Privacy Policy
Privacy Policy
Last updated: April 2, 2026
This Privacy Policy explains how GrayLeads collects, uses, stores, and discloses personal information when you use the public site, register a business, manage a workspace, run Google Maps lead searches, use AI features, or send communications through the platform.
Short version
GrayLeads is a business-focused CRM. The current codebase stores account, company, contact, communications, AI, task, and subscription data. It sends data to OpenAI, Google, Twilio, Brevo, and deployment-specific SMTP providers only to deliver platform functionality. No analytics SDKs, ad pixels, or direct payment-card collection were detected in the current repository.
1. Who operates GrayLeads
GrayLeads is operated in the current codebase context by SoftwareForge. The public site is configured for grayleads.com and is presented publicly as a partnership under SoftwareForge x Atriona Digital. Questions about privacy or data protection can be sent to contact@softwareforge.agency.
Partnership websites currently provided for public reference are SoftwareForge and Atriona Digital. The repository does not currently provide a separate Atriona Digital privacy contact for GrayLeads, so the contact address published here remains contact@softwareforge.agency.
If you access GrayLeads from Germany or elsewhere in Europe, read this Privacy Policy together with the Europe & GDPR Rights page and the Impressum. Those pages add the European, EU/EEA, and Germany-specific context that is relevant to the current repository.
2. Information GrayLeads collects
Information you provide directly
- Business registration details, including owner first name, owner last name, owner email, password, company name, industry, website, phone number, company email, company size, and company description.
- User and employee account details created inside a business workspace.
- CRM and contact-bank records, including contact names, business names, email addresses, phone numbers, websites, addresses, notes, lead status, and outreach history.
- Communications content and metadata, including email subject lines and bodies, SMS and WhatsApp messages, call logs, voicemail records, and related sender and recipient identifiers.
- AI prompts, conversation history, and generated responses created through GrayLeads AI features.
- Tasks, notes, daily focus data, and related business productivity records stored in the workspace.
Information collected automatically or from workflows
- Authentication state and workspace context saved in browser storage so users stay signed in and remain in the right company view.
- Server-side request data such as IP address, device or browser information, and timestamps that are typically generated when users access the application.
- Google Maps and scraping workflow inputs such as location queries, selected areas, place lookups, and search parameters used to request business data.
- Public website enrichment results, including public email addresses, social links, contact-page URLs, and other business contact details GrayLeads finds on publicly accessible web pages.
Information received from third parties
- Google account profile data when a user connects a Google sender account through OAuth.
- Google Maps and Places business data returned by Google APIs during search and enrichment workflows.
- Telephony and message delivery metadata returned by Twilio.
- Email delivery and campaign-status information returned by Brevo or the configured SMTP provider.
3. How GrayLeads uses information
- To create and administer accounts, companies, and approved business workspaces.
- To search, scrape, enrich, import, store, and organize business leads and contacts.
- To send and log email, SMS, WhatsApp, browser-call, and voice communications requested by users.
- To generate AI responses, insights, and drafts within the product.
- To manage subscriptions, credits, feature access, approvals, and administrative controls.
- To secure the platform, investigate abuse, troubleshoot failures, and enforce product policies.
- To comply with law, respond to valid legal process, and maintain appropriate business records.
4. AI processing
GrayLeads uses OpenAI for AI-powered chat, drafting, and CRM insights. When you use those features, your prompt and relevant workspace context are sent to OpenAI so the feature can respond. Do not submit sensitive personal data, payment-card data, medical information, or other highly confidential material to AI fields unless you have independently assessed that use.
- AI outputs can be wrong, incomplete, or outdated and should be reviewed by a human before use.
- GrayLeads does not state in the current codebase that it trains its own models on your prompts.
- AI conversations may be stored in the workspace so they can be shown back to users later.
5. Browser storage and cookies
GrayLeads primarily uses browser storage rather than first-party tracking cookies. The following items were detected in the codebase:
| Key or technology | Purpose | Essential |
|---|---|---|
| grayleads-auth | Persists signed-in user state, access token, refresh token, and business-mode workspace context. | Yes |
| omnilead-admin-sync | Synchronizes certain admin updates across browser tabs. | Yes |
| grayleads-cookie-consent | Stores the visitor's consent banner preference. | Yes |
| Google service cookies | May be set by Google when a user connects a Google sender account or interacts with Google Maps features. | No |
More detail is available in the Cookie Policy. Because no analytics or ad-tech SDKs were detected, GrayLeads does not currently describe any first-party marketing or analytics cookies of its own.
6. When GrayLeads shares information
GrayLeads does not sell personal information. It shares data only where needed to provide platform features, within a customer workspace, or when required by law.
- Within your own company workspace, including employees and administrators you authorize.
- With limited platform administrators when support, fraud prevention, approvals, or compliance reviews require access.
- With third-party providers that process data on GrayLeads' behalf.
- In connection with a merger, acquisition, financing, or asset sale, subject to standard confidentiality protections.
- When disclosure is required to comply with law, court orders, or lawful requests from public authorities.
| Service | Purpose | Data shared |
|---|---|---|
| OpenAI | AI chat, CRM insights, sales analysis, and email drafting. | User prompts, conversation text, and relevant CRM context the user asks GrayLeads AI to process. |
| Google Maps Platform | Maps rendering, Places search, geocoding, and Google Maps scraper workflows. | Search queries, typed locations, map coordinates, selected search areas, and business place lookups. |
| Google OAuth and Gmail APIs | Connecting Google sender accounts and sending email from the connected Gmail mailbox. | OAuth authorization data, sender profile data (email, name, picture), and Gmail send requests. |
| Twilio | Calling, browser calling tokens, SMS, WhatsApp messaging, webhooks, call logs, and voicemail handling. | Phone numbers, message bodies, call metadata, webhook payloads, and voicemail recording details. |
| Brevo | Approved custom-domain email delivery and email campaign creation. | Sender identities, recipient list identifiers, reply-to details, email subjects, and email content. |
| Deployment-specific SMTP relay | Fallback or platform-managed outbound email when SMTP mode is configured. | Sender and recipient email addresses, email subject lines, and message content.The exact SMTP provider varies by deployment because the codebase reads SMTP settings from environment or admin configuration. |
7. Legal bases for processing
Where GDPR or similar laws apply, GrayLeads generally relies on contract performance, legitimate interests, legal obligations, and consent, depending on the workflow involved. For visitors in the EU/EEA and Germany, this also works together with European ePrivacy rules and Germany's TDDDG rules for non-essential storage or similar access to device information.
- Contract: to create accounts, provide workspaces, maintain CRM records, and deliver communications and AI features.
- Legitimate interests: to secure the service, prevent abuse, improve reliability, and administer subscriptions and approvals.
- Legal obligations: to comply with lawful requests, retain required business records, and enforce compliance requirements.
- Consent: where consent is needed for optional browser storage or similar preferences.
8. Retention
GrayLeads retains personal information for as long as needed to operate the workspace, maintain communications history, support subscriptions and credits, resolve disputes, comply with legal obligations, and protect the service. The codebase does not expose one global retention timer for every record type, so retention may vary by data category, business contract, or legal requirement.
9. Security
GrayLeads uses authenticated API access, role-based business workspaces, hashed passwords, and provider-secured integrations. No system is perfectly secure, and you remain responsible for protecting your credentials and using the platform in a compliant way.
10. International transfers
GrayLeads and its providers may process data in countries other than your own, including the United States. This is especially relevant for OpenAI, Google, Twilio, and Brevo. For European users, these transfers may depend on provider-side data processing terms, adequacy decisions, standard contractual clauses, or similar safeguards made available by those providers. If you need additional information about cross-border transfers, contact contact@softwareforge.agency.
11. Your rights
Depending on where you live, you may have rights to access, correct, delete, restrict, object to, or port your personal information. GrayLeads also provides dedicated GDPR and California privacy pages.
- EU and EEA residents can review additional details on the Europe & GDPR Rights page.
- Users in Germany can review the same page for GDPR and supervisory-authority context, and the Impressum for operator disclosures currently present in the repository.
- California residents can review additional details on the California Privacy Rights page.
- GrayLeads does not sell personal information, and does not offer a sale opt-out because no sale was detected.
12. Children
GrayLeads is a business platform and is not directed to children. Do not use the service if you are not old enough to enter into a binding agreement in your jurisdiction.
13. Changes and contact
GrayLeads may update this Privacy Policy when product features, data practices, or legal requirements change. Material updates will be reflected by the date at the top of this page.
Privacy contact: contact@softwareforge.agency