Privacy Policy

Effective Date: April 9, 2026  ·  Last updated: April 9, 2026

iQuelo Software Solutions ("iQuelo," "we," "us," or "our") is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard information when you use the iQuelo Lead Prospector platform (the "Service").

This Policy is governed by the laws of the State of Georgia, United States, and applicable U.S. federal law, including the Children's Online Privacy Protection Act (COPPA) and the CAN-SPAM Act. By using the Service, you agree to the terms of this Policy.

1. Information We Collect

1.1 Account & Registration Data: When you create an account, we collect your company name, administrator name, business email address, phone number, and billing address (where applicable).

1.2 Payment Information: Payment card data is collected and processed exclusively by Stripe, Inc. We do not store, transmit, or have access to full card numbers. We receive only non-sensitive billing identifiers (Stripe Customer ID, last-4 digits, card brand, expiration date) necessary to manage your subscription.

1.3 Lead & Business Data: Prospect information (names, companies, phone numbers, email addresses, physical addresses, and GPS coordinates) that you upload, import, or generate through the Platform. This data belongs to you; we process it only to provide the Service.

1.4 Usage & Activity Data: Log data including visit history, field check-ins, email campaign activity, AI scoring events, and feature interactions.

1.5 Technical Data: IP addresses, browser type, device identifiers, and approximate geolocation data used for security, route optimization, and service improvement.

1.6 Communications: Any messages you send us through our contact form or support channels.

2. How We Use Your Information

We use the information we collect to:

• Create and manage your account, authenticate users, and enforce role-based access control.
• Process subscription payments and send billing notifications (payment confirmations, renewal reminders, failed-payment alerts) via our payment processor, Stripe.
• Provide Platform features: lead management, visit planning, email automation, FPI scoring, and voice campaign execution.
• Send transactional emails you have explicitly requested (account activation, password reset, visit reminders).
• Detect, prevent, and respond to fraud, abuse, or security incidents.
• Comply with applicable legal obligations.
• Improve and develop the Service using aggregated, de-identified analytics.

We do not sell your personal information to third parties. We do not use your data for targeted advertising outside the Service.

3. Recurring Billing & Payment Data

By subscribing to the Service, you authorize iQuelo and Stripe to charge your payment method on a recurring monthly basis. Stripe stores and processes payment card data in accordance with PCI DSS Level 1 standards. Stripe's privacy practices are available at stripe.com/privacy. We retain billing records (invoices, payment history) for a minimum of 7 years as required by U.S. tax law.

4. Data Sharing & Third-Party Services

We disclose your information only in the following circumstances:

• Service Providers: Hosting (GoDaddy), email delivery (configured SMTP), payment processing (Stripe), and voice AI services (Vapi.ai). All service providers are bound by confidentiality agreements and may only process your data as necessary to perform services for us.
• Legal Requirements: When required by a valid court order, subpoena, government request, or applicable law, including cooperation with law enforcement under the laws of the State of Georgia and the United States.
• Business Transfer: In connection with a merger, acquisition, or sale of all or substantially all assets, your information may be transferred. We will notify you before your information becomes subject to a materially different privacy policy.
• With Your Consent: In any other circumstance where you have given explicit consent.

5. Data Retention

We retain your account and lead data for as long as your subscription is active. Upon account deletion or subscription cancellation, data is retained for 30 calendar days (during which you may request an export), after which it is permanently deleted or anonymized. Payment and billing records are retained for 7 years as required by law. Server logs are retained for 90 days.

6. Data Security

We implement industry-standard technical and organizational measures to protect your information, including:

• TLS/HTTPS encryption for all data in transit.
• Bcrypt password hashing (never stored in plaintext).
• Multi-tenant row-level data isolation (your data is never accessible to other customers).
• Role-based access control enforced at the application layer.
• Rate limiting and IP-based lockout for authentication endpoints.
• Automated security scanning and dependency updates.

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security, but we will notify affected users promptly in the event of a confirmed data breach.

7. Cookies & Tracking

The Platform uses only functional session cookies required for authentication and CSRF protection. We do not use tracking cookies, third-party analytics cookies, or advertising pixels. Our cookies expire at the end of your browser session or after 24 hours of inactivity.

8. Your Rights

You have the right to:

• Access: Request a copy of the personal data we hold about you.
• Correction: Request correction of inaccurate or incomplete data.
• Deletion: Request deletion of your personal data, subject to our legal retention obligations.
• Data Portability: Request an export of your lead and account data in a machine-readable format (CSV/JSON).
• Opt-Out of Communications: Unsubscribe from non-transactional emails at any time using the unsubscribe link in our emails.

To exercise any of these rights, contact us through our contact page. We will respond within 30 days.

9. Children's Privacy

The Service is intended exclusively for business use by persons aged 18 or older. We do not knowingly collect personal information from children under 13. If we discover that we have inadvertently collected such information, we will delete it immediately.

10. Georgia & U.S. Law Compliance

This Privacy Policy is designed to comply with the Georgia Fair Business Practices Act (O.C.G.A. § 10-1-390 et seq.), the CAN-SPAM Act (15 U.S.C. § 7701 et seq.), the FTC Act (15 U.S.C. § 45), and applicable FTC regulations including the Negative Option Rule (16 C.F.R. Part 425). We do not operate in the European Economic Area and do not claim compliance with GDPR.

11. Changes to This Policy

We may update this Privacy Policy periodically. We will provide at least 14 days' advance notice of material changes by email or a prominent notice within the Platform. The "Last updated" date at the top of this page reflects the current version. Your continued use of the Service after changes take effect constitutes acceptance of the updated Policy.

12. Contact Us

For privacy inquiries, data requests, or complaints:

• Contact Form: iquelo.com/contact
• Address: iQuelo Software Solutions, Georgia, United States