← Back to sign in

Privacy Policy

Effective date: May 30, 2026

Overview

LeadHaus ("we," "us," or "our") is committed to protecting the privacy of its users. This Privacy Policy explains what information we collect, how we use it, who we share it with, and the choices you have regarding your data.

LeadHaus is a CRM platform for mortgage loan officers, realtors, and their teams. Access is by invitation only — users cannot self-register.

1. Information We Collect

We collect information in three ways: information you provide directly, information generated by your use of the Service, and information from third-party integrations you choose to connect.

Information you provide:

CategoryExamples
Account dataName, email address, phone number, company name, professional title
Contact recordsNames, phone numbers, email addresses, and financial details of your leads, borrowers, and partner contacts that you enter into the CRM
CommunicationsEmails and SMS messages sent through the Service, call log notes, tasks, and document checklists
Business dataLoan amounts, estimated commissions, pipeline stages, lead sources, and referral partners
Drip campaignsEmail and SMS templates and automation sequences you create

Information generated automatically:

CategoryExamples
Email engagementOpen and click events on emails you send through the Service (tracked via pixel and link rewriting)
Usage dataWhich features you use, timestamps of actions, and rate-limit counters to prevent abuse
Audit logsRecords of administrative actions (inviting users, removing users, editing sponsor listings)

Information from third-party integrations (only if you connect them):

CategoryExamples
Google (Gmail)OAuth access and refresh tokens to send email on your behalf. We do not read or store the content of your inbox.
Google CalendarOAuth tokens to create and manage calendar events on your behalf.
Twilio (SMS)Your Twilio Account SID, Auth Token, and phone number to send and receive SMS messages.

2. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Send transactional emails (account invites, password resets)
  • Execute automated communications (drip campaigns, reminders) on your behalf
  • Generate reports and analytics visible only to you
  • Enforce rate limits and prevent abuse
  • Maintain an audit trail of administrative actions
  • Display sponsor advertising within the platform (sponsors do not receive your data)

We do not sell your personal data. We do not use your data to train AI or machine learning models. We do not use your clients' data for any purpose other than delivering the Service to you.

3. Data Storage and Security

Your data is stored in Supabase, a managed database platform hosted on AWS infrastructure. All data is encrypted at rest and in transit.

Third-party integration credentials (Gmail OAuth tokens, Twilio credentials) are stored using Supabase Vault, an encrypted secrets store. These credentials are never transmitted to your browser — they are only decrypted server-side when executing API calls on your behalf.

Row Level Security (RLS) is enforced at the database layer on every table, ensuring that authenticated users can only access their own data — not data belonging to other users.

While we take reasonable steps to protect your data, no system is completely secure. We encourage you to use a strong, unique password and to enable two-factor authentication within the Service.

4. Third-Party Service Providers

We work with a limited number of third-party providers necessary to operate the Service:

CategoryExamples
SupabaseDatabase, authentication, and file storage. Data is stored in US-based AWS data centers.
Resend / SMTP providerDelivery of transactional emails (invites, password resets). Email content is transmitted to their servers for delivery.
TwilioSMS sending and receiving (only if you connect your Twilio account).
GoogleGmail sending and Google Calendar sync (only if you connect your Google account).

These providers receive only the data necessary to perform their specific function. They are not permitted to use your data for their own purposes.

5. Sponsor Advertising

LeadHaus is offered free of charge to users. Costs are offset by sponsored listings displayed within the platform from businesses such as title companies, home services providers, and financial service companies.

Sponsors do not receive your personal data or your clients' data. Sponsors pay for visibility (ad placement) within the app. They cannot see who is viewing their listing, and their content cannot access your account or data.

6. Data Retention and Deletion

We retain your data for as long as your account is active. If your account is removed by an administrator, all of your data — including contacts, leads, tasks, emails, call logs, templates, and automation records — is automatically and permanently deleted from our systems via cascading database deletion.

To request deletion of your account and data, contact your account administrator or reach us at support@leadhaus.com. We will process deletion requests within 30 days.

Audit log records related to administrative actions (e.g., that an invite was sent) may be retained for a longer period for compliance and security purposes.

7. Your Rights

Depending on your location, you may have rights under applicable privacy law, including:

  • Access: request a copy of your personal data
  • Correction: request correction of inaccurate data
  • Deletion: request deletion of your account and data
  • Portability: request your data in a portable format
  • Objection: object to certain uses of your data

To exercise any of these rights, contact us at support@leadhaus.com. We do not discriminate against users who exercise their privacy rights.

8. Cookies and Local Storage

LeadHaus uses browser local storage (not third-party cookies) to persist your authentication session and UI preferences such as dark mode. We do not use third-party tracking cookies or advertising cookies.

Email open and click tracking is performed via a tracking pixel and link rewriting for emails you send through the Service, so you can see engagement from your own outreach. This only affects recipients of emails you send — not general visitors to the Service.

9. Children's Privacy

The Service is intended for use by business professionals and is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If you believe a minor has provided data to us, please contact us immediately.

10. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated by updating the effective date at the top of this page. Continued use of the Service after the updated date constitutes acceptance of the revised Policy.

11. SMS Communications

LeadHaus users may send SMS messages to their contacts through the Service using Twilio integration. The following disclosures apply to such messaging:

  • Users may receive SMS messages after submitting their phone number through a LeadHaus form, website form, Facebook/Instagram lead form, direct inquiry, or client intake process.
  • SMS messages may include real estate inquiries, mortgage inquiries, appointment reminders, follow-ups, transaction updates, loan status updates, and customer care.
  • Message frequency may vary.
  • Message and data rates may apply.
  • Users can opt out by replying STOP.
  • Users can reply HELP for assistance.
  • Consent to receive SMS messages is not a condition of purchase.
  • Mobile phone numbers and SMS opt-in consent data will not be shared, sold, rented, or disclosed to third parties or affiliates for marketing or promotional purposes.
  • SMS data may only be shared with service providers such as Twilio when necessary to deliver SMS messages on behalf of the LeadHaus user.

12. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us:

LeadHaus
support@leadhaus.com

Terms of Service · Sign In · LeadHaus · From Lead to Closing.