Privacy Policy

Effective date: September 3, 2025

This Privacy Policy explains how Leoparo ("Leoparo," "we," "our," or "us") collects, uses, discloses, and protects personal information when you use Leoparo (the "Service"), an AI assistant that lets you chat with your own applications and data—for example, to summarize or send emails on your behalf and answer questions about your documents. If you do not agree with this Policy, please do not use the Service.

1) Who we are & how to contact us

2) Scope

This Policy applies to personal information we process about:

  • End users of the Service (self‑serve customers and invited workspace members), and
  • Website visitors to leoparo.com and related pages.

If we process personal information on behalf of a business/enterprise customer under a separate Data Processing Addendum ("DPA"), the DPA governs.

3) Information we collect

What we collect depends on how you use the Service.

A. Account & identity data

Name, email, password (hashed), profile image, workspace/organization details, role/permissions, and single‑sign‑on/OAuth identifiers (e.g., provider user ID), plus authentication/audit logs.

B. Customer Content you provide or connect

  • Chats and prompts; files and documents you upload; data retrieved from connected integrations.
  • Connector access you authorize (e.g., Gmail/Google Workspace, Microsoft 365/Outlook, Google Drive, OneDrive/SharePoint, Slack, GitHub, Notion, Linear, HubSpot, Jira/Confluence, Dropbox, etc.), including OAuth tokens and minimal metadata needed to operate the integration (scopes, refresh tokens, expirations).
  • On‑your‑behalf actions (e.g., drafting/sending emails) and AI outputs (summaries, answers, drafts).

You control what Customer Content you upload or connect. We access third‑party accounts only with the scopes you grant and only to provide the features you use.

C. Usage & telemetry data

Device, browser, and OS information; IP address; language; timestamps; feature usage; event logs; performance metrics; approximate location (city/region) derived from IP.

D. Billing & commercial information

Subscription tier/limits/usage, transaction records (via our payment processor), invoicing details, VAT/Tax IDs where provided.

E. Cookies & similar technologies

We use strictly necessary cookies for authentication/session integrity and optional analytics cookies (see Cookie Notice below).

4) Sources of information

  • Directly from you (account creation, prompts, uploads).
  • From services you connect (via OAuth or API keys you provide).
  • Automatically through your device/browser.

5) How we use information (purposes) & legal bases

We use personal information to:

  1. Provide and operate the Service, including accessing/processing your connected data to answer questions, summarize content, and (if enabled) send emails on your behalf. (Legal basis: Contract; Legitimate Interests.)
  2. Maintain security, prevent abuse/fraud, investigate incidents, and enforce terms. (Legitimate Interests; Legal Obligation.)
  3. Improve the Service, including quality assurance, model evaluation, routing, and troubleshooting (using de‑identified or redacted telemetry where feasible). (Legitimate Interests; Consent where required.)
  4. Communicate with you, including service notifications, support, and product updates. (Contract; Legitimate Interests; Consent for marketing.)
  5. Process payments and manage subscriptions. (Contract; Legitimate Interests; Legal Obligation.)
  6. Comply with law and respond to lawful requests. (Legal Obligation.)

We do not sell personal information and we do not use your Customer Content to train foundation models, whether ours or third‑party, unless you give us explicit opt‑in consent to do so.

6) AI models & data handling

To generate responses, we may send minimal necessary portions of your prompts and relevant context (e.g., retrieved document snippets) to multiple AI model providers and/or run models we host. We apply access controls and data minimization.

  • Model providers: We may use a variety of reputable providers and/or self‑host open‑source models. The specific providers and regions may change for latency, performance, or reliability.
  • Training: Leoparo does not use your Customer Content to train any model. De‑identified telemetry may be used to improve reliability, safety, or routing.
  • Regionality: Where possible, we route inference in or near your region to reduce latency; exact location depends on provider availability.

See our Model & Sub‑processor List at leoparo.com/legal/subprocessors.

7) Integrations you connect (acting on your behalf)

When you connect a service (e.g., Gmail, Google Drive, Slack, GitHub, Notion, Linear, HubSpot, Outlook/OneDrive, Dropbox), the Service requests the minimum scopes required and uses them solely to perform the tasks you initiate or schedule (e.g., "summarize my inbox," "draft a reply," "answer about this document"). You can disconnect any integration at any time in Settings, and you can revoke access tokens from the third‑party provider's security page.

Gmail/Google Workspace — Limited Use Compliance

For Google data accessed via Gmail/Google APIs, Leoparo adheres to Google's Limited Use requirements: we only use the data to provide user‑facing features; we do not transfer data except as necessary to provide or improve such features; we do not use the data for advertising; and no humans read your Gmail content except with your consent, for security/abuse review, to comply with law, or to maintain/improve the Service where the data has been aggregated and de‑identified.

Document retrieval & embeddings

If you connect cloud storage or knowledge bases, we may create embeddings (vector representations) and metadata to enable retrieval. You can remove sources or disconnect an integration at any time. Doing so typically stops further access. Where technically feasible, we endeavor to remove derived indexes/embeddings linked to deleted sources; residual copies may persist in backups and system logs for a period consistent with security and operational needs.

8) Data retention

We retain personal information only for as long as necessary to operate the Service, meet security and fraud‑prevention needs, comply with law, and fulfill the purposes described in this Policy. Actual retention periods vary based on factors such as data category, user/admin settings, legal requirements, and technical constraints (e.g., backups and audit logs). When data is no longer needed, we delete, de‑identify, or aggregate it where reasonably possible. Some residual copies may remain in backups or archives for a time consistent with our security and business continuity practices.

We provide controls to remove content (e.g., deleting chats/files or disconnecting integrations). Deletions may not be immediate across all systems, and certain information may be retained to the extent required or permitted by law.

9) How we share information

We share personal information only with:

  • Service providers/sub‑processors (hosting, storage, vector databases, email delivery, analytics, support tooling, payment processing, and AI model providers) bound by contracts to protect your information and use it only per our instructions.
  • Third‑party services you connect, strictly per your authorization/scopes.
  • Affiliates under common control, subject to this Policy.
  • Authorities or other parties when required by law, to protect rights, or in connection with a merger, financing, or acquisition.

We do not share for third‑party advertising.

9A) Payments & Merchant of Record (Polar)

We use Polar as our Merchant of Record. Polar provides checkout, payment processing, tax compliance, and invoicing. When you purchase a subscription, your payment and tax data are processed by Polar as an independent data controller under its own privacy policy. We receive limited transaction metadata (e.g., product, price, status) to activate and manage your subscription. For billing questions, you can also contact Polar via the links on your receipt.

10) International data transfers

We operate globally and may transfer personal information to countries with different data‑protection laws. Where required, we use appropriate safeguards such as Standard Contractual Clauses (SCCs) and the UK IDTA/Addendum.

11) Security

We implement administrative, technical, and physical safeguards designed to protect personal information, including:

  • Encryption in transit (TLS) and at rest; secret/token management.
  • Role‑based access controls and least‑privilege permissions.
  • Audit logging; regular backups; vendor due diligence.

No system is 100% secure. Keep your credentials confidential and notify us of any suspected unauthorized access.

12) Your rights & choices

Depending on your location, you may have rights to:

  • Access, correct, or delete personal information;
  • Port your data;
  • Object to or restrict certain processing;
  • Withdraw consent (where processing is based on consent);
  • Lodge a complaint with a supervisory authority.

Requests: Email support@leoparo.com. We may need to verify your identity. Workspace users should contact their admin for requests about data controlled by the workspace.

Marketing communications: Opt out anytime via the unsubscribe link or in Settings.

13) California & other regional notices

California residents (CCPA/CPRA) have rights to know, delete, correct, and opt out of sharing for cross‑context behavioral advertising (we do not do this). We do not sell personal information. We honor Global Privacy Control (GPC) where applicable.

Residents of other jurisdictions (e.g., Brazil LGPD, Canada PIPEDA, Australia Privacy Act) may have comparable rights.

14) Children's privacy

The Service is not intended for children under 13 (or the age required by your jurisdiction). We do not knowingly collect personal information from children. If you believe a child has provided us data, contact us so we can take appropriate action.

15) Processing on behalf of customers (DPA)

Where we act as a processor for business/enterprise customers, we do so under a DPA that includes SCCs where applicable. To obtain a copy or to sign our DPA, contact support@leoparo.com.

16) Sub‑processor list

We maintain a current list of sub‑processors (e.g., cloud hosting, vector DB, analytics, payments, support, and AI model providers) at leoparo.com/legal/subprocessors. You may subscribe to change notifications.

17) Changes to this Policy

We may update this Policy from time to time. We will post the updated Policy and update the "Effective date" above. For material changes, we will provide additional notice (e.g., email or in‑app notice). Your continued use of the Service after the effective date constitutes acceptance of the revised Policy.

18) Contact us

Questions or complaints about this Policy or our data practices? Email support@leoparo.com

Annex A: Cookie Notice (summary)

  • Strictly necessary: Session/auth cookies (first‑party). Required for the Service to function.
  • Preferences: Language/theme settings (first‑party). Optional.
  • Analytics: Product analytics/performance cookies (provider‑specific). You can opt out where required by law.
  • Functional/3rd‑party: Cookies set by embedded integrations (e.g., support widget). Controlled by those third parties.

For full details (including cookie names and durations), see leoparo.com/legal/cookies.

Annex B: AI & Integrations Details

Model Providers in use: Multiple model providers (and/or self‑hosted open‑source). Customer Content is not used for training.

Connected Apps supported: A wide range including (examples) Gmail/Google Workspace, Outlook/Microsoft 365, Google Drive, OneDrive/SharePoint, Slack, GitHub, Notion, Linear, HubSpot, Jira/Confluence, Dropbox.

Scopes requested (examples):

  • Gmail: read/draft/send scopes as needed for user‑initiated features (exact scope strings listed on the consent screen and our integrations page).
  • Drive/OneDrive: read‑only and file metadata scopes to index and retrieve documents.
  • Slack/GitHub/Notion/Linear/HubSpot/etc.: the minimal scopes required for the selected features.

Data at rest: Encrypted; secret management; per‑tenant access controls.

Data deletion controls: In‑app deletion for chats/files; admin bulk deletion; disconnecting an integration revokes tokens and deletes related indexes/embeddings.

Retention defaults: embeddings retained until source deletion.

Security contact: security@leoparo.com