Privacy Policy

1. Controller Information

Leadilla is operated by Sanitify OÜ, Meistri 16, 135617, Tallinn, Estonia ("Sanitify", "we", "us", "our").

2. Scope of This Policy

This policy applies to personal data processed through:

1) our website pages;
2) Leadilla accounts and workspaces;
3) support and commercial communications.

3. Roles: Controller and Processor

When you create an account with us, communicate with us, or use our website, Sanitify generally acts as a data controller for that personal data.

When customers use Leadilla to process support workflow content that includes personal data, Sanitify typically acts as a data processor on the customer's behalf, and the customer is the controller for that processing.

4. Personal Data We Process

Depending on how Leadilla is used, we may process:

1) account and identity data (name, business email, role, organization);
2) billing and contract data (plan, invoices, transaction references);
3) support and communication data (messages sent to support or sales channels);
4) technical and usage data (log files, IP address, device/browser information, security events, service diagnostics);
5) customer workflow content uploaded or connected by customers (for example inbox messages and related metadata).

5. Purposes and Legal Bases (GDPR)

We process personal data for the following purposes and legal bases:

Service delivery and account administration (contract performance, Article 6(1)(b)).

Security, fraud prevention, and platform integrity (legitimate interests, Article 6(1)(f)).

Billing, tax, and legal compliance (legal obligation, Article 6(1)(c)).

Customer support and service communications (contract performance and legitimate interests, Article 6(1)(b) and 6(1)(f)).

Product improvement and analytics (legitimate interests, Article 6(1)(f), and consent where legally required).

6. Data Sources

We collect personal data directly from you, from your organization, from your use of Leadilla, and from integrations or third-party services you authorize.

7. Sharing and Recipients

We may share personal data with:

1) trusted service providers (hosting, security, analytics, payment processing, customer support tooling) under contractual confidentiality and data protection obligations;
2) professional advisers (legal, accounting, audit) where necessary;
3) authorities where required by law or to protect legal rights.

We do not sell personal data.

8. International Transfers

If personal data is transferred outside the EEA, we apply appropriate safeguards under applicable law, such as Standard Contractual Clauses and supplementary measures where required.

9. Data Retention

We retain personal data only as long as needed for the purposes above, including contractual, security, and legal requirements. Retention periods vary by data type, account status, and legal obligations.

When retention is no longer required, we delete or anonymize data according to our internal retention and deletion controls.

10. Security

We apply technical and organizational measures designed to protect personal data against unauthorized access, alteration, disclosure, or destruction. No method of transmission or storage is completely secure, but we continuously improve safeguards based on risk.

11. Cookies and Similar Technologies

Our website and services may use cookies or similar technologies for essential site operation, security, and performance. Where law requires consent for non-essential cookies, we apply consent controls.

12. Your Data Protection Rights

Subject to applicable law, you may have the right to request access, rectification, erasure, restriction, portability, and objection to certain processing. You may also withdraw consent where processing is based on consent.

If we process personal data as a processor for a customer, we will direct your request to the relevant customer controller where appropriate.

13. Complaints

If you believe your data protection rights were violated, you may lodge a complaint with your local supervisory authority. In Estonia, the supervisory authority is Andmekaitse Inspektsioon (Data Protection Inspectorate).

14. Children

Leadilla is intended for business use and is not directed to children.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be published on this page with an updated effective date.

16. Contact

Sanitify OÜ
Meistri 16, 135617, Tallinn, Estonia
Contact page: /pages/contact.html