LeadTap™ is operated by Hurd Holdings LLC, a Minnesota limited liability company doing business as LeadTap ("LeadTap," "we," "us"). This Privacy Policy explains how we collect, use, share, and protect personal information when:
- You visit our website at leadtap.co or interact with our marketing pages
- You sign up for, subscribe to, or use our software platform as a business customer
- You text, call, chat, or otherwise communicate with a business that uses LeadTap to power its messaging
1. Who This Privacy Policy Applies To
This Policy describes our practices for three distinct groups of people. Where practices differ between groups, we say so:
- Website Visitors: Anyone visiting leadtap.co or its subpages.
- Customers: Business owners and their authorized users who subscribe to and use the LeadTap platform to operate their own messaging programs.
- End Users: Members of the public who interact with a Customer's business through LeadTap-powered messaging — for example, a homeowner who calls a Customer plumbing business and receives a text-back.
2. Controller vs. Processor — How LeadTap's Architecture Works
Important architectural disclosure. LeadTap operates on a "platform-and-sender" architecture. When a business signs up for LeadTap, they register their own legal entity, EIN, and brand information with telecommunications carriers. That business — not LeadTap — is the legal "sender" of all messages going out from their LeadTap account. From a privacy-law perspective, this means:
- For End User data (people who text or call into a Customer's business): the Customer is the data controller; LeadTap is the data processor acting on the Customer's behalf and on the Customer's instructions.
- For Customer data (information about the business owners themselves — their accounts, billing, login credentials): LeadTap is the controller.
- For Website Visitor data (analytics, cookies, etc., on leadtap.co): LeadTap is the controller.
If you are an End User and you want to exercise rights over information held about you in a Customer's LeadTap account (for example, you want it deleted), you should generally contact the business directly. We will support both the Customer and the End User in honoring valid requests.
3. Information We Collect
3.1 From Website Visitors
- IP address, browser type and version, device type, operating system, and similar technical information
- Pages visited, time spent, and referring URLs
- Cookies and similar tracking technologies (we use only essential cookies and basic analytics — see Section 12 for details)
- Information you submit via contact forms or signup forms (name, email, phone, business information)
3.2 From Customers
- Account information: your name, business name, EIN, business address, role, contact phone, contact email, login credentials
- Business profile and configuration information used to set up your LeadTap account, A2P 10DLC brand registration, and messaging templates
- Payment information: processed by Stripe; LeadTap does not store full card numbers (we receive a tokenized reference and last-4 digits only)
- Support communications between you and LeadTap
- Usage data about how you interact with the platform (logins, features used, error logs)
3.3 From End Users (Processed on Customer's Behalf)
When an End User interacts with a Customer's LeadTap-powered business, we process the following on the Customer's behalf:
- Phone number (received via inbound call caller ID, inbound SMS, or web form submission)
- Name (where provided)
- Email address (where provided)
- SMS message content sent to or from the Customer's LeadTap-issued phone number
- Chat widget conversations on Customer's website
- Inquiry details, service requests, addresses, and any other information voluntarily provided by the End User
- Conversation timestamps, opt-in/opt-out events, and consent records
- Carrier metadata associated with messages (e.g., delivery status)
4. How We Use Information
4.1 To Operate the Platform
- Provide the Services Customers have subscribed to
- Provision phone numbers, register A2P 10DLC brands, and configure messaging workflows
- Deliver, route, and store messages between Customers and their End Users
- Process payments, manage subscriptions, send billing communications
- Authenticate Customer logins and protect against unauthorized access
- Provide customer support and troubleshoot issues
4.2 To Improve the Platform
- Diagnose technical issues and monitor system performance
- Analyze aggregated, de-identified usage trends to improve features
- Conduct security monitoring, fraud prevention, and abuse detection
4.3 To Comply with Legal Obligations
- Respond to lawful requests from government authorities
- Maintain records required by tax, accounting, telecommunications, and other regulations
- Maintain SMS opt-out records as required under the TCPA and FCC rules
- Cooperate with carriers and registry operators for A2P 10DLC compliance
4.4 What We Do NOT Use Personal Information For
We do not sell personal information. We do not rent, lease, or trade personal information. We do not share personal information with third parties for their independent marketing or advertising purposes. We do not target advertising based on End User message content. We do not build profiles of individuals for resale.
5. Automation, AI & Large Language Model Disclosure
5.1 Use of Automation
The LeadTap platform currently uses automated, template-driven systems to operate certain features:
- Missed-call text-back: When a Customer misses an inbound call, the platform automatically sends a pre-configured response based on Customer-defined templates.
- Automated workflows: Triggered messages (e.g., appointment reminders, review requests, win-back sequences) sent based on Customer-configured rules and timing.
- Chat widget responses: Initial replies in Customer chat widgets based on Customer-provided FAQs and templates.
5.1a Future Use of AI/LLM Features
Customers may, at their option, enable additional AI-powered features (such as GoHighLevel's "Conversation AI" agents) within their LeadTap account. When such features are enabled:
- AI-generated reply suggestions, automated bot responses, and content generation may be produced by underlying third-party large language models
- These AI features run through GoHighLevel's AI infrastructure. GoHighLevel publicly documents the use of OpenAI GPT models for certain AI features (including its workflow AI actions, where it expressly identifies the integration as "GPT Powered by OpenAI"). For Conversation AI specifically, GoHighLevel does not publicly disclose the exact underlying LLM or provider, and the provider may vary by feature and may change over time without notice from GoHighLevel
- Other providers (such as Anthropic Claude or Google Gemini) may also be used for certain features as offered or updated by GoHighLevel
- Conversation context (such as recent messages) is sent to the AI provider for the limited purpose of generating a response
If a Customer enables AI features, this Privacy Policy will continue to apply, and the Customer remains responsible for End User-facing AI disclosure where required by law (see Section 5.3).
5.2 LLM Training Disclosure
LeadTap does NOT collect, use, or sell personal information to train large language models or other AI systems. Conversations, messages, customer information, and End User data processed through the LeadTap platform are not used to train any AI or machine learning models — neither LeadTap's own models nor those of any third-party AI vendor we use to provide platform features. We have configured our AI vendor relationships (where possible by API and contract) to opt out of any data-retention or model-training programs.
5.3 Disclosure to End Users
Some U.S. state laws (for example, California's SB 243 effective January 1, 2026; Illinois HB 3021) require operators to disclose to consumers when they are interacting with an automated or AI system rather than a human. Customers using the LeadTap platform are responsible for determining and complying with disclosure requirements applicable to their End Users in their jurisdiction. LeadTap recommends that Customer messaging include language indicating that automated responses may be sent (e.g., "Replies may be automated. Reply HELP for help, STOP to opt out.").
5.4 No Automated Decision-Making with Legal Effect
The LeadTap platform does not make automated decisions about individuals that produce legal or similarly significant effects (such as housing, employment, credit, or insurance decisions). The Services are not designed for or intended to be used in such decision-making contexts.
6. SMS Messaging & Consent
6.1 Two Types of Messages
SMS messages sent through the LeadTap platform fall into two categories under the Telephone Consumer Protection Act (TCPA):
- Informational/Transactional Messages: Responses to End User-initiated inquiries (e.g., a text-back after the End User called the business), appointment reminders, booking confirmations, and similar non-promotional communications. These are sent based on the End User's prior express consent, generally inferred from the End User contacting the business.
- Marketing/Promotional Messages: Promotional offers, seasonal campaigns, win-back sequences, and other advertising content. These are sent only after the End User provides Prior Express Written Consent (PEWC) through a clear opt-in process operated by the Customer.
6.2 How an End User Opts In
If you are an End User, you may have opted in to receive SMS messages from a LeadTap-powered business by:
- Calling or texting the business's LeadTap-issued phone number (creates consent for responsive informational messages)
- Submitting a form on the business's website containing SMS opt-in language
- Replying YES (or similar affirmative) to a marketing opt-in request
- Providing your phone number during a transaction or inquiry with the business
6.3 How an End User Opts Out
You may opt out of SMS messages at any time by:
- Replying STOP to any message (other recognized keywords: UNSUBSCRIBE, CANCEL, END, QUIT, REVOKE, OPT OUT)
- Contacting the business directly
- Emailing privacy@leadtap.co with the phone number and business name
Per FCC rules effective April 11, 2025, opt-out requests are honored within 10 business days. After opt-out, you will receive at most one confirmation message and then no further messages from that business.
6.4 Frequency, Rates & Help
- Frequency: Message frequency varies by business and your interactions; typically between 1 and 10 messages per month.
- Rates: Message and data rates may apply per your wireless carrier's plan. Contact your carrier for details.
- Help: Reply HELP to any message, contact the business directly, or email hello@leadtap.co.
6.5 Consent Is Not a Condition of Purchase
Consent to receive SMS marketing messages is never a condition of purchasing any goods or services from a LeadTap-powered business.
7. Sub-Processors
To deliver the Services, LeadTap uses the following sub-processors. Each is contractually obligated to handle personal data only on our instructions and only for the limited purposes described:
| Sub-Processor | Purpose | Data Categories | Region |
|---|---|---|---|
| HighLevel, Inc. (GoHighLevel) | Underlying CRM platform; sub-account hosting; messaging infrastructure | Customer account data; End User contact records; conversation history | United States |
| Twilio Inc. / LC Phone | SMS and voice telephony; phone number provisioning; A2P 10DLC carrier registration | Phone numbers; message content; delivery metadata | United States |
| The Campaign Registry (TCR) | A2P 10DLC brand and campaign registration; carrier vetting | Customer business information (legal name, EIN, address, contact info) | United States |
| Stripe, Inc. | Payment processing for Customer subscriptions | Customer billing information; tokenized payment methods | United States |
| AI/LLM Providers (activated only when Customer enables AI features such as Conversation AI) | Generation of AI-powered automated responses, reply suggestions, content generation, and chat widget conversations when Customer enables AI features within their LeadTap account. | Conversation context (recent messages) sent to the model for response generation. AI features are routed through GoHighLevel's AI infrastructure. GoHighLevel publicly confirms use of OpenAI (GPT-3.5, GPT-4, GPT-4 Turbo, GPT-4o, GPT-4o Mini) for certain features such as workflow AI actions ("GPT Powered by OpenAI"). For Conversation AI specifically, GoHighLevel does not publicly disclose the exact underlying provider or model, and the provider may change over time. Other providers (e.g., Anthropic Claude, Google Gemini) may also be used for certain features. | United States |
| Google Workspace | Email hosting (hello@, legal@, privacy@ leadtap.co) | Email correspondence with Customers and the public | United States |
| Netlify | Web hosting for leadtap.co marketing site | Server logs; basic visitor analytics | United States |
This list may be updated as our infrastructure evolves. Material changes to sub-processors will be communicated to Customers with reasonable advance notice. Customers seeking a current sub-processor list or a Data Processing Agreement (DPA) may email privacy@leadtap.co.
8. Information Sharing
We share personal information only as follows:
- With the Customer business you contacted (for End User data): Your phone number, name, message content, and inquiry details are made available to the Customer business whose LeadTap-powered system you interacted with. The Customer is responsible for further use of that information consistent with their own privacy notice.
- With sub-processors: As listed in Section 7, solely for the purposes described.
- For legal compliance: When required by law, subpoena, court order, or other legal process, or to protect our rights, property, or safety, or that of our Customers, End Users, or the public.
- In a business transfer: If LeadTap is acquired, merged, or sells substantially all of its assets, personal information may be transferred to the successor as part of that transaction. Successors are bound by this Privacy Policy or a substantively similar one.
- With your consent: When you explicitly direct us to share information.
We do not sell personal information. SMS opt-in consent data is never shared with any third party for their own marketing purposes. End User information is never used for cross-business retargeting or profile-building.
9. Data Retention
We retain personal information for the following periods, after which we delete or anonymize it (subject to legal retention obligations):
- Customer account data: For the duration of the Customer's active subscription, plus seven (7) years for tax, accounting, and legal compliance.
- End User contact and conversation data: For the duration of the Customer's active subscription, plus ninety (90) days. Upon Customer cancellation, Customers may request a one-time export of their End User data within thirty (30) days.
- SMS opt-out records: Retained indefinitely to ensure ongoing compliance with opt-out requests under the TCPA.
- A2P 10DLC registration records: Retained as long as the Customer's brand registration is active, plus four (4) years (matching the TCPA statute of limitations).
- Payment and billing records: Retained for seven (7) years for tax and accounting purposes.
- Website analytics: Aggregated, de-identified analytics may be retained indefinitely; identifiable visitor logs are retained for up to thirteen (13) months.
End Users seeking deletion of their personal information should contact the Customer business directly. Where applicable law requires us to honor an End User deletion request directly (e.g., California residents — see Section 12), we will do so and notify the Customer.
10. Data Security
We implement commercially reasonable administrative, technical, and physical safeguards designed to protect personal information, including:
- Transport-layer encryption (TLS) for data in transit
- Encryption at rest in our underlying infrastructure (provided by GoHighLevel and other sub-processors)
- Role-based access controls and least-privilege principles for staff access
- Multi-factor authentication for administrative accounts
- Secure password storage using industry-standard hashing
- Regular security review of our sub-processors' compliance certifications (e.g., SOC 2 Type II for GoHighLevel and Stripe)
- Logging and monitoring for unauthorized access attempts
No system is perfectly secure. If we become aware of a data breach affecting your personal information, we will notify affected Customers and (where required) End Users in accordance with applicable law.
11. Your Privacy Rights
Depending on your location and the type of information involved, you may have the following rights:
- Access: Request a copy of the personal information we hold about you.
- Correction: Request correction of inaccurate or incomplete personal information.
- Deletion: Request deletion of your personal information, subject to our legal retention obligations.
- Portability: Receive your personal information in a portable, machine-readable format.
- Opt-out of SMS: Reply STOP to any message, or contact us as described in Section 6.3.
- Opt-out of cookies/analytics: Use your browser settings or applicable opt-out tools.
- Withdraw consent: Where we rely on consent, you may withdraw it at any time without affecting prior processing.
- Lodge a complaint: File a complaint with your local data protection authority.
To exercise your rights, email privacy@leadtap.co with details of your request. If you are an End User and your request concerns information held in a Customer's account, we will route the request to the Customer and assist as appropriate. We will respond within thirty (30) days, or as required by applicable law.
We do not discriminate against you for exercising your rights.
12. California Privacy Rights (CCPA/CPRA)
If you are a California resident, you have additional rights under the California Consumer Privacy Act (as amended by the California Privacy Rights Act). In addition to the rights listed in Section 11, you have the right to:
- Know the categories and specific pieces of personal information we have collected about you
- Know the categories of sources, purposes for collection, and categories of third parties with whom information is shared
- Opt out of the "sale" or "sharing" of personal information (we do not sell or share, as those terms are defined under California law)
- Limit the use of "sensitive personal information" (we generally do not collect sensitive personal information as defined by CCPA)
- Correct inaccurate personal information
- Designate an authorized agent to make requests on your behalf
- Equal service and price (no discrimination for exercising your rights)
12.1 Categories of Personal Information Collected
In the past 12 months, we have collected the following categories of personal information (as defined under CCPA): identifiers (name, phone, email, IP address); commercial information (subscription and transaction history); internet/network activity (interaction with our website and platform); geolocation (general location inferred from IP); and inferences drawn from the above for service operation.
12.2 "Shine the Light"
California Civil Code § 1798.83 permits California residents to request information about disclosures of personal information for direct marketing purposes. As stated, we do not share personal information with third parties for their direct marketing purposes.
12.3 How to Exercise California Rights
Email privacy@leadtap.co with subject line "California Privacy Request." We will verify your identity using information already on file before processing the request. We do not require you to create an account to make a request.
13. International Data Transfers
LeadTap is based in the United States and our sub-processors primarily operate in the United States. If you access or use the Services from outside the United States, your information will be transferred to, stored, and processed in the United States. By using the Services, you acknowledge such transfer.
If you are located in the European Economic Area, the United Kingdom, or another jurisdiction with cross-border transfer requirements, please contact privacy@leadtap.co for information about our transfer mechanisms (such as Standard Contractual Clauses).
14. Children's Privacy
The LeadTap Services are not directed to children under the age of 13 (or 16 in some jurisdictions), and we do not knowingly collect personal information from children. If we become aware that we have collected personal information from a child without parental consent, we will delete it promptly. Parents who believe their child has provided personal information to us should contact privacy@leadtap.co.
15. Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or business operations. When we make material changes, we will:
- Update the "Effective" date at the top of this Policy
- Provide reasonable advance notice (typically 30 days) to active Customers via email or in-product notice
- For non-material changes, update the Policy with a revised "Effective" date
Your continued use of the Services after the effective date of changes constitutes acceptance of the updated Policy.
16. Contact Us
Hurd Holdings LLC dba LeadTap™
Attention: Privacy
5808 Oaklawn Avenue
Edina, Minnesota 55424
United States
Privacy & data requests: privacy@leadtap.co
Legal/contracts: legal@leadtap.co
General inquiries: hello@leadtap.co
Web: leadtap.co
This Privacy Policy was last updated on May 9, 2026 (Version 2.0). For questions about specific provisions, contact privacy@leadtap.co. This Privacy Policy is provided for informational purposes and does not constitute legal advice.