Privacy Policy
Last updated: November 13, 2025
1. Data Controller
RoyLead Srls
Via Belmonte 1, 71016 San Severo (FG)
P.IVA: IT04383570712
Email: [email protected]
2. Data Collected
When using the RoyLead platform, we collect the following categories of data:
- Registration data: First name, last name, email, password (encrypted)
- Profile data: Username, avatar, preferred language, timezone
- Workspace data: Workspace name, domains, landing pages, offers
- Tracking data: Clicks, conversions, leads (with explicit consent)
- Billing data: Stripe payment information (managed by Stripe Inc.)
- Technical data: IP address, user agent, system logs
2.1 OAuth and Social Login
We offer the option to register and login through third-party OAuth providers (Google, Meta/Facebook). When you use these options, we collect the following data directly from the providers:
- Google OAuth: Email (verified), first name, last name, profile photo, provider ID
- Meta/Facebook OAuth: Email, first name, last name, profile photo, provider ID
This data is provided according to the respective providers' privacy policies:
We do not store or have access to your OAuth provider passwords. Authentication occurs entirely on Google/Meta servers and we only receive authorized data.
3. Purposes of Processing
Data is processed for the following purposes:
- Providing RoyLead platform services
- Managing user accounts and workspaces
- Processing payments and billing
- Advertising campaign tracking and analytics (with consent)
- Service-related communications
- Security and fraud prevention
- Legal and tax compliance
4. Legal Basis
Data processing is based on:
- Contract performance: Data necessary to provide the service
- Consent: Analytics tracking and marketing (revocable at any time)
- Legal obligation: Tax and accounting data
- Legitimate interest: Security and fraud prevention
5. Data Sharing
Data may be shared with the following third-party service providers:
- Stripe Inc.: Payment processing (PCI-DSS compliant)
- Brevo (Sendinblue): Transactional email delivery
- Redis Cloud: Cache and job queue (EU data)
- AWS: Hosting and database (EU-Central-1 region)
5.1 Meta Ads Integration
If you choose to connect your Meta advertising account (Facebook/Instagram), we share data with Meta Platforms to help you manage and optimize your advertising campaigns. This includes:
- Data synced from Meta to RoyLead: Campaigns (ID, name, status, objective), Ad Sets (ID, name, status, budget), Advertising insights (spend, impressions, clicks, reach, CPC, CPM, CTR)
- Data sent from RoyLead to Meta (Conversions API): Conversion events (leads, purchases) only with your explicit consent
- Sync frequency: Every 24 hours for historical data, real-time for conversion events
- Legal basis: Explicit consent revocable at any time
Required Meta permissions:
ads_read- Read advertising campaign dataads_management- Manage advertising campaignsbusiness_management- Business Manager access
You can revoke Meta access at any time from workspace settings. Previously synced data will remain in your RoyLead workspace until manually deleted.
6. Data Retention
Data is retained for:
- Active accounts: For the duration of the service
- Tax data: 10 years (legal requirement)
- System logs: 90 days
- Deleted accounts: 30 days for backup, then complete deletion
7. User Rights (GDPR)
You have the right to:
- Access: Request a copy of your data
- Rectification: Correct inaccurate data
- Erasure: Request data deletion (right to be forgotten)
- Portability: Export your data in a readable format
- Objection: Object to marketing processing
- Withdraw consent: Revoke tracking consent at any time
To exercise your rights, contact: [email protected]
8. Cookies and Tracking
We use:
- Essential cookies: Authentication and functionality (always active)
- Analytics cookies: Only with explicit consent
- Pixel tracking: For advertising campaigns (configurable)
9. Security
We implement appropriate security measures:
- TLS/SSL encryption for all communications
- Password hashing with bcrypt
- Two-factor authentication available
- Audit logs for all sensitive operations
- Rate limiting and DDoS protection
10. Contact
For any privacy questions:
Email: [email protected]
Via Belmonte 1, 71016 San Severo (FG), Italy