Privacy Policy

MysticLeads ("we", "our", or "us") operates the website mysticleads.io and the MysticLeads software-as-a-service platform. This Privacy Policy explains how we collect, use, disclose, and protect your information when you use our service.

1. Information We Collect

Account information: When you create an account, we collect your email address and password (stored as a secure hash via Supabase Auth). If you complete your profile, we also collect your name, phone number, and country.

Purchase information: When you purchase through WarriorPlus or JVZoo, those platforms send us your email address and order details via their webhook (IPN) system. We do not process or store your payment card details — all payment processing is handled entirely by those third-party platforms.

Usage data: We log every search you run, including the niche searched, city searched, number of results returned, and credits used. This is used to calculate your usage and enforce plan limits.

Marketing consent: If you opt in to marketing communications, we record your email address, the date and time of consent, and your IP address at the time of consent.

Technical data: We collect standard web server logs including IP addresses, browser type, and access timestamps. This data is used for security monitoring and is deleted after 90 days.

2. How We Use Your Information

• To create and manage your account
• To grant access to the software based on your purchase
• To process and fulfil your order (credit grants, plan upgrades)
• To send transactional emails (account creation, purchase confirmation, credit alerts)
• To send marketing emails, if you have given explicit consent
• To provide customer support
• To detect and prevent fraud or abuse of the platform
• To improve the service and fix bugs
• To comply with legal obligations

3. Legal Basis for Processing (GDPR)

For users in the European Economic Area, we process your data on the following legal bases:

• Contract: Processing necessary to deliver the service you purchased
• Legitimate interests: Security monitoring, fraud prevention, service improvement
• Consent: Marketing emails (you may withdraw consent at any time)
• Legal obligation: Compliance with applicable laws

4. Third-Party Services

We use the following third-party services to operate MysticLeads:

• Supabase — database and authentication (EU data centre available). Privacy Policy
• Apify — data extraction infrastructure for lead generation. Privacy Policy
• Railway — server hosting. Privacy Policy
• Vercel — frontend hosting. Privacy Policy
• Resend — transactional email delivery. Privacy Policy
• WarriorPlus / JVZoo — payment processing. We receive limited purchase data from these platforms to fulfil your order.

We do not sell your personal data to any third party, ever.

5. Data Retention

We retain your account data for as long as your account is active. If you request account deletion, we will delete your personal information within 30 days, except where retention is required by law (for example, financial records may be retained for 7 years).

Search history logs are retained for 24 months and then automatically purged.

6. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

• Access: Request a copy of your personal data
• Correction: Request correction of inaccurate data
• Deletion: Request deletion of your account and personal data
• Portability: Request your data in a machine-readable format
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Unsubscribe from marketing emails at any time

To exercise any of these rights, email privacy@mysticleads.io. We will respond within 30 days.

7. Cookies

We use strictly necessary cookies for authentication (session management). We use analytics cookies only if you consent via our cookie banner. We do not use advertising cookies without your consent.

8. Security

We implement industry-standard security measures including encrypted connections (HTTPS/TLS), encrypted credential storage via Supabase Auth, and row-level security policies on our database. No method of transmission over the internet is 100% secure, and we cannot guarantee absolute security.

9. Children's Privacy

MysticLeads is not directed at children under 16. We do not knowingly collect personal data from anyone under 16. If you believe a minor has provided us with personal data, please contact us and we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify registered users by email of any material changes. Continued use of the service after changes are posted constitutes your acceptance of the updated policy.

11. Contact