This Privacy Policy explains how Leap Agentic LLC ("Company," "we," "us," or "our"), a Wyoming limited liability company located at 30 N Gould St, Ste N, Sheridan, WY 82801, collects, uses, shares, and protects information when you visit leapagentic.io (the "Site") or use our services. It also describes your rights under applicable privacy laws, including the EU General Data Protection Regulation ("GDPR"), the UK GDPR, and the California Consumer Privacy Act as amended by the California Privacy Rights Act (collectively "CCPA/CPRA").
Please read this Policy carefully. By using the Site or our services, you acknowledge the practices described here.
1. Who We Are and How to Contact Us
Data Controller (for website visitors and audit clients):
Leap Agentic LLC
30 N Gould St, Ste N
Sheridan, WY 82801
United States
Email: privacy@leapagentic.io
EU/UK Representative: Leap Agentic LLC does not have an establishment in the EU or UK and does not systematically or large-scale process personal data of EU/UK residents as a core business activity. Accordingly, we do not currently appoint an EU/UK representative under GDPR Article 27. If this assessment changes, we will appoint a representative and update this Policy.
For privacy-related inquiries, data subject requests, or complaints, contact: privacy@leapagentic.io
2. Information We Collect
We collect information in the following ways:
2.1 Information You Provide Directly
| Category | Examples | Context |
|---|---|---|
| Contact information | Name, email address, company name, job title | Audit booking, service inquiry, contact form |
| Account information | Email, company details, billing address | Service subscriptions |
| Project materials | Source code, repository URLs, system architecture docs | Expert Audit, Transformation, Factory |
| Payment information | Billing name, address, payment method details | Processed by Stripe — we do not store card numbers |
| Communications | Emails, messages, meeting transcripts | Correspondence with our team |
2.2 Information Collected Automatically
When you visit the Site, we may collect:
- Log data: IP address, browser type, operating system, referring URL, pages visited, and timestamps
- Device information: Device type, screen resolution, and language settings
- Usage data: Pages viewed, links clicked, and time spent on the Site
- Cookies and similar technologies: See Section 4 below
2.3 Information from Third Parties
We may receive information about you from:
- Calendly: When you book a call or audit debrief session, Calendly shares your name, email, and meeting details with us
- GitHub: If you share a repository URL for an audit, we access only the information you explicitly provide
- Stripe: We receive confirmation of payment status; we do not receive your full card details
- Referral sources: If someone refers you to us, we may receive your contact details from that third party
3. How We Use Your Information
We use the information we collect for the following purposes:
| Purpose | Legal Basis (GDPR) | Categories of Data Used |
|---|---|---|
| Providing and managing our services | Performance of a contract (Art. 6(1)(b)) | Contact info, project materials, account info |
| Processing payments | Performance of a contract (Art. 6(1)(b)) | Billing info (via Stripe) |
| Conducting Expert Audits | Performance of a contract (Art. 6(1)(b)) | Contact info, repository access, project materials |
| Communicating about your engagement | Performance of a contract (Art. 6(1)(b)) | Contact info, communications |
| Responding to inquiries | Legitimate interests (Art. 6(1)(f)) | Contact info, communications |
| Improving the Site and services | Legitimate interests (Art. 6(1)(f)) | Log data, usage data |
| Security and fraud prevention | Legitimate interests (Art. 6(1)(f)) | Log data, IP address, device info |
| Sending marketing communications | Consent (Art. 6(1)(a)) or Legitimate interests (Art. 6(1)(f)) for existing clients | Contact info |
| Legal compliance and record-keeping | Legal obligation (Art. 6(1)(c)) | All relevant categories |
| Enforcing our Terms of Service | Legitimate interests (Art. 6(1)(f)) | All relevant categories |
We do not sell your personal information. We do not use your personal data for automated decision-making that produces legal or similarly significant effects.
4. Cookies and Tracking Technologies
We use cookies and similar technologies on the Site. You can control cookies through your browser settings.
| Cookie Type | Purpose | Can You Opt Out? |
|---|---|---|
| Strictly necessary | Essential Site functionality (e.g., session management, security) | No — required for the Site to function |
| Analytics | Understanding how visitors use the Site (e.g., pages visited, time on site) — we use Vercel Analytics, which is cookieless and does not track individuals across sessions | No cookies set — no opt-out required |
| Functional | Remembering preferences (e.g., language, region) | Yes — via browser settings |
| Marketing/advertising | We do not currently use marketing or advertising cookies | N/A |
We use Vercel Analytics to collect anonymized, aggregate usage data about how visitors interact with the Site (pages viewed, referrer, device type). Vercel Analytics is designed to be privacy-friendly and does not use cookies or fingerprinting to track individual users across sessions.
We use CookieYes as our cookie consent management platform. CookieYes presents the cookie consent banner, records your consent preferences, and enforces those preferences across the Site.
For EU/UK visitors, we obtain your consent before placing non-essential cookies, in compliance with the ePrivacy Directive and GDPR. You may withdraw or update your consent at any time by clicking the cookie preferences link in the Site footer or via your browser settings.
5. How We Share Your Information
We do not sell or rent your personal information. We share information only as follows:
5.1 Service Providers (Sub-Processors)
We engage third-party vendors who process data on our behalf, subject to data processing agreements:
| Provider | Purpose | Location |
|---|---|---|
| Stripe, Inc. | Payment processing | United States |
| Calendly | Meeting scheduling | United States |
| Anthropic PBC | AI-assisted development tools (Claude Code) | United States |
| Amazon Web Services / Google Cloud | Cloud infrastructure | United States |
| Google LLC (Google Workspace) | Transactional and marketing email | United States |
| Vercel, Inc. | Website analytics (Vercel Analytics) | United States |
| CookieYes | Cookie consent management | EU / United States |
5.2 Business Transfers
If we are acquired, merged, or sell substantially all of our assets, your information may be transferred as part of that transaction. We will notify you before your information is transferred and becomes subject to a different privacy policy.
5.3 Legal Requirements
We may disclose information if required by law, regulation, court order, or government request, or if we believe disclosure is necessary to protect rights, property, or safety.
5.4 With Your Consent
We share information in other ways only with your explicit consent.
6. International Data Transfers
Leap Agentic LLC is based in the United States. If you are located in the European Economic Area ("EEA"), the United Kingdom ("UK"), or another jurisdiction with data transfer restrictions, your personal data will be transferred to and processed in the United States, which may not provide the same level of data protection as your home country.
We rely on the following safeguards for international transfers:
- EU Standard Contractual Clauses (SCCs): For transfers from the EEA, we use the Module One (Controller to Controller) SCCs adopted by European Commission Decision 2021/914 with our EEA-based service providers, and Module Two (Controller to Processor) SCCs with processors. Copies are available upon request at privacy@leapagentic.io.
- UK International Data Transfer Addendum: For transfers from the UK, we use the UK IDTA (version B1.0) issued by the UK Information Commissioner's Office.
By using our services from the EEA or UK, you acknowledge that your data will be processed in the United States subject to these safeguards.
7. Data Retention
We retain your personal data for as long as necessary to fulfill the purposes described in this Policy, unless a longer retention period is required by law.
| Data Category | Retention Period |
|---|---|
| Service client data | Duration of engagement + 7 years (tax/legal compliance) |
| Expert Audit materials | 2 years from audit completion |
| Contact and inquiry data | 2 years from last interaction |
| Billing and payment records | 7 years (tax and legal compliance) |
| Website log data | 12 months |
| Marketing consent records | Until consent is withdrawn + 3 years |
After the applicable retention period, we securely delete or anonymize your data.
8. Your Rights
8.1 Rights for EEA and UK Residents (GDPR / UK GDPR)
If you are in the EEA or UK, you have the following rights:
| Right | What it means |
|---|---|
| Access | Request a copy of the personal data we hold about you |
| Rectification | Request correction of inaccurate or incomplete data |
| Erasure ("right to be forgotten") | Request deletion of your data, subject to legal retention obligations |
| Restriction | Request that we restrict processing of your data in certain circumstances |
| Portability | Receive your data in a structured, machine-readable format |
| Objection | Object to processing based on legitimate interests or for direct marketing |
| Withdraw consent | Where processing is based on consent, withdraw it at any time without affecting prior processing |
| Lodge a complaint | File a complaint with your local data protection authority (see below) |
To exercise these rights, email privacy@leapagentic.io. We will respond within thirty (30) days. We may need to verify your identity before processing your request.
Supervisory authorities:
- EU: Your national data protection authority (list at edpb.europa.eu)
- UK: Information Commissioner's Office (ico.org.uk)
8.2 Rights for California Residents (CCPA/CPRA)
If you are a California resident, you have the following rights:
| Right | What it means |
|---|---|
| Know | Request disclosure of the categories and specific pieces of personal information we collect, use, disclose, and sell |
| Delete | Request deletion of your personal information, subject to exceptions |
| Correct | Request correction of inaccurate personal information |
| Opt out of sale or sharing | We do not sell or share your personal information as defined under the CCPA/CPRA |
| Limit use of sensitive personal information | We do not use sensitive personal information beyond what is necessary to provide services |
| Non-discrimination | We will not discriminate against you for exercising your rights |
To submit a California privacy request:
- Email: privacy@leapagentic.io
- Subject line: "California Privacy Request"
- We will respond within forty-five (45) days, with a one-time extension of an additional forty-five (45) days where reasonably necessary.
Authorized agent: You may designate an authorized agent to submit a request on your behalf by providing written authorization. We may require direct verification from you to confirm the agent's authority.
Do Not Sell or Share My Personal Information: We do not sell or share personal information. No opt-out mechanism is required, but you may contact us at privacy@leapagentic.io to confirm this.
8.3 Categories of Personal Information (CCPA Disclosure)
In the past twelve months, we have collected the following categories of personal information:
| CCPA Category | Examples | Sold/Shared? |
|---|---|---|
| Identifiers | Name, email, IP address, company name | No |
| Commercial information | Service subscriptions, transaction history | No |
| Internet/electronic activity | Browsing history on our Site, usage data | No |
| Professional information | Job title, company, GitHub URL | No |
| Communications | Emails, messages | No |
| Financial information | Billing name and address (card processing via Stripe) | No |
We do not collect sensitive personal information as defined by the CPRA (e.g., Social Security numbers, financial account credentials, biometric data, health data, precise geolocation) in the ordinary course of providing our services.
9. Children's Privacy
Our Site and services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you believe we have inadvertently collected such information, please contact us at privacy@leapagentic.io and we will promptly delete it.
10. Security
We implement appropriate technical and organizational measures to protect your personal information, including:
- Encryption of data in transit (TLS) and at rest
- Access controls limiting data access to authorized personnel
- Regular security assessments
- Incident response procedures
No method of transmission over the internet or electronic storage is completely secure. We cannot guarantee absolute security, but we take reasonable steps to protect your information and will notify you of any breach as required by applicable law.
11. Links to Third-Party Sites
Our Site contains links to third-party websites, including GitHub (github.com/safitudo), Calendly, and Stripe. We are not responsible for the privacy practices of those sites. We encourage you to review their privacy policies.
12. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated Policy on the Site with a revised "Last Updated" date and, for existing clients, by email at least thirty (30) days before the changes take effect. Your continued use of the Site or services after the effective date of any changes constitutes acceptance of the updated Policy.
13. Contact Us
For privacy-related questions, requests, or complaints:
Leap Agentic LLC
Attn: Privacy
30 N Gould St, Ste N
Sheridan, WY 82801
United States
Email: privacy@leapagentic.io
We will acknowledge your request within five (5) Business Days and respond fully within the timeframes specified in Section 8.