Privacy Policy

Last updated: February 19, 2026

1. Introduction

FunnelLeaks, LLC ("FunnelLeaks," "we," "us," or "our") is committed to protecting your privacy. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use FunnelLeaks.app (the "Service"). By using the Service, you agree to the collection and use of information in accordance with this policy. This Privacy Policy should be read in conjunction with our Terms of Service and Cookie Policy.

2. Information We Collect

2.1 Information You Provide

When you create an account, we collect your email address, name (optional), and password (stored as a bcrypt hash). When you subscribe to a paid plan, payment information is collected and processed by Stripe, Inc. We do not store your credit card details. When you submit support tickets or contact forms, we collect the information you provide (name, email, message content). When you accept our Terms of Service, we record your acceptance along with the terms version, timestamp, IP address, and user agent.

2.2 Device and Technical Data

When you access the Service, we automatically collect detailed device and technical information including: IP address, browser type, name, and version (e.g., Chrome 120, Firefox 115), operating system and version (e.g., Windows 11, macOS 14), device type (desktop, tablet, or mobile), screen resolution and viewport size, preferred language settings, and timezone. This information is derived from your HTTP request headers (including the User-Agent string) and is used for security monitoring, fraud prevention, and service optimization.

2.3 Behavioral and Usage Data

We track and record how you interact with the Service, including: pages visited and the order in which you visit them, features and tools you use, timestamps and duration of each session, navigation patterns within the application, actions performed (such as creating funnels, viewing incidents, or managing integrations), and clickstream data on public pages. This behavioral data is collected through our internal analytics system using session identifiers stored in your browser's session storage. We use this data to understand usage patterns, improve the Service, and identify technical issues.

2.4 Monitoring Data

When you add URLs to monitor, we collect and store: HTTP response codes and headers, page load performance metrics, SSL certificate details and expiration dates, presence or absence of tracking pixels (Meta Pixel, Google Tag), form elements and their status, link status and redirect chains, DNS records and expiration dates, CDN availability status, cookie consent implementations, and UTM parameter preservation. This data relates to your monitored URLs, not to you personally.

2.5 Ad Platform Data

When you connect third-party advertising platforms (such as Google Ads or Meta Ads), we may collect and store: advertising account identifiers, campaign names and identifiers, campaign status (active, paused, etc.), and basic spend metrics. We store integration access tokens in encrypted form (AES-256-GCM). We do not access or store your ad creative content, audience targeting configurations, detailed billing information, or personal data of individuals targeted by your ads.

3. How We Use Your Information

  • Provide, operate, and maintain the Service including all monitoring and alerting features
  • Process your subscription and payments through Stripe
  • Send you service-related notifications (incident alerts, billing confirmations, system status updates)
  • Respond to your support requests and inquiries
  • Monitor and analyze usage patterns to improve the Service
  • Detect, prevent, and address technical issues, security threats, and fraudulent activity
  • Comply with legal obligations and enforce our Terms of Service
  • Generate anonymized, aggregated analytics about public page usage (no individual identification)
  • Execute automated actions on your connected advertising platforms (such as pausing campaigns when funnel failures are detected)
  • Maintain audit trails for security, compliance, and legal protection purposes
  • Parse device and browser information from User-Agent strings for security monitoring and administrative reporting

4. Automated Decision-Making

The Service uses automated processes to make decisions that may affect your advertising campaigns. When our monitoring system detects consecutive failures on a monitored URL (based on configurable thresholds), it may automatically pause associated ad campaigns on your connected advertising platforms. These decisions are based on objective, predefined criteria including the number of consecutive check failures, the severity of the detected issue, and the mapping between your monitored URLs and ad campaigns. You can review, override, or disable these automated actions at any time through your account settings. You have the right to request human review of any automated decision by contacting support@funnelleaks.app.

5. How We Share Your Information

5.1 Service Providers

We share information with the following categories of third-party service providers: Stripe, Inc. (payment processing -- receives your email, payment method, and transaction details), cloud infrastructure providers (hosting, data storage, and compute services), and advertising platforms (Google Ads, Meta Ads -- receives API commands to manage your campaigns when you connect these integrations). All third-party service providers are contractually obligated to protect your data and use it only for the purposes we specify.

5.2 No Sale of Data

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We do not share your monitoring data, behavioral data, or device data with advertisers or data brokers.

5.3 Legal Requirements

We may disclose your information if required to do so by law, regulation, legal process, or governmental request, or when we believe disclosure is necessary to protect our rights, your safety, or the safety of others.

6. Data Security

We implement industry-standard security measures including: 256-bit SSL/TLS encryption for all data in transit, bcrypt password hashing with 12 work-factor rounds, session-based authentication with secure cookie settings and PostgreSQL-backed session storage, CSRF protection on all state-changing endpoints, rate limiting on authentication and public endpoints, AES-256-GCM encryption for sensitive data at rest (such as ad platform integration tokens), IP-based access controls and blocking capabilities, and comprehensive audit logging of all security-relevant actions with IP addresses and device information.

7. Data Retention

7.1 Account Data

We retain your personal information for as long as your account is active or as needed to provide the Service. Upon account deletion, we will remove your personal data within 30 days, except where retention is required by law or for legitimate business purposes (e.g., fraud prevention).

7.2 Monitoring Data

Check run results are retained for 90 days. Incident records are retained for the duration of your account. Action logs (automated campaign actions) are retained for 180 days.

7.3 Audit and Legal Records

Audit logs including login records, account actions, and administrative changes are retained for 365 days. Terms acceptance records are retained indefinitely for legal compliance. Support ticket records and communications are retained indefinitely and are immutable (cannot be edited or deleted) for legal protection purposes.

7.4 Analytics Data

Internal page view analytics data (page path, referrer, session ID, IP address, user agent) is retained for the purpose of understanding public page traffic. This data may be purged periodically as part of routine data maintenance.

8. Your Rights

You have the right to: (a) access the personal information we hold about you; (b) request correction of inaccurate data; (c) request deletion of your personal data ("right to be forgotten"), subject to our legal retention obligations; (d) object to or restrict processing of your data; (e) request data portability in a machine-readable format; (f) withdraw consent at any time where processing is based on consent; (g) request human review of automated decisions affecting your ad campaigns; (h) obtain information about the logic involved in automated decision-making. To exercise these rights, contact us at legal@funnelleaks.app.

9. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA), including the right to know what personal information we collect (including device data, behavioral data, and ad platform data), the categories of sources from which it is collected, the business purpose for collecting it, the right to request deletion, and the right to opt out of the sale of personal information. We do not sell personal information. To make a CCPA request, contact legal@funnelleaks.app.

10. International Data Transfers

Our Service is hosted in the United States. If you access the Service from outside the United States, your information (including device data, behavioral data, and monitoring data) may be transferred to, stored, and processed in the United States. By using the Service, you consent to this transfer. We take appropriate measures to ensure your data is treated securely and in accordance with this Privacy Policy.

11. Children's Privacy

The Service is not intended for individuals under the age of 18. We do not knowingly collect personal information from children. If we learn that we have collected information from a child under 18, we will take steps to delete that information promptly. If you believe a child has provided us with personal information, please contact us at legal@funnelleaks.app.

12. Third-Party Links and Integrations

The Service may contain links to third-party websites or services. When you connect third-party advertising platforms, your use of those platforms is governed by their respective privacy policies and terms of service. We are not responsible for the privacy practices of Google Ads, Meta Ads, or any other third-party platform. We encourage you to review the privacy policies of any third-party services you use in conjunction with FunnelLeaks.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date. Material changes that affect how we collect device data, behavioral data, or interact with your ad platforms will be communicated via email. Your continued use of the Service after any changes constitutes acceptance of the updated policy.

14. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us at: FunnelLeaks, LLC. Email: legal@funnelleaks.app. Website: https://funnelleaks.app