dispute relating to its interpretation or performance shall be submitted to the competent courts within the jurisdiction of the Versailles Court of Appeal, subject to any mandatory applicable rules.