LeadShield Privacy Policy

Effective Date: April 30, 2026 · Last Updated: April 30, 2026
App Name: LeadShield · Developer: Chaotically Organized AI
Contact: privacy@coaibakersfield.com

1. Overview

LeadShield is an Android application that automatically sends a customizable SMS reply when you miss a phone call. This Privacy Policy explains exactly what data the App accesses, how it is used, where it is stored, and your rights over it.

We collect the minimum data required to make the App work. We do not sell your data. We do not share your data with advertisers. We do not use your data for any purpose beyond providing the features described in this policy.

2. Data We Access and Why

2.1 Phone State (READ_PHONE_STATE)

Why we need it: This is the core function of the App. Without monitoring call state, the App cannot detect missed calls. This data is never transmitted off your device.

2.2 Call Log (READ_CALL_LOG)

Why we need it: To confirm that an incoming call was genuinely missed (versus answered) before sending an auto-reply. We do not copy, store, or upload your full call log.

2.3 Send SMS (SEND_SMS)

Why we need it:This is the App's primary function — sending your customized auto-reply message to callers you missed. We send exactly one SMS per missed call, to the number that called you, containing only the message you configured.

2.4 Contacts (READ_CONTACTS)

Why we need it:To display caller names in your reply history and to support the optional "Reply to Contacts Only" Spam Shield feature. Contacts access is optional and off by default.

2.5 Notifications (POST_NOTIFICATIONS)

Android requires foreground services to show a notification. This lets you see that LeadShield is actively monitoring.

2.6 Reply History Log (Local Storage Only)

Stores: caller phone number, caller name, message sent, timestamp. Maximum 20 entries. Stored only on your device. Never transmitted off your device on Free or Pro tiers.

2.7 Cloud Sync (Operator Tier Only)

Operator tier subscribers have anonymized lead and conversation data synced to a secure Supabase (Postgres) database hosted on AWS. This is required for the CRM dashboard feature. Phone numbers are hashed before transmission. You can disable sync in Settings at any time.

3. Data We Do NOT Collect

  • We do not record call audio or content
  • We do not access your microphone
  • We do not read incoming SMS messages
  • We do not access your camera, location, photos, or files
  • We do not track your activity across other apps
  • We do not use advertising SDKs
  • We do not sell or share your data with third parties for advertising

4. Data Storage and Security

On-device:All personal data is stored in Android DataStore and a local SQLite database protected by Android's application sandbox.

Cloud (Operator tier only): Data is transmitted over HTTPS (TLS 1.2 minimum) and stored in an encrypted Supabase database with Row-Level Security enabled. Access is restricted to the authenticated user and the developer.

5. Data Retention

DataWhereRetention
Reply historyLocal deviceMax 20 entries, auto-rotated
App settingsLocal deviceUntil app uninstall
Cloud sync dataSupabase (Operator only)90 days, then auto-purged

6. Third-Party Services

  • Google Play Billing — All subscription payments processed by Google. We receive only a purchase confirmation token.
  • Google Gemini AI (Operator tier) — AI conversation feature sends incoming message text to Gemini API. No personal identifiers included. Opt-in feature.
  • Supabase (Operator tier) — Secure Postgres database for CRM sync. Hosted on AWS. RLS-protected.

7. Children's Privacy

LeadShield is a business productivity tool for users 18 and older. We do not knowingly collect data from minors. Contact privacy@coaibakersfield.com if you believe a minor has used the App.

8. Your Rights

  • See your data — all data is visible within the App
  • Delete your data — clear history from within the App at any time
  • Opt out of cloud sync — disable in Settings (Operator tier)
  • Request full data deletion — email privacy@coaibakersfield.com with "Data Deletion Request" — processed within 30 days

9. California Residents (CCPA)

California residents have the right to know what personal information is collected, request deletion, and not be discriminated against for exercising privacy rights. We do not sell personal information. To make any CCPA request, contact privacy@coaibakersfield.com.

10. Changes to This Policy

We will update this policy when the App changes or law requires it. The "Last Updated" date at the top will reflect any changes.

11. Contact

Chaotically Organized AI
https://coaibakersfield.com
privacy@coaibakersfield.com

We respond to all privacy inquiries within 5 business days.