LeoME Labs legal

Privacy Policy

This Privacy Policy explains how LeoME Labs Pvt Ltd. collects, uses, stores, shares, and protects personal data across the LeoME Labs website, dashboard, SupportAI/Maya widget, and AI workforce products.

Last updated: April 17, 2026

Draft legal template. This page is an operational privacy notice for an Indian startup and should be reviewed by counsel before production use. Fields marked "To be added before production" must be completed before launch.

1. Scope

This policy applies when you visit our public website, submit a contact form, interact with the SupportAI/Maya widget, use authenticated LeoME Labs dashboard features, run AI agent sessions, receive support, or use services provided by LeoME Labs. It is intended to provide a clear, purpose-based privacy notice aligned with India's Digital Personal Data Protection Act, 2023 style of notice.

2. Indian Startup / Data Fiduciary Details

Company / Data Fiduciary: LeoME Labs Pvt Ltd.
Country: India
Registered office: To be added before production
CIN / LLPIN: To be added before production
GSTIN: To be added before production
Privacy and grievance contact: contact@leomelabs.com

3. Personal Data We Process

Account and authentication data, including name, email address, user role, company or team association, invitation status, login metadata, and legal acceptance metadata.
Website and contact data, including contact form submissions, company name, role, selected interest, message content, Turnstile verification result, IP address, user agent, and timestamps.
Product and dashboard data, including agent configuration, team member access, end-user records, quotas, credits, session history, analytics, and admin activity.
SupportAI and Maya widget data, including visitor identifiers, page context, chat messages, escalation details, contact details provided during escalation, FAQs, uploaded knowledge-base content, and conversation status.
Voice and AI agent data where enabled, including session metadata, audio connection metadata, transcripts, prompts, evaluations, generated reports, document-analysis content, and operational logs.
Billing and commercial data where enabled, including plan, credit, invoice, payment, and transaction metadata. Payment card details are processed by payment providers and are not intended to be stored by LeoME Labs.
Technical and security data, including device/browser information, log data, API request metadata, abuse-prevention signals, error reports, and security events.

4. Purposes of Processing

Provide, operate, secure, and improve the LeoME Labs website, dashboard, SupportAI/Maya widget, and AI workforce products.
Create and manage accounts, authenticate users, administer teams, enforce role-based access, and provide customer support.
Run AI agent sessions, support conversations, voice interactions, document analysis, reports, scoring, and product analytics.
Process contact requests, demo requests, onboarding questions, escalations, billing, credits, invoices, and service communications.
Prevent abuse, verify form submissions, debug issues, protect infrastructure, enforce terms, and comply with applicable legal obligations.
Respond to privacy, withdrawal, correction, export, deletion, and grievance requests.

5. Legal Basis and Consent

We process personal data for lawful purposes, including providing services requested by you or your organisation, performing contracts, complying with legal obligations, protecting our systems, and using consent where required.

Where we rely on consent, you may withdraw it by contacting contact@leomelabs.com. Some features may stop working if the data needed to provide them can no longer be processed.

6. Processors and Service Providers

Provider	Purpose / data involved
Supabase	Authentication, database, storage, session/admin data, RLS-backed product data, and operational logs.
Cloudflare Turnstile	Contact form verification, bot prevention, and abuse reduction.
SupportAI Worker / Cloudflare Workers	Maya support widget chat, conversation routing, FAQ retrieval, and escalation flows.
Google Gemini	SupportAI FAQ repair and AI-assisted content processing where that feature is used.
Teil3 / Fly.io API	Voice and B2B agent sessions, quota, token, credit, and session data where enabled.
Stripe	Billing, checkout, invoices, payment status, and commercial transaction metadata where enabled.
LiveKit	Realtime audio transport, voice-session control, and connection metadata where enabled.

7. Retention

We retain personal data only for as long as needed for the purposes described in this policy, unless a longer period is required for legal, tax, accounting, security, dispute, or compliance reasons.

Account and company records are generally retained while an account or customer relationship remains active. Contact, support, conversation, session, analytics, and log records are retained according to product, support, security, and operational needs. Deleted data may remain in backups for a limited period before scheduled deletion.

8. International Transfers

LeoME Labs is based in India, and our products may use infrastructure or service providers located in India, the European Union, the United States, or other jurisdictions. Where personal data is transferred across borders, we use contractual, technical, and organisational safeguards appropriate to the service and applicable law.

9. Security

We use administrative, technical, and organisational safeguards designed to protect personal data from unauthorised access, alteration, disclosure, or loss. These include server-side secret handling, role-based access, Supabase RLS/server controls where used, bot verification for public forms, logging, and operational access controls. No online service can guarantee absolute security.

10. Children and Minors

LeoME Labs products are intended for business, professional, education, and training use. We do not knowingly target children for behavioural advertising or unnecessary tracking. If a feature is used by a child or person requiring guardian consent under applicable law, the responsible organisation or guardian must ensure valid consent and appropriate supervision.

11. Your Rights and Grievance Contact

Request a summary of personal data processed about you and the processing activities connected to it.
Request correction, completion, update, or erasure of personal data where applicable.
Withdraw consent where processing is based on consent. Withdrawal does not affect processing already completed before withdrawal.
Raise a privacy grievance through the contact listed in this policy.
Ask us to explain the processors or categories of processors used for your personal data, subject to security and legal limits.

To exercise privacy rights or raise a grievance, contact contact@leomelabs.com. We may need to verify your identity or authority before acting on a request.

12. Updates to This Policy

We may update this Privacy Policy as our products, service providers, legal obligations, or operating practices change. The updated version will be posted on this page with a revised last-updated date.