Privacy Policy
1. Overview
Leadin Solutions LLC ("Leadin," "we," "us," or "our") operates a customer intake platform for plumbing and home service businesses. This Privacy Policy explains how we collect, use, disclose, and protect information in connection with our platform and website at leadin.solutions.
We operate in two distinct capacities: as a data controller for information we collect through our website and from our business customers (plumbing companies); and as a data processor for end-customer information collected on behalf of our business customers through the intake platform. When a homeowner interacts with the intake system, that homeowner's data is controlled by the plumbing company they contacted — not by Leadin Solutions. This distinction governs how we handle disclosure requests, data rights, and law enforcement obligations.
2. Information We Collect
Business customer information: When a plumbing company signs up for Leadin, we collect the business owner's name, business name, email address, phone number, billing information, and configuration details including service area, team structure, and integration preferences.
End-customer intake data (processed on behalf of business customers): Through the intake platform, we collect information from the customers of our business customers, including names, phone numbers, property addresses, service request descriptions, urgency classifications, job category, and any details shared during the intake conversation. This data is collected and processed on behalf of the plumbing company — Leadin Solutions is a data processor, not a data controller, for this category of information.
Usage and performance data: We collect aggregate information about how the platform is used, including intake volume, response times, job card delivery confirmations, and system performance metrics. This data is used in anonymized, aggregate form.
Website data: When you visit leadin.solutions, we may collect standard web analytics data including IP addresses, browser type, pages visited, and referring URLs.
3. How We Use Information
We use business customer information to provide, operate, maintain, and improve the Service; to process payments; to communicate about your account; and to send service-related notifications and updates.
We use end-customer intake data solely to perform the intake services contracted by the relevant business customer. We do not use end-customer data for our own marketing, do not sell it to third parties, and do not use it for any purpose other than delivering the contracted service.
We use usage and performance data to monitor platform health, identify and resolve technical issues, and generate aggregate anonymized analytics. Individual intake records are not used to train AI models without explicit opt-in from the relevant business customer.
4. AI Processing of Intake Data
The Leadin platform uses an AI language model to process the content of intake conversations — classifying job type, assessing urgency, and generating structured Job Cards. Job descriptions and relevant context are transmitted to a third-party AI provider (OpenAI) for this processing. Before transmission, we strip personally identifiable fields (name, phone number) from the content sent to the AI where technically feasible, sending only the job description and relevant contextual details required for classification.
We have configured our AI processing under commercial data handling terms that limit the provider's use of submitted data. We do not permit the AI provider to use intake conversation content to train public AI models.
5. SMS Messaging
The Leadin platform sends automated SMS messages to end-customers on behalf of business customers in response to inbound calls. All messages identify the sending business and the automated nature of the system. Automated messages are sent only between 8:00 a.m. and 8:00 p.m. in the recipient's local time zone, in compliance with Washington State law (RCW 80.36.400) and the federal Telephone Consumer Protection Act (TCPA, 47 U.S.C. § 227).
End-customers who reply STOP are immediately opted out of further automated messages from that business's Leadin system. Opt-out records are maintained permanently in hashed form. Message and data rates may apply based on the recipient's mobile carrier plan.
6. Data Sharing and Disclosure
We do not sell personal information. We share information only in the following circumstances:
With business customers: End-customer intake data is shared with the plumbing company that contracted our services — this is the core function of the platform.
With service providers (subprocessors): We share limited data with: Twilio (SMS delivery — phone numbers and message content); OpenAI (AI processing — job description content, PII-stripped where feasible); Airtable (job record storage); Make.com (workflow automation); Railway (hosting infrastructure); and Slack (notification delivery). Each subprocessor is engaged under data handling terms appropriate to their role.
As required by law: We may disclose information when required by valid legal process (see Section 8 — Law Enforcement and Legal Process). We will notify affected business customers to the extent permitted by law.
Business transfers: In the event of a merger, acquisition, or sale of substantially all assets, customer information may be transferred as part of that transaction with advance written notice to affected business customers.
Emergency disclosures: We may voluntarily disclose information to law enforcement in emergency situations involving an immediate risk of death or serious physical injury as permitted by 18 U.S.C. § 2702(b)(8), without prior legal process.
7. Data Retention and Legal Hold
End-customer PII (name, phone number, address): Retained for 90 days following job completion or cancellation, then permanently deleted from all systems including primary database, Airtable, and Make.com execution logs. This deletion is automated and runs nightly.
Anonymized job metadata (job category, urgency classification, outcome, timestamps — all PII fields removed): Retained for up to 3 years to support platform analytics and provide a litigation defense record aligned with Washington's Consumer Protection Act statute of limitations (RCW 19.86.120).
Opt-out records: The suppressed phone number is retained permanently in hashed, non-reversible form to enforce suppression. No other information is retained for opted-out contacts.
Business customer account data: Retained for the duration of the subscription and for 90 days following termination to allow for data export, after which it is deleted.
Legal hold override: Notwithstanding the retention periods above, if we receive a valid legal preservation request from law enforcement (see Section 8), or if we reasonably anticipate or become aware of actual or potential litigation, regulatory inquiry, or legal proceeding, we will immediately suspend scheduled deletion of any potentially relevant records and preserve them until the matter is fully resolved. Legal holds take precedence over all standard retention schedules.
Business customers may request earlier deletion of their data or their end-customers' data by contacting hello@leadin.solutions. We will process verified deletion requests within 10 business days, subject to any applicable legal hold obligations.
8. Law Enforcement and Legal Process
Leadin Solutions is subject to the federal Stored Communications Act (SCA, 18 U.S.C. §§ 2701–2713) as a provider of electronic communication services and remote computing services. This statute governs how government authorities may compel us to disclose stored communications and customer records. Our obligations and procedures are as follows:
Content of communications (stored 180 days or less): Law enforcement must present a valid search warrant issued upon probable cause by a court of competent jurisdiction. We will not disclose SMS message content in this category without a warrant.
Content older than 180 days: Law enforcement may obtain access through a court order under 18 U.S.C. § 2703(d) upon a showing of specific and articulable facts, or by warrant.
Non-content subscriber records (account information, phone numbers, timestamps, metadata): Law enforcement may obtain these through a valid administrative subpoena, court order, or search warrant, depending on the specific records requested.
Preservation requests: Upon receipt of a valid law enforcement preservation request, we will preserve the specified records for 90 days, extendable by an additional 90 days upon renewed request, even if those records would otherwise be deleted under our standard retention schedule (18 U.S.C. § 2703(f)).
Emergency disclosures: We may voluntarily disclose information to law enforcement without prior legal process when we reasonably believe there is an emergency involving immediate danger of death or serious physical injury to any person (18 U.S.C. § 2702(b)(8)).
Civil subpoenas: Under the SCA, we generally cannot disclose the content of stored electronic communications in response to a civil subpoena alone. Content records sought in civil litigation must satisfy SCA requirements. We will notify affected business customers of civil data requests to the extent permitted by law.
Notification: We will attempt to notify affected business customers of law enforcement demands for their data prior to disclosure, to the extent permitted by law and not prohibited by a valid court-issued non-disclosure order.
Leadin Solutions will not be liable to any party for disclosures made in good-faith compliance with valid legal process. We are not required to challenge every legal demand; however, we will evaluate the legal sufficiency of demands received and will not comply with demands that are facially invalid.
9. Security
We implement appropriate technical and organizational measures including: TLS 1.2+ encryption for all data in transit; AES-256 encryption for sensitive data fields at rest; role-based access controls limiting PII access to authorized personnel; PII suppression in application logs, error logs, and Slack notifications; and regular security reviews of third-party integrations.
In the event of a data breach affecting personal information, we will notify affected business customers and, where required by Washington's breach notification law (RCW 19.255.010), notify affected individuals within the legally required timeframe (30 days for Washington residents). We will take prompt steps to contain, investigate, and mitigate any breach and will document our incident response per our internal runbook.
10. Your Rights
Business customers may access, correct, export, or request deletion of their account data and their end-customers' job records by contacting hello@leadin.solutions. We will respond to verified requests within 10 business days, subject to any legal hold obligations that may prevent deletion.
End-customers (homeowners who interacted with the intake system) seeking to access, correct, or delete their intake data should contact the plumbing or home service company they engaged directly, as that business is the data controller. Leadin Solutions will cooperate with business customers in fulfilling verified end-customer data rights requests promptly.
11. Washington State Privacy
Washington State residents have rights under applicable state privacy laws including the Washington Consumer Protection Act (RCW 19.86) and the Washington My Health My Data Act (RCW 19.373). Leadin Solutions does not collect consumer health data as defined under the MHMDA in the ordinary course of operating the intake platform, and the MHMDA does not apply to plumbing service intake data.
Leadin Solutions complies with Washington's Commercial Electronic Mail Act (RCW 19.190) and Washington's Automatic Dialing and Announcing Device statute (RCW 80.36.400). Our platform is designed to facilitate return communications to customers who have initiated contact by calling a business — not unsolicited commercial messaging. Violations of these statutes are per se unfair or deceptive acts under Washington's Consumer Protection Act (RCW 19.86) and may result in civil penalties of up to $2,000 per violation and statutory damages of at least $1,000 per violation in private actions.
Washington's CPA provides a 4-year statute of limitations for private civil actions and a 6-year period for Attorney General enforcement actions. Our 3-year retention of anonymized job metadata is calibrated to ensure records are available for litigation defense within these windows.
12. Federal Law Applicability
Federal telecommunications and privacy laws apply to the Leadin platform regardless of whether calls and messages are sent within Washington State. The federal TCPA, the Stored Communications Act, and the Electronic Communications Privacy Act apply based on the nature of the communications and technology used — not the geographic origin or destination of calls. Washington-to-Washington calls remain subject to federal law, and Washington State has enacted additional mini-TCPA protections (RCW 80.36.400) that layer on top of federal requirements.
13. Changes to This Policy
We may update this Privacy Policy from time to time. Material changes will be communicated to active business customers via email with at least 30 days' notice. The "Last updated" date at the top of this policy reflects the most recent revision.
14. Contact
Privacy questions, rights requests, law enforcement legal process, or breach notifications: Leadin Solutions LLC · Spokane, WA · hello@leadin.solutions · leadin.solutions