Privacy Policy

Effective Date: February 24, 2026 · Last Updated: February 27, 2026

1. Introduction

LeakShield Technologies LLC, doing business as LeakGuard AI ("LeakGuard AI," "we," "us," or "our"), respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website at https://leaksshield.com and our revenue leak detection platform (collectively, the "Service").

By using our Service, you acknowledge and agree to the data practices described in this Privacy Policy. For users in the EU/EEA/UK, we process your Personal Data under specific legal bases described in Section 10 — not solely on the basis of your use of the Service. If you do not agree with the practices described in this Privacy Policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

Account Information: When you register for an account, we collect:

  • Full name
  • Email address
  • Company name
  • Industry classification
  • Password (encrypted and stored securely)

Business Data: You may upload business context data for analysis, including:

  • Financial summaries and reports
  • Pricing tables and structures
  • Contract details and terms
  • Revenue data and metrics
  • Other business information relevant to revenue optimization

Communications: When you contact us via email at privacy@leaksshield.com or support@leaksshield.com, we collect the content of your communications and any information you choose to provide.

2.2 Information We Collect Automatically

Usage Data: We automatically collect certain information when you access our Service:

  • IP address
  • Browser type and version
  • Operating system
  • Access times and dates
  • Pages visited and actions taken
  • Referring website addresses

Cookies and Similar Technologies: We use only essential cookies:

  • lg_session — Session authentication cookie (30-day expiry)
  • csrf_token — Cross-site request forgery protection (per-session)

We do not use tracking cookies, analytics cookies, advertising cookies, or third-party cookies.

Do Not Track: Our Service does not track users across third-party websites and therefore does not respond to browser "Do Not Track" (DNT) signals. Because we only use essential cookies and do not engage in cross-site tracking, the effect is the same regardless of your DNT setting.

2.3 Payment Information

All payment processing is handled by Stripe, Inc. We do not collect, store, or process credit card numbers or other payment card information. For information about Stripe's privacy practices, please visit https://stripe.com/privacy.

3. How We Use Your Information

3.1 Service Provision

  • Create and manage your account
  • Provide access to our revenue leak detection platform
  • Process and analyze your business data using artificial intelligence
  • Generate revenue optimization reports and insights
  • Provide customer support and respond to inquiries

3.2 Service Improvement

  • Monitor and analyze usage patterns to improve our Service
  • Develop new features and functionality
  • Ensure security and prevent fraud

3.3 Communications

  • Send transactional emails related to your account and service usage
  • Provide important updates about our Service or this Privacy Policy
  • Respond to your inquiries and support requests

3.4 Legal Compliance

  • Comply with applicable laws and regulations
  • Respond to legal process and government requests
  • Protect our rights and the rights of others

4. Artificial Intelligence Processing

4.1 Third-Party AI Providers

We use vetted third-party technology providers to process your business data for revenue analysis and optimization. These providers operate under strict data processing agreements that require:

  • Processing data solely for the purposes we specify
  • Implementing appropriate security measures
  • Not retaining your data after processing is complete
  • Not using your data for their own purposes or model training

4.2 Data Transmitted for AI Processing

Only business context data (financial summaries, pricing information, contract details) is transmitted to AI providers for analysis. We do not transmit personal information such as names, email addresses, or account details to AI providers.

4.3 Automated Decision-Making (GDPR Art. 22)

Our AI-generated analyses and recommendations are provided for informational purposes only and do not produce legal effects or similarly significant effects on any individual. No automated decisions are made without human review. You retain full discretion over whether and how to act on any analysis output. Accordingly, the restrictions of GDPR Article 22 (automated individual decision-making) do not apply. If you believe an automated output has adversely affected you, contact privacy@leaksshield.com to request human review.

4.4 Sub-Processors

The following third-party providers process data on our behalf:

ProviderPurposeLocationData
Amazon Web ServicesHosting & infrastructureUS East All Service data
Stripe, Inc.Payment processingUS Name, email, billing address, payment
OpenAI, Inc.AI analysis engineUS Business context only — no personal identifiers
OpenRouter (Mash Computer Science LLC)AI model routingUS Business context only — no personal identifiers
Resend, Inc.Email deliveryUS Recipient email, email content

For the full Data Processing Agreement including technical measures and audit rights, see our DPA.

5. How We Share Your Information

We do not sell, trade, or rent your personal information to third parties. We may share your information in the following limited circumstances:

5.1 Service Providers

We may share information with trusted third-party service providers who assist us in operating our Service, including:

  • Cloud hosting providers (Amazon Web Services)
  • Payment processors (Stripe)
  • AI technology providers (for business data analysis only)
  • Security and monitoring services

All service providers are contractually required to protect your information and use it only for the purposes we specify.

5.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal process (subpoenas, court orders)
  • Government investigations
  • Requests from law enforcement
  • Protection of our rights, property, or safety, or that of others

5.3 Business Transfers

In the event of a merger, acquisition, or sale of all or part of our business, your information may be transferred to the acquiring entity, provided that: (a) you are notified at least 30 days before the transfer; (b) the acquiring entity agrees to honor the terms of this Privacy Policy and our DPA; and (c) applicable data protection law (including GDPR transfer requirements) is satisfied. If the acquiring entity intends to use your data for purposes materially different from those described here, we will obtain your consent before such use.

6. Data Security

We implement appropriate technical and organizational security measures to protect your information against unauthorized access, alteration, disclosure, or destruction:

6.1 Technical Safeguards

  • Encryption in transit using TLS 1.2 or higher
  • Encryption at rest for all stored data
  • Multi-tenant architecture with strict data isolation
  • Regular security monitoring and threat detection
  • Secure authentication and access controls

6.2 Organizational Safeguards

  • Regular security audits and assessments
  • Incident response procedures
  • Vendor security requirements and assessments

6.3 Infrastructure Security

Our Service is hosted on Amazon Web Services (AWS) in the US East region, which maintains industry-leading security certifications and compliance standards.

7. Data Retention

7.1 Account Information

We retain your account information for the duration of your subscription plus any legally required retention period.

7.2 Business Data and Analysis Results

  • Analysis results are retained for 12 months from creation, then automatically purged
  • Business data uploaded for analysis is retained for the duration of your active subscription plus 30 days after account termination
  • Raw data submitted for a specific analysis is processed and discarded within 24 hours; only the generated report and summary are retained

7.3 Complimentary Analysis

When you use the complimentary revenue leak analysis, we process the business context you provide solely to generate your report. We do not permanently store raw financial data submitted during the complimentary analysis beyond what is necessary to deliver the report. The generated report and summary findings are retained as part of your account records for up to 12 months.

7.4 Account Deletion

Upon account deletion, we will delete all your personal information and business data within 30 days, except where retention is required by law.

8. Your Privacy Rights

8.1 General Rights

You have the following rights regarding your personal information:

  • Access: Request access to the personal information we hold about you
  • Correction: Request correction of inaccurate or incomplete information
  • Deletion: Request deletion of your personal information
  • Data Portability: Request a copy of your data in a structured, machine-readable format (JSON)
  • Opt-Out: Opt out of non-essential communications

8.2 California Consumer Privacy Act (CCPA) Rights

If you are a California resident, you have additional rights under the CCPA:

Right to Know: You have the right to request information about:

  • Categories of personal information we collect
  • Categories of sources from which we collect personal information
  • Business or commercial purposes for collecting personal information
  • Categories of third parties with whom we share personal information
  • Specific pieces of personal information we have collected about you

Right to Delete: You have the right to request deletion of your personal information, subject to certain exceptions.

Right to Opt-Out of Sale/Sharing: You have the right to opt out of the sale or sharing of your personal information. We do not sell or share personal information as defined under the CCPA/CPRA. Our use of AI sub-processors for analysis does not constitute a "sale" or "sharing" because those providers process data solely on our behalf under contract and do not retain or use it for their own purposes.

Right to Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.

8.3 Exercising Your Rights

To exercise your privacy rights:

  • Self-Service: Many rights can be exercised through your account settings
  • Email Request: Contact us at privacy@leaksshield.com
  • Response Time: We will respond to verified requests within 45 days

We may require verification of your identity before processing your request.

9. Children's Privacy

Our Service is not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If we become aware that we have collected personal information from a child under 18, we will take steps to delete such information promptly.

10. European Economic Area, UK & Swiss Users (GDPR)

10.1 Legal Bases for Processing

If you are located in the EEA, UK, or Switzerland, we process your Personal Data on the following legal bases under Article 6 GDPR:

  • Contract performance (Art. 6(1)(b)): Processing necessary to provide the Service — account management, authentication, analysis, billing, and support.
  • Legitimate interest (Art. 6(1)(f)): Security monitoring, fraud prevention, service improvement, and usage analytics. We have assessed that these interests do not override your data protection rights.
  • Legal obligation (Art. 6(1)(c)): Tax record retention, fraud reporting, and compliance with lawful requests.
  • Consent (Art. 6(1)(a)): Where applicable, for optional communications. You may withdraw consent at any time.

10.2 Your Rights Under GDPR

In addition to the rights in Section 8, if you are in the EEA, UK, or Switzerland you have the right to:

  • Right of Access (Art. 15): Obtain confirmation of processing and a copy of your Personal Data.
  • Right to Rectification (Art. 16): Correct inaccurate data.
  • Right to Erasure (Art. 17): Request permanent deletion of all your data. We will cascade deletion across all systems within 30 days.
  • Right to Restriction (Art. 18): Request that we limit processing while a dispute is resolved.
  • Right to Data Portability (Art. 20): Receive your data in a structured, machine-readable format (JSON).
  • Right to Object (Art. 21): Object to processing based on legitimate interest, including profiling.
  • Right to Lodge a Complaint: You may lodge a complaint with your local supervisory authority (e.g., the ICO in the UK, CNIL in France, BfDI in Germany).

To exercise these rights, contact privacy@leaksshield.com. We will respond within 30 days.

10.3 International Data Transfers

Our Service is hosted in the United States (AWS US East). When your Personal Data is transferred from the EEA, UK, or Switzerland to the United States, we rely on:

  • The EU-U.S. Data Privacy Framework (where applicable).
  • Standard Contractual Clauses (SCCs) — Module 2 (Controller to Processor), as approved by European Commission Implementing Decision (EU) 2021/914.

A copy of the applicable SCCs is available upon request. Our full Data Processing Agreement governs all processing on your behalf.

10.4 Data Protection Contact

For all data protection inquiries:
privacy@leaksshield.com

11. Email Communications

11.1 Transactional Emails

We send transactional emails related to your account and service usage, including:

  • Account creation and verification
  • Password reset requests
  • Billing and subscription notifications
  • Service updates and security alerts

11.2 CAN-SPAM Compliance

All our email communications comply with the CAN-SPAM Act. You may opt out of non-essential communications by following the unsubscribe instructions in any email or by contacting us at privacy@leaksshield.com.

12. Data Breach Notification

In the event of a data breach that affects your personal information:

  • EU/EEA/UK users (GDPR Art. 33-34): We will notify the relevant supervisory authority within 72 hours of becoming aware of the breach (unless the breach is unlikely to result in a risk to your rights). We will notify you directly without undue delay if the breach is likely to result in a high risk to your rights and freedoms.
  • US users: We will notify you in accordance with applicable state breach notification laws (all 50 states have such laws; typical timeframes range from 30 to 60 days). We will also notify applicable state attorneys general where required.
  • All users: Our notification will include: the nature of the breach, the categories and approximate number of individuals affected, the likely consequences, and the measures we have taken or propose to take to address the breach.

13. Third-Party Links

Our Service may contain links to third-party websites or services. This Privacy Policy does not apply to those third-party sites. We encourage you to review the privacy policies of any third-party sites you visit.

14. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we make changes, we will:

  • Update the "Last Updated" date at the top of this Privacy Policy
  • Notify you via email at least 30 days before material changes take effect
  • Post the updated Privacy Policy on our website

For non-material changes (formatting, clarification), updated terms are effective upon posting. For material changes (new data uses, new sub-processors, changes to your rights), we will seek your affirmative acceptance. If you do not accept material changes, you may terminate your account and request data deletion per Section 7.4.

15. Contact Information

If you have any questions about this Privacy Policy or our privacy practices, please contact us:

LeakShield Technologies LLC, d/b/a LeakGuard AI
Email: privacy@leaksshield.com
Support: support@leaksshield.com
Website: https://leaksshield.com