top of page

Privacy Policy

Effective Date: November 2025

1. Data Controller

Leapter GmbH (in formation)  

Dichterweg 2, 99425 Weimar - Germany

Email: privacy@leapter.com  

Data Protection Officer contact: privacy@leapter.com

2. General Information on Data Protection

Leapter GmbH takes the protection of your personal data very seriously and processes such data confidentially and in compliance with the applicable data protection laws, in particular the EU General Data Protection Regulation (GDPR). Personal data means all information relating to an identified or identifiable natural person

3. Types and Scope of Data Processing

We process the following categories of personal

 

  • Registration data including email address, password, and optional name

  • Usage data such as login times, interaction data, and technical performance information

  • User-submitted content (prompts) and AI-generated outputs

  • Technical data such as IP address and browser information

 

The processing of your data serves the purposes of contract performance (Art. 6 (1) (b) GDPR), error correction, and service improvement based on our legitimate interests (Art. 6 (1) (f) GDPR), as well as communication and support. Where required, we obtain your explicit consent (Art. 6 (1) (a) GDPR) for analytics and tracking.

4. Hosting and Third-Party Processing

Our website is hosted by Wix.com Ltd., Israel, with server locations within the EU and the US. User and application data are primarily stored with:

 

  • Amazon Web Services (AWS) EMEA SARL, Luxembourg

  • Supabase Inc., primarily in European data centers including Germany

 

We have concluded data processing agreements (DPAs) with all service providers pursuant to Art. 28 GDPR and implement appropriate technical and organizational measures to ensure data security. Transfers to third countries occur only with adequate safeguards such as standard contractual clauses or your prior consent.

5. AI Service Providers

To deliver our core services, we transmit your textual inputs (prompts) to the following AI providers:

 

  • OpenAI Ireland Ltd. / OpenAI L.L.C., USA

  • Google Ireland Ltd. / Google LLC, USA

 

This processing is performed based on contract execution. We do not use your data to train our own models. For further information on these providers’ data use policies, please consult their respective privacy statements. You may revoke your usage consent by deleting your account at any time.

6. CRM and Contact Management (HubSpot)

We use HubSpot (HubSpot Inc., USA) as our CRM platform to manage contacts, communications, marketing automation, and support. HubSpot processes personal data including names, emails, company information, and interaction records.

 

Data may be stored in the EU or USA; transfers comply with GDPR via Standard Contractual Clauses. A GDPR-compliant data processing agreement is in place with HubSpot. For details, see https://legal.hubspot.com/privacy-policy.

7. AI Interaction Monitoring (Langsmith)

We utilize Langsmith (LangChain Inc.) for analysis and monitoring of interactions with AI models. Data processed may include prompts, outputs, usage metadata, and technical logs.

 

Where applicable, data are processed in EU data centers. Transfers outside the EU comply with GDPR via Standard Contractual Clauses. A data processing agreement is in place. See https://www.langchain.com/privacy-policy for details.

8. Analytics and Tracking

We employ the following analytics and tracking tools:

 

  • PostHog: For product analytics and error troubleshooting using anonymized data

  • Reo.dev and rb2b: B2B analytics tools for identifying and qualifying corporate site visitors based on IP and company profiles

 

These tools operate under legitimate interests. Users may object to data processing via browser-level "Do Not Track" settings. Consent is obtained where required.

9. Support and Feedback

We use Userback Pty Ltd. (Australia) for handling bug reports and user feedback. Collected data include free texts, screenshots, and technical metadata, stored up to 24 months. Data protection is ensured via appropriate guarantees.

10. Data Retention

Personal data are stored only as long as necessary:

 

- User accounts until deletion  

- Prompts and outputs until user or account deletion  

- Logs for up to 90 days  

- Analytics data for 12-24 months, then deleted or aggregated

11. User Rights

You have the right to access, rectify, erase, restrict processing, data portability, object to data processing, and withdraw consent at any time. To exercise these rights, please contact us at privacy@leapter.com.

12. Protection of Minors

Our services are intended for users aged 16 or older. Persons under 16 years may only submit personal data with parental consent.

13. Changes to This Privacy Policy

We reserve the right to modify this privacy policy to reflect legal or technical changes. Important updates will be communicated accordingly.

14. Documentation and Data Processing Agreements

All processing activities are documented. Data processing agreements pursuant to Art. 28 GDPR exist with all third-party providers to ensure the security of your personal data.

bottom of page