Legal

Privacy Policy

Working draft for legal review. Replace every bracketed placeholder and align the text with how the Service actually operates—including data flows, subprocessors, and jurisdictions—before publication.

Effective date: May 2, 2026  |  Last updated: May 2, 2026

This Privacy Policy describes how [your legal name / entity] (“we,” “us,” “our”) handles personal information when you use Leonid Customizable Suite websites, apps, accounts, and related services (the “Service”). It should be read together with our Terms of Service.

1. Scope

This policy applies to personal information we process as a controller or business in connection with the Service. It does not cover third-party sites or services that we link to; their policies govern those services.

2. Information we collect

Depending on how you use the Service, we may collect:

  • Account & profile: name, email, password hashes, profile or avatar data, preferences, and similar details you provide.
  • Usage & device: log and diagnostic data (e.g. IP address, approximate location, browser or app version, device type, timestamps, pages or features used, error reports).
  • Cookies & similar technologies: identifiers and preferences as described in our cookie controls or notices where we use them.
  • Communications: content of support requests, feedback, or email you send us.
  • Payment-related information: if you pay us, our payment processor handles card data; we may receive limited billing metadata (e.g. subscription status) from them.

Provide accurate information and update it as needed.

3. How we use information

We use personal information to:

  • Provide, secure, and improve the Service;
  • Authenticate users and personalize experiences;
  • Communicate about the Service, security, and policy updates;
  • Detect, prevent, and respond to fraud, abuse, and technical issues;
  • Comply with law and enforce our terms;
  • Analyze aggregate or de-identified usage where permitted.

4. Legal bases (EEA, UK, and similar regions)

Where required, we rely on one or more of: contract (providing the Service), legitimate interests (e.g. security and product improvement, balanced against your rights), consent (where we ask for it), and legal obligation.

5. Sharing

We may share personal information with:

  • Service providers who process data on our instructions (e.g. hosting, email delivery, analytics, security);
  • Professional advisors when necessary (e.g. lawyers, auditors);
  • Authorities when required by law or to protect rights, safety, and security;
  • Business transfers in a merger, acquisition, or asset sale, subject to appropriate safeguards.

We do not sell personal information for monetary consideration within the meaning of the U.S. state privacy statutes that apply to our operations [counsel: confirm against products, ads, and analytics vendors]. If our practices change, we will update this policy and any legally required disclosures.

6. International transfers

We may process data in countries other than where you live. Where required, we use appropriate safeguards (such as standard contractual clauses or equivalent mechanisms) for cross-border transfers.

7. Retention

We retain personal information for as long as needed to provide the Service, fulfill the purposes in this policy, resolve disputes, and meet legal, security, and operational requirements. Retention periods vary by data type and context.

8. Security

We implement technical and organizational measures designed to protect personal information. No method of transmission or storage is completely secure; we cannot guarantee absolute security.

9. Your rights & choices

Depending on where you live, you may have rights to access, correct, delete, or export personal information; object to or restrict certain processing; withdraw consent where processing is consent-based; and lodge a complaint with a supervisory authority. You may also have rights under U.S. state laws (e.g. California) such as knowing categories of data collected, requesting deletion, or opting out of certain sharing, depending on applicable law. To exercise rights, contact [contact email or form]. We may verify requests as permitted by law.

10. Children

The Service is not directed at children under the age we allow for accounts (commonly 13, 16, or 18). We do not knowingly collect personal information from children below that age in a way that violates applicable law. Contact us if you believe we have done so.

11. Changes

We may update this Privacy Policy from time to time. We will post the revised policy and update the “Last updated” date. Where required, we will provide additional notice.

12. Contact

Questions or requests: [contact email or postal address]. If you are in the EEA/UK, you may also contact our representative [if any] at [optional].