Pop the Lead
Sign inStart free — no card
popthelead.com

Legal

Privacy policy

Last updated: April 25, 2026

What we collect

  • Account data: name, email, hashed password, plan.
  • Technical data: IP address at login and at API requests, user-agent, and approximate geo derived from IP, retained for security and abuse detection.
  • Usage data: popup configurations, A/B test results, embed events you create.
  • Subscriber data (on your behalf): emails, phone numbers, and metadata captured by your popups. You are the controller of this data; we are the processor.
  • Billing data: processed by Dodo Payments (our merchant of record). We never see or store your card number.
  • Cookies: session cookies for login. The embed widget uses a localStorage key for A/B variant assignment and frequency capping.

How we use it

  • To operate the Service and bill you.
  • To send transactional emails (verification, password reset, weekly digest).
  • To detect abuse and enforce rate limits.

We never sell your data or your subscribers' data.

Sub-processors

  • Supabase (PostgreSQL hosting)
  • Vercel (application hosting)
  • Dodo Payments (card payments / merchant of record)
  • Resend (transactional email)
  • Upstash (rate limiting / caching)
  • Google (OAuth sign-in, if you choose “Continue with Google”)
  • Klaviyo, Mailchimp (only if you connect them as integrations on your account)
  • Google Analytics, Meta Pixel (only after you accept analytics cookies)

Your rights (GDPR / CCPA)

You can export all your data, delete your account, or request a copy at any time:

  • Export: dashboard → settings → export data, or hit GET /api/account/export.
  • Delete: dashboard → settings → delete account, or DELETE /api/account/delete.

Retention

Account and usage data is retained while your account is active and for up to 30 days after deletion (for backups). Subscriber data is retained for as long as you keep the popup; you control retention.

Data controller and contact

The data controller for account data is Moksh Sethi (sole proprietor, d/b/a Pop the Lead), [address pending — contact us via the form], Bareilly, Uttar Pradesh, India.

Privacy questions: popthelead@gmail.com. Data subject requests (export, erasure, rectification) are answered within 30 days. You may also use the contact form.

Privacy Policy — Pop the Lead