🎉

Our Beta is Live! Install now to receive 200 free AI refinement credits.

lead

winnow

Terms of UsePrivacy PolicyLogin

LeadWinnow Privacy Policy

Last updated: November 18, 2025

This Privacy Policy explains how Harper AI, Inc. (“Harper AI,” “we,” “us,” or “our”) collects, uses, and shares information when you use LeadWinnow, including our website at https://www.leadwinnow.com (the “Site”) and our browser extension (collectively, the “Service”).

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, you should not use the Service.

1. Scope

This Privacy Policy applies to:

  • Visitors to our Site (https://www.leadwinnow.com);
  • Users of the LeadWinnow browser extension;
  • Registered users with a LeadWinnow account.

It does not apply to third-party services you use in conjunction with LeadWinnow, such as LinkedIn or LinkedIn Sales Navigator. Those services have their own privacy policies and practices, and we are not responsible for them.

2. Information We Collect

2.1 Information You Provide Directly

Account and profile information

When you create a LeadWinnow account or log in, we may collect:

  • Name;
  • Email address;
  • Profile image (for example, if you log in with a social login that provides a profile picture).

We use an authentication provider (such as Auth0) to handle sign-up and login. We do not store your password ourselves; your credentials are handled by our authentication provider.

AI prompts and content

When you use our AI refinement features or otherwise interact with the Service, we collect:

  • Prompts, queries, and other text you submit;
  • Output generated by the AI features in response to your inputs.

These prompts and outputs are linked to your account and may be stored on our servers.

Communications

If you contact us (for example, by email), we may collect:

  • Your name and email address;
  • The content of your message and any attachments;
  • Any other information you choose to provide.

2.2 Lead and LinkedIn-Related Data

When you use the LeadWinnow extension and features with LinkedIn Sales Navigator, we process data that is visible to you in your browser, including:

  • Lead and account metadata (e.g., names, job titles, company names, industries, locations, and similar fields);
  • Links/URLs to profiles or company pages;
  • Filters and criteria you apply;
  • Any notes, tags, or similar information you choose to enter via LeadWinnow.

When you use our refinement or AI features, we may store this lead/account data on our servers for:

  • Refining, filtering, and ranking leads;
  • Persisting your lists, outputs, and configurations;
  • Improving our Service and models (as described below).

We do not store your LinkedIn login credentials. We interact with pages and network requests available to you through your browser, but we do not store your LinkedIn username or password on our servers.

2.3 Payment and Billing Information

We use third-party payment processors (such as Stripe) to handle payments for Credits and other paid features.

  • When you make a payment, you provide payment card details and billing information directly to Stripe.
  • We do not store full payment card numbers or bank details.
  • Stripe may share limited billing-related information with us (such as transaction IDs, amounts, timestamps, and your name and email) so we can record your purchase and manage your account.

We rely on Stripe’s privacy practices for the payment processing portion of your data.

2.4 Cookies and Login Information

We use cookies and similar technologies on the Site to:

  • Keep you logged in and manage sessions;
  • Provide basic functionality (such as remembering your settings).

These may include:

  • First-party cookies set by LeadWinnow;
  • Cookies or similar identifiers set by our authentication provider (Auth0) and payment processor (Stripe).

At this time, we do not use third-party advertising or marketing cookies, and we do not run analytics tools such as Google Analytics.

2.5 Technical and Log Information

When you use the Service, our systems and underlying frameworks may automatically collect some technical information, such as:

  • IP address;
  • Browser type and version;
  • Operating system and device information;
  • Referring URL;
  • Date and time of access;
  • Basic server and application logs.

We currently do not actively aggregate or deeply analyze this data for analytics, but we may use it for:

  • Operating and securing the Service;
  • Debugging and troubleshooting;
  • Understanding general usage patterns at a high level.

We currently do not log detailed extension usage events (for example, “user clicked this specific feature on LinkedIn”).

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Providing and Operating the Service

  • Creating and managing your account;
  • Authenticating you when you log in;
  • Running the browser extension and Site;
  • Processing your lead/account data and prompts to refine and organize leads;
  • Enabling AI-powered features and generating outputs;
  • Storing your prompts, outputs, lead data, and settings so you can access them later.

3.2 Improving the Service and AI Models

We may use:

  • Your prompts, lead/account data processed by the Service, and AI outputs;
  • Technical/log information;

to:

  • Maintain, optimize, and improve the Service;
  • Train, fine-tune, and evaluate our models and algorithms;
  • Develop new features and functionality.

We may do this directly and/or using third-party AI/model providers (for example, Google) and infrastructure providers, which may process your data on our behalf. Where practical, we aim to use aggregated, de-identified, or pseudonymized data for these purposes.

3.3 Payments and Account Management

  • Processing payments for Credits and other paid features via Stripe;
  • Managing your purchases, Credits, and account status;
  • Sending purchase confirmations or receipts (which may also be sent directly by Stripe).

3.4 Communications

  • Sending transactional emails (e.g., account notices, security alerts, service notifications, and important changes to the Service or Terms);
  • Sending newsletters or product updates if you choose to receive them.

You can opt out of marketing or newsletter emails at any time by using the unsubscribe link in those emails or by contacting us at support@leadwinnow.com. We may still send you non-marketing messages (e.g., security alerts, important service notices).

3.5 Security, Fraud Prevention, and Legal Compliance

  • Protecting the Service, our users, and third parties from security threats, abuse, or misuse;
  • Detecting, investigating, and preventing fraud or other illegal activities;
  • Enforcing our Terms of Service and other agreements;
  • Complying with applicable laws, regulations, and legal processes.

4. Legal Bases for Processing (EEA/UK/Switzerland)

If you are located in the European Economic Area (EEA), the United Kingdom, or Switzerland, we process your personal data under the following legal bases:

  • Performance of a contract: To provide, operate, and maintain the Service, including account creation, processing your prompts and lead data, and delivering AI outputs.
  • Legitimate interests: To improve the Service, ensure security, prevent abuse, and communicate with you about the Service, where these interests are not overridden by your data-protection rights and interests.
  • Compliance with legal obligations: To comply with applicable laws, regulations, and legal requests.
  • Consent: Where required, for specific uses such as certain types of emails or cookies. You can withdraw consent at any time, where applicable, by contacting us or using available controls (such as unsubscribe links).

5. Cookies and Similar Technologies

We currently use cookies and local storage primarily for:

  • Authentication and session management;
  • Basic functionality and security.

These may be:

  • First-party cookies that we set directly (for example, to keep you logged in);
  • Third-party cookies or storage set by service providers like Auth0 and Stripe as part of authentication or payment flows.

We do not currently use cookies or similar technologies for:

  • Behavioral advertising;
  • Third-party analytics or remarketing.

You can control or delete cookies using your browser settings. Some features of the Service may not function properly if cookies are disabled.

If we add analytics, advertising, or other cookies in the future, we will update this Privacy Policy and, where required, seek your consent.

6. How We Share Your Information

We do not sell your personal information. We do not share your personal information with third parties for their own marketing purposes.

We may share your information in the following limited circumstances:

6.1 Service Providers

We share information with trusted third-party service providers who perform services on our behalf, such as:

  • Authentication (e.g., Auth0) – to manage login and account security;
  • Payment processing (e.g., Stripe) – to process payments and manage transactions;
  • Cloud hosting and infrastructure (e.g., Google Cloud or similar providers) – to host our servers and databases;
  • AI/model providers (e.g., Google AI and other third-party model providers) – to power AI-based features and improvements;
  • Email delivery (e.g., SendGrid) – to send transactional and optional newsletter emails.

These providers are allowed to use your information only as necessary to provide their services to us and are contractually required to protect it.

6.2 Aggregated or De-Identified Data

We may use and share aggregated, anonymized, or de-identified information that does not reasonably identify you or any individual. For example, we might share aggregated usage statistics to describe the overall performance or adoption of the Service.

6.3 Legal and Safety

We may disclose your information if we believe it is reasonably necessary to:

  • Comply with any applicable law, regulation, legal process, or government request;
  • Protect the rights, property, or safety of Harper AI, our users, or the public;
  • Enforce our Terms of Service or other agreements;
  • Detect, prevent, or address fraud, security, or technical issues.

6.4 Business Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, receivership, sale of assets, or transition of service to another provider, your information may be transferred as part of that transaction, subject to this Privacy Policy.

7. Data Retention

We retain personal data for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law. In general:

  • Account and profile data: We keep this while your account is active. If you request deletion of your account, we will delete or de-identify this information, subject to any legal obligations.
  • Lead/account data and AI prompts/outputs: We currently retain this data indefinitely while your account is active, unless you request account deletion or removal, in order to let you revisit your prompts, refinement results, and lists and to improve our service and models.
  • Billing and transaction records: We retain these for the period required for accounting, tax, and legal compliance (typically between 3 and 7 years, depending on jurisdiction and applicable law).
  • Logs and technical data: We retain logs for a limited period for security, debugging, and operational purposes, after which they are deleted or anonymized.

We may retain certain information for longer periods when necessary to comply with legal obligations, resolve disputes, or enforce our agreements.

8. Security

We take reasonable technical and organizational measures to protect your personal data, including:

  • Encryption in transit (e.g., HTTPS/TLS) to protect data as it travels between your device and our servers;
  • Access controls and least-privilege principles for internal access to systems and data;
  • Use of reputable infrastructure and service providers with their own security controls.

No method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

9. International Data Transfers

We are based in the United States, and your information may be processed and stored in the United States and other countries where we or our service providers operate.

If you are located outside the United States:

  • Your information may be transferred to, stored, and processed in a country that may not have the same level of data protection as your home jurisdiction.
  • Where required (e.g., for transfers from the EEA, UK, or Switzerland), we rely on appropriate safeguards such as standard contractual clauses or other lawful transfer mechanisms.

By using the Service, you consent to these international transfers to the extent permitted by applicable law.

10. Your Rights and Choices

10.1 General Rights

Depending on your location and applicable law, you may have some or all of the following rights:

  • Access: Request access to the personal data we hold about you;
  • Correction: Request that we correct inaccurate or incomplete personal data;
  • Deletion: Request that we delete personal data, subject to certain exceptions;
  • Restriction: Request that we restrict the processing of your personal data;
  • Portability: Request a copy of your personal data in a structured, commonly used, and machine-readable format;
  • Objection: Object to certain processing, including where we rely on legitimate interests;
  • Withdraw consent: Where processing is based on consent, withdraw that consent at any time.

To exercise any of these rights (where available), please contact us at:

support@leadwinnow.com

We may ask you to verify your identity before responding to your request. We will respond within a reasonable timeframe and in accordance with applicable law.

10.2 EEA/UK/Swiss Users

If you are in the EEA, UK, or Switzerland, you also have the right to lodge a complaint with your local data protection authority if you believe our processing of your personal data violates applicable law. We encourage you to contact us first so we can address your concerns.

10.3 California Residents (CCPA/CPRA)

If you are a California resident, the California Consumer Privacy Act (CCPA), as amended by the California Privacy Rights Act (CPRA), may provide you with specific rights regarding your personal information, including:

  • Right to know: You can request that we disclose the categories and specific pieces of personal information we have collected about you, the sources of that information, the purposes for which we use it, and the categories of third parties with whom we share it.
  • Right to delete: You can request that we delete personal information we have collected from you, subject to certain exceptions (for example, when we need the information to complete a transaction, detect security incidents, comply with legal obligations, etc.).
  • Right to correct: You can request that we correct inaccurate personal information.
  • Right to non-discrimination: We will not discriminate against you for exercising your CCPA/CPRA rights (for example, by denying goods/services, charging different prices, or providing different levels or quality of service solely because you exercised a right).

No sale or sharing of personal information

We do not sell personal information and do not share personal information for cross-context behavioral advertising as those terms are defined under the CCPA/CPRA.

To exercise your CCPA/CPRA rights, you can contact us at:

support@leadwinnow.com

We may need to verify your identity before fulfilling your request. You may also designate an authorized agent to make a request on your behalf, in which case we may require proof of authorization.

11. Children’s Privacy

The Service is intended for adults and is not directed to children under the age of 18. We do not knowingly collect personal data from children under 18. If we become aware that we have collected personal data from a child under 18, we will take steps to delete that information.

If you believe that a child under 18 has provided us with personal information, please contact us at support@leadwinnow.com.

12. “Do Not Track” Signals

Some browsers include a “Do Not Track” (DNT) feature that signals to websites you visit that you do not want your online activity tracked. There is currently no accepted standard for how to respond to DNT signals.

At this time, we do not respond to DNT signals. If standards for responding to DNT are established in the future, we may update this Privacy Policy to reflect our practices.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. When we do:

  • We will post the updated policy on this page; and
  • We will update the “Last updated” date at the top of this page.

We may also provide additional notice of material changes on the Site. Your continued use of the Service after any changes become effective will signify your acceptance of the updated Privacy Policy. If you do not agree to the updated policy, you should stop using the Service.

14. Contact Us

If you have any questions or concerns about this Privacy Policy or our privacy practices, or if you wish to exercise your rights, you can contact us at:

support@leadwinnow.com

We will do our best to address your inquiry promptly.