Privacy Policy

Last updated: April 16, 2026

1. Introduction

At Leaom ("we," "our," or "us"), we respect your privacy and are committed to protecting your personal data. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

Leaom is a product operated by Roiyn.

2. Information We Collect

2.1 Information You Provide

Account Information: Name, email address, password, and profile information
Payment Information: Credit card details and billing information (processed securely by Paddle)
Content Data: Lead magnets (Notion templates, PDF guides, quizzes), landing pages, LinkedIn posts, carousels, images, and other content you create
Research Data: Topics, niches, and audience profiles used for AI-driven research sessions
Communication Data: Messages you send to our support team

2.2 Information We Collect Automatically

Usage Data: Pages visited, features used, time spent on the Service
Device Information: IP address, browser type, operating system, device identifiers
Analytics Data: Page views, conversions, lead capture events, LinkedIn post engagement metrics
Cookies and Similar Technologies: Session data, preferences, and authentication tokens

2.3 Information from Third Parties

Authentication Providers: Information from Clerk authentication service
Payment Processors: Transaction data from Paddle
LinkedIn: Profile information, organization data, and posting permissions when you connect your LinkedIn account via OAuth
Notion: Workspace information and page access when you connect your Notion account via OAuth
AI Services: Content generated through OpenAI API
Research Services: Web research data from Tavily API used to inform content generation

3. How We Use Your Information

We use your information to:

Provide, maintain, and improve the Service
Process your transactions and manage your subscription
Generate AI-powered lead magnets, including Notion templates, PDF guides, and interactive quizzes
Generate LinkedIn posts, AI images, and carousels for your lead magnet promotion
Publish content to your LinkedIn profile on your behalf when authorized
Export Notion templates to your connected Notion workspace
Conduct AI-driven research sessions to inform your content strategy
Generate and manage target audience profiles and personas
Host your landing pages and deliver lead magnets via email
Track landing page analytics, lead captures, and conversion metrics
Provide customer support and respond to your inquiries
Send you administrative information, updates, and security alerts
Detect, prevent, and address technical issues or fraudulent activity
Comply with legal obligations and enforce our Terms of Service

4. How We Share Your Information

We may share your information with:

4.1 Service Providers

Clerk: Authentication and user management
Paddle: Payment processing and subscription management
OpenAI: AI-powered content and image generation
Tavily: Real-time web research for content creation
LinkedIn: Post publishing, carousel sharing, and profile access (only when you explicitly connect your account)
Notion: Workspace integration and template delivery (only when you explicitly connect your account)
Resend: Email delivery service for lead magnet distribution
Cloudflare R2: File storage and hosting for PDFs, images, and generated assets
Vercel: Application hosting and infrastructure

4.2 Legal Requirements

We may disclose your information if required by law, court order, or government request, or to protect our rights, property, or safety.

4.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5. Third-Party Integrations

5.1 LinkedIn Integration

When you connect your LinkedIn account, we request the following permissions:

w_member_social: To publish posts, carousels, and images to your LinkedIn profile on your behalf
r_liteprofile / openid: To identify your account and display your profile information

We only post to LinkedIn when you explicitly initiate a publish action. We do not read your LinkedIn feed, messages, or connections. You can disconnect your LinkedIn account at any time from your settings.

5.2 Notion Integration

When you connect your Notion workspace, we request access to create and edit pages in the workspaces you authorize. We use this to:

Export generated Notion templates directly to your workspace
Deliver lead magnets to your leads' Notion workspaces (when applicable)
Track template views for analytics purposes

We do not access or read existing content in your Notion workspace. You can revoke access at any time from your Notion settings or Leaom settings.

6. Lead Data and End-User Privacy

When your visitors submit their email addresses through your landing pages:

You are the data controller for the lead information you collect
We act as a data processor on your behalf
You are responsible for obtaining proper consent from your leads
You must comply with applicable data protection laws (GDPR, CCPA, etc.)
You must provide appropriate privacy notices to your leads
Lead data is stored securely and only accessible to you
Lead magnet delivery emails are sent on your behalf through our email infrastructure

7. AI-Generated Content

Leaom uses AI services to generate content on your behalf. Regarding AI-generated content:

Your prompts and inputs are sent to OpenAI for content generation and are subject to OpenAI's data usage policies
Research queries are processed through Tavily's API for real-time web research
AI-generated images are created using OpenAI's image generation models
We do not use your content to train our own AI models
Generated content is stored in your account and is only accessible to you

8. Data Security

We implement appropriate technical and organizational measures to protect your data:

Encryption in transit (HTTPS/TLS) and at rest
Secure authentication with Clerk
OAuth 2.0 for LinkedIn and Notion integrations (we never store your third-party passwords)
Regular security audits and updates
Access controls and authentication requirements
Secure payment processing through PCI-compliant Paddle
Database backups and disaster recovery procedures

However, no method of transmission over the internet is 100% secure. While we strive to protect your data, we cannot guarantee absolute security.

9. Data Retention

We retain your information for as long as necessary to provide the Service and fulfill the purposes outlined in this Privacy Policy. When you cancel your account:

Your account data will be deleted within 30 days
Your content, lead data, and generated assets will be permanently deleted
LinkedIn and Notion OAuth tokens are immediately revoked
Backup copies may persist for up to 90 days
Transaction records may be retained for legal and tax purposes

10. Your Rights and Choices

Depending on your location, you may have the following rights:

Access: Request a copy of your personal data
Correction: Update or correct inaccurate data
Deletion: Request deletion of your data
Portability: Export your data in a machine-readable format
Objection: Object to certain data processing activities
Restriction: Request limitation of data processing
Withdraw Consent: Withdraw consent for data processing
Disconnect Integrations: Revoke LinkedIn or Notion access at any time

To exercise these rights, contact us at [email protected].

11. Cookies and Tracking Technologies

We use cookies and similar technologies to:

Maintain your session and keep you logged in
Remember your preferences and settings
Analyze usage patterns and improve the Service
Track landing page views and lead magnet conversions
Provide security and prevent fraud

You can control cookies through your browser settings, but disabling cookies may affect Service functionality.

12. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. We ensure appropriate safeguards are in place for international transfers, including:

Standard contractual clauses approved by regulatory authorities
Compliance with applicable data protection frameworks
Security measures to protect data during transfer

13. Children's Privacy

Our Service is not intended for children under 13 years of age. We do not knowingly collect personal information from children under 13. If you become aware that a child has provided us with personal data, please contact us, and we will delete such information.

14. Third-Party Links

The Service may contain links to third-party websites or services, including LinkedIn and Notion. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

15. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the Service. The "Last updated" date at the top indicates when this policy was last revised.

16. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

Right to know what personal information is collected, used, shared, or sold
Right to delete personal information
Right to opt-out of the sale of personal information (we do not sell your data)
Right to non-discrimination for exercising your privacy rights

17. European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation (GDPR), including those listed in Section 10. Our legal basis for processing your data includes:

Contract performance (providing the Service)
Legitimate interests (improving the Service, security)
Consent (marketing communications, third-party integrations)
Legal obligations (compliance with laws)

18. Contact Us

If you have questions about this Privacy Policy or our data practices, please contact us:

Email: [email protected]

For data protection inquiries: [email protected]