leapter-icon-only
Leapter
Contact
Try Leapter

Privacy Policy

Last updated: 12.06.2026

This Privacy Notice provides information on the collection, use, sharing and further processing of personal information by Leapter GmbH (in formation) (“Leapter”, “we” or “us”). Leapter takes the protection of your personal data very seriously and processes it confidentially and in compliance with applicable data protection laws, in particular the EU General Data Protection Regulation (“GDPR”). ‘Personal data’ means any information relating to an identified or identifiable natural person.

1. Data controller

Leapter GmbH (in formation)

Dichterweg 2, 99425 Weimar, Germany

Email: privacy@leapter.com

Data Protection Officer contact: privacy@leapter.com

2. Scope

This Privacy Notice applies in connection with your use of our website, application and online tools, social media, marketing, agreements and other means that link to it, your interactions with us during meetings or at Leapter events, and in connection with other sales, services, marketing and business-relationship activities with us.

3. Types and scope of data processing

We process the following categories of personal data:

  • Registration data, including email address, password, and optional name;

  • Usage data, such as login times, interaction data, and technical performance information;

  • User-submitted content (prompts) and AI-generated outputs;

  • Technical data, such as IP address and browser information.

The processing of your data serves the purposes of contract performance (Art. 6 (1) (b) GDPR), error correction and service improvement based on our legitimate interests (Art. 6 (1) (f) GDPR), as well as communication and support. Where required, we obtain your explicit consent (Art. 6 (1) (a) GDPR) for analytics and tracking.

4. Hosting and third-party processing

Our website is hosted on WordPress and hosted on AWS. User and application data are primarily stored with:

  • Amazon Web Services (AWS) EMEA SARL, Luxembourg;

  • Supabase Inc., primarily in European data centres including Germany.

We have concluded data processing agreements (DPAs) with all service providers pursuant to Art. 28 GDPR and implement appropriate technical and organisational measures to ensure data security. Transfers to third countries occur only with adequate safeguards such as standard contractual clauses or your prior consent.

5. AI service providers

To deliver our core services, we transmit your textual inputs (prompts) to the following AI providers:

  • OpenAI Ireland Ltd. / OpenAI L.L.C., USA;

  • Google Ireland Ltd. / Google LLC, USA.

This processing is performed based on contract execution. We do not use your data to train our own models. For further information on these providers’ data use, please consult their respective privacy statements. You may revoke your usage consent by deleting your account at any time.

6. CRM and contact management (HubSpot)

We use HubSpot (HubSpot Inc., USA) as our CRM platform to manage contacts, communications, marketing automation and support. HubSpot processes personal data including names, emails, company information and interaction records. Data may be stored in the EU or USA; transfers comply with GDPR via Standard Contractual Clauses, and a GDPR-compliant data processing agreement is in place. For details, see https://legal.hubspot.com/privacy-policy.

7. AI interaction monitoring (Langsmith)

We use Langsmith (LangChain Inc.) for analysis and monitoring of interactions with AI models. Data processed may include prompts, outputs, usage metadata and technical logs. Where applicable, data are processed in EU data centres; transfers outside the EU comply with GDPR via Standard Contractual Clauses, and a data processing agreement is in place. See https://www.langchain.com/privacy-policy for details.

8. Analytics and tracking

We employ the following analytics and tracking tools:

  • PostHog: product analytics and error troubleshooting using anonymised data;

  • Reo.dev and rb2b: B2B analytics tools for identifying and qualifying corporate site visitors based on IP and company profiles.

These tools operate under legitimate interests. Users may object to data processing via browser-level „Do Not Track“ settings. Consent is obtained where required.

9. Support and feedback

We use Userback Pty Ltd. (Australia) for handling bug reports and user feedback. Collected data include free texts, screenshots and technical metadata, stored for up to 24 months. Data protection is ensured via appropriate guarantees.

10. Data retention

In accordance with the principles of data minimisation (Art. 5 (1) (c) GDPR) and storage limitation (Art. 5 (1) (e) GDPR), personal data are stored only as long as necessary:

  • User accounts: until deletion;

  • Prompts and outputs: until user or account deletion;

  • Logs: up to 90 days;

  • Analytics data: 12–24 months, then deleted or aggregated.

 

11. Transfer and disclosure of personal data

In accordance with applicable data protection laws, we may transfer personal data to: affiliated entities; service providers and processors that provide IT or other services on our behalf (e.g. hosting, IT maintenance, support); customers, partners and suppliers; acquirers or parties interested in acquiring parts of the company; and courts, authorities, regulators and other parties in legal proceedings, where necessary to comply with the law or to establish, exercise or defend legal claims. Where recipients are in third countries without an adequate level of protection, we rely on appropriate safeguards such as EU standard contractual clauses, or another lawful basis.

12. User rights

You have the right to access, rectify, erase, restrict processing of, and port your personal data, to object to processing, and to withdraw consent at any time. To exercise these rights, please contact us at info@leapter.com.

You may also lodge a complaint with the competent data protection authority, which for Leapter is Thüringer Landesbeauftragter für den Datenschutz und die Informationsfreiheit (TLfDI).

13. Protection of minors

Our services are intended for users aged 16 or older. Persons under 16 may only submit personal data with parental consent. If we learn that personal data of a child under 16 has been improperly collected, we will take all reasonable steps to delete it.

14. Security

We implement appropriate technical and organisational security measures to protect your data against accidental or unlawful destruction, loss, alteration, unauthorised disclosure or access, in particular where processing involves transmission over a network. In the event of a personal data breach, we will make the necessary notifications as required under applicable laws.

15. Changes to this Privacy Notice

We reserve the right to modify this Privacy Notice to reflect legal or technical changes. Important updates will be communicated accordingly. The latest version posted on our website applies.

16. Documentation and data processing agreements

All processing activities are documented. Data processing agreements pursuant to Art. 28 GDPR exist with all third-party providers to ensure the security of your personal data.

17. Queries regarding data protection

For any queries regarding data protection, please email us at privacy@leapter.com.

18. Newsletter and double opt-in

You can subscribe to our newsletter to receive information about our products and services. The information you provide (mandatory: email address; optional: first name, last name) is used exclusively for this purpose on the basis of your consent (Art. 6 (1) (a) GDPR).

We use the double opt-in process: after you sign up, we send a confirmation email and only add you to the list once you confirm via the link in that email. This verifies that you are the owner of the email address provided. We record your consent and the confirmation.

You may revoke your consent at any time with future effect, using the unsubscribe link in every newsletter or by contacting us at marketing@leapter.com. The withdrawal does not affect the lawfulness of processing carried out before it.

19. Marketing communications

Where permitted by law or based on your consent, we send marketing communications about our products, services and events, including by email. These communications are managed via our CRM, HubSpot (see Section 6), which allows us to track whether messages are opened and which links are clicked in order to improve their relevance.

The legal basis is your consent (Art. 6 (1) (a) GDPR) or our legitimate interest in direct marketing (Art. 6 (1) (f) GDPR), as applicable. You may object to marketing at any time, free of charge, using the unsubscribe link in each message or by contacting info@leapter.com.

20. Online events

In connection with attendance at one of our online events we may process: contact information (full name, company name, job title, region, email address); information about your device and activities (device identifier, device type, browser and operating system, preferences such as time zone and language, and statistical data about participation, e.g. when you join and leave a session); and your video and/or audio if you actively participate and the feature is enabled.

We process this data to enable you to register and attend, to improve the content and quality of our events, and — where you have agreed or we are otherwise permitted — to send you marketing communications about our products, services and upcoming events. Legal basis: our legitimate interests (Art. 6 (1) (f) GDPR), performance of a contract (Art. 6 (1) (b) GDPR) and/or your consent (Art. 6 (1) (a) GDPR).