Legal

Privacy Policy

Last updated: 2026-05-14

This Privacy Policy explains how Clearmont Digital LLC, trading as InnLead.ai ("InnLead.ai", "we", "us"), collects, uses, stores, and discloses information when you use our website at www.innlead.ai and our AI sales intelligence platform (collectively, the "Service").

1. Who we are

Clearmont Digital LLC is a Wyoming, USA limited liability company, trading as InnLead.ai. For privacy questions, contact hello@innlead.ai.

2. Information we collect

2.1 Information you provide

  • Account details — name, work email, company, role, and country submitted via contact, signup, or onboarding forms.
  • Product catalog data — product specifications, pricing, target segments, and other commercial information you upload so the platform can match your products to hotel renovation signals.
  • Outreach configuration — target markets, hotel segments, exclusion lists, and brand voice samples you provide.

2.2 Information we collect when you connect a mailbox

To send outreach from your own email address, you may grant InnLead.ai OAuth 2.0 access to your Google Workspace (Gmail) or Microsoft 365 mailbox. When you do:

  • We never see, request, or store your password. OAuth tokens are issued by your provider and revocable from your provider's account settings at any time.
  • We store the OAuth refresh token encrypted at rest using column-level encryption (pgsodium) so that only the application can decrypt it.
  • We use the token only to send approved outreach from your address and to read direct replies to that outreach for sentiment classification. We do not scan, index, train models on, or sell the contents of your mailbox.

2.3 Information we collect automatically

  • Site analytics — pseudonymous traffic metrics (page views, referrer, country, device class) via Cloudflare Web Analytics and Clicky. No third-party advertising cookies.
  • Application logs — request metadata (timestamp, IP address, user agent, URL) retained for operational debugging and abuse prevention, typically for up to 90 days.

2.4 Information we collect from public sources

The Service ingests publicly available business intelligence used to surface hotel renovation, opening, and procurement signals — including industry publications, brand press releases, public LinkedIn company pages, construction permits, and Google News. This data describes hotels and brands, not site visitors.

3. How we use information

  • Operate and improve the Service: match your products to live renovation projects, generate draft outreach, classify replies, and produce performance dashboards.
  • Authenticate users, prevent abuse, and protect against fraud or unauthorized access.
  • Send transactional emails about your account, billing, and material changes to the Service.
  • With your explicit consent, send product updates and educational content. You can opt out from any marketing email at any time.

We do not sell your data. We do not share your product catalog, outreach drafts, or reply data with other InnLead.ai customers.

4. Legal bases (EU/UK users)

For users in the EU and UK, we process personal data under one or more of the following legal bases under the GDPR / UK GDPR:

  • Contract — to deliver the Service you have signed up for.
  • Legitimate interests — to operate, secure, and improve the Service; to send B2B outreach to corporate role mailboxes where you have authorized us to act on your behalf and in compliance with applicable law.
  • Consent — for optional marketing email; you can withdraw consent at any time.
  • Legal obligation — to comply with applicable law, including responding to lawful requests from public authorities.

5. Where data is stored

Application data is stored in Supabase (PostgreSQL) with encryption at rest and in transit. The front end runs on Cloudflare Pages. Background AI workers run on Railway. Both Supabase and our hosting providers maintain SOC 2 compliance. Data may be processed in the United States and the European Union. When transferring personal data out of the EEA / UK, we rely on Standard Contractual Clauses where applicable.

6. Retention

  • Account, configuration, and catalog data: retained for the life of your account and deleted within 30 days of account closure, unless we are required to retain it for legal or accounting purposes.
  • Reply content: retained for the life of the relevant campaign so sentiment, follow-ups, and dashboards remain accurate; deleted on request or at account closure.
  • Application logs: up to 90 days.
  • Billing records: retained as required by applicable accounting and tax law.

7. Sharing with third parties

We share personal data only with subprocessors that are necessary to operate the Service, under written confidentiality and data-protection terms:

  • Hosting and infrastructure: Cloudflare, Supabase, Railway.
  • AI model providers: Anthropic, Google (Vertex AI), and OpenAI, for the specific text generation tasks the Service performs. Prompts containing your data are not used to train provider foundation models.
  • Email delivery: Google (Gmail API) and Microsoft (Graph API), invoked under your OAuth grant.
  • Analytics: Cloudflare Web Analytics, Clicky.
  • Payments: Stripe (for paid plans).

We may disclose information when required to comply with applicable law, valid legal process, or to protect the rights, property, or safety of InnLead.ai, our users, or others.

8. Your rights

Subject to applicable law (including the GDPR, UK GDPR, and the California Consumer Privacy Act), you have the right to access, correct, export, restrict, or delete your personal data, and to object to certain processing. To exercise these rights, email hello@innlead.ai. We will respond within 30 days. You also have the right to lodge a complaint with a supervisory authority in your country of residence.

9. Cookies

We use a minimal set of cookies for site analytics and to remember UI preferences. We do not use third-party advertising cookies and we do not run cross-site tracking. You can disable cookies in your browser; the Service remains functional without them.

10. Children

The Service is intended for business users and is not directed to children under 16. We do not knowingly collect personal information from children.

11. Security

We use encryption in transit (TLS) and at rest, OAuth-based mailbox access (no stored passwords), least-privilege access controls, isolated environments, and routine backups. No system is perfectly secure; if you become aware of a vulnerability or incident, please contact hello@innlead.ai.

12. Changes

We may update this Policy. Material changes will be announced on this page with an updated "Last updated" date and, where required by law, through direct notice. Continued use of the Service after a change indicates acceptance of the updated Policy.

13. Contact

Clearmont Digital LLC, trading as InnLead.ai
Email: hello@innlead.ai
See also our Terms of Service.