Legal

Privacy Policy

We built LeadFnF because we were tired of analytics tools that treat people's data carelessly. This page explains, in plain language, what we collect, why, and what you can do about it. No legalese walls, no fine print designed to be ignored.

Last updated June 15, 2026

Who we are

LeadFnF is a privacy-friendly web analytics service. Website owners add a small script to their site, and we turn the raw traffic into something useful: pageviews, session replays, heatmaps, funnels, and the occasional AI nudge. We also offer a companion mobile app so those owners can check their numbers on the go.

If you have a question about anything here, you can reach a real person at [email protected].

Two hats we wear

It helps to know which relationship you have with us, because it changes who's responsible for what:

You're our customer

You signed up, you have an account, you use the dashboard or the app. We're the data controller for your account details. That part is covered below.

You visited a site that uses us

We process your visit on the site owner's behalf — we're their data processor. The site owner decides what's collected; we just do the measuring, with privacy guards switched on by default.

Your account information

When you create a LeadFnF account, we keep the things we need to run it:

  • Your name and email address, so we can identify you and send essential service emails.
  • Your password, stored only as a one-way hash. Nobody at LeadFnF can read it.
  • Optional profile details you choose to add — company, timezone, and phone number.
  • An API key we generate for you, and basic billing records (handled by Stripe — see below).

We use this to operate your account, keep it secure, answer your questions, and send the occasional important notice. We don't sell it, and we don't use it for advertising. Full stop.

The LeadFnF mobile app

The app is a window into the analytics you already own. It shows you your account's data — it doesn't go digging through your phone. Here's everything it touches:

  • Sign-in token. After you log in, we store a secure token in your device's encrypted storage (the iOS Keychain or Android Keystore) so you don't have to type your password every time.
  • Push notifications. If you allow them, we register a device token with Firebase Cloud Messaging so we can alert you about things like a site going down, a goal milestone, or a trial ending. You can turn these off any time in the app or your phone's settings.
  • Biometric unlock. Optional. If you switch it on, the fingerprint or face check happens entirely on your device through the operating system. Your biometric data never reaches us — we only get a yes-or-no from the OS.
  • Crash & performance data. When something breaks, we collect crash reports and basic diagnostics (device model, OS version, app version) through Google Firebase so we can fix it. It's tied to making the app stable, nothing more.

The app does not access your contacts, photos, location, microphone, or camera.

Data we collect for site owners

On behalf of the websites that use us, we measure how visitors move through a site: page URLs, time on page and session duration, the referrer that sent them, browser, operating system, device type, and an approximate location (country and city) worked out from the IP address.

This exists to give the site owner an honest picture of their traffic. We never sell it, share it across customers, or feed it to advertising networks.

Session replay

Session replay records mouse movement, clicks, and typed values so site owners can spot where people get stuck. We take the privacy side of this seriously, so these protections are always on and can't be switched off:

Password fields are always masked — the value becomes *** and is never stored.

Email and phone fields are masked by default.

Checkout, payment, account, and settings pages have every input masked automatically.

Anything marked data-lf-block is replaced with a gray placeholder and never recorded.

Masking happens inside the visitor's browser, at the moment of capture. Sensitive values never travel to our servers in the first place. Whether a consent banner appears is up to the site owner, but these field protections apply no matter what.

Cookies & storage

The LeadFnF tracking script sets no cookies. Session tracking uses sessionStorage, which clears the moment you close the tab. If a site owner has turned on a consent banner, your choice is saved in localStorage so we can remember it without a cookie.

IP addresses & anonymization

Visitor IP addresses are anonymized by default before we store them: the last octet of an IPv4 address (or the host portion of an IPv6 address) is zeroed out, so the stored value can't pin down an individual device. We work out the approximate location from the full IP at collection time, before anonymizing, and only the anonymized form is written to our database. Site owners can disable anonymization for their own sites in settings — if they do, full IPs are stored and they take on responsibility for having a proper legal basis.

Where your data lives

Analytics data, session recordings, and account data are stored on servers in the United States (Vultr / The Constant Company, New Jersey). Session recordings additionally live in Cloudflare R2 object storage. We don't currently offer an EU-only data residency option — if your organization needs that, talk to us before subscribing and we'll be straight with you about what's possible.

Who helps us run the service

We keep our list of third parties short and deliberate:

  • Vultr (The Constant Company, LLC) — hosting for the application and database (US).
  • Cloudflare — content delivery and object storage (R2) for session recordings.
  • Stripe — payment processing. Card details never touch our servers.
  • Google Firebase — powers push notifications, crash reporting, and basic usage diagnostics for the mobile app.
  • OpenAI — powers optional AI features (funnel advice, user-flow analysis, weekly digest insights). We only send aggregated, non-identifying statistics: page URLs, view counts, conversion percentages, device and country breakdowns, and goal completions. We never send session recordings, IP addresses, visitor identifiers, or anything from the Identify API. Per OpenAI's API terms, these requests are not used to train their models.

The Identify API

We offer an optional identify API that lets a site owner attach their own user attributes (like a user ID or email) to a session. If you use it, you are the data controller for that information: you need a legal basis (usually the visitor's consent or your contract with them), you must name LeadFnF as a processor in your own privacy policy, and you should only call it for authenticated users who've agreed to your terms. Identified data is deleted along with the rest of your analytics when you delete a site or your account.

Do Not Track

The tracking script respects the browser's navigator.doNotTrack setting. If a visitor has Do Not Track enabled, we collect nothing about their session.

How long we keep things

Analytics and session recordings are retained according to your plan's retention window, after which they're automatically pruned. Account information is kept for as long as your account is open. When you close your account, we delete your personal data within 30 days, except where we're legally required to hold onto certain records (for example, invoices for tax purposes).

Deleting your account & data

You can ask us to delete your LeadFnF account and the personal data tied to it at any time. Email [email protected] from your account address, or send the request through our contact form.

We'll confirm and then permanently delete your account, your sites, their analytics, and any session recordings within 30 days. Records we're legally obliged to keep (such as billing history) are the only exception. Deleting the mobile app from your phone removes the locally stored sign-in token, but you'll still need to send a deletion request to remove the account itself.

How we protect your data

Everything travels over encrypted connections (HTTPS/TLS). Passwords are stored only as salted one-way hashes. Access to production systems is limited to the people who need it. On your phone, your sign-in token sits in the operating system's secure storage. No system is perfectly unbreakable, but we treat your data the way we'd want ours treated.

Your rights

Depending on where you live (for example under GDPR in Europe or the CCPA in California), you have the right to access the personal data we hold about you, correct it, export it, or have it deleted, and to object to certain processing. We honor these requests regardless of where you are — just email [email protected] and we'll take care of it. We won't make you jump through hoops or charge you for it.

Children

LeadFnF is a business tool meant for adults. The app and service aren't directed at children, and we don't knowingly collect personal information from anyone under 16. If you believe a child has given us their data, email us and we'll remove it.

Changes to this policy

We'll update this page when our practices change, and we'll move the "last updated" date at the top. If a change is significant, we'll give you a heads-up by email or in the app rather than quietly editing the fine print.

Talk to us

Privacy questions, deletion requests, or just want to understand something better? We're happy to help.