Privacy Policy

Last updated: February 2026

LeapToward.AI protects your privacy in compliance with GDPR and applicable privacy laws. This policy is for informational purposes only and does not constitute legal advice.

Information We Collect

Account: Name, email, institution, role
Usage: Page views, feature usage, login timestamps
Technical: IP address (security), browser, device, OS

How We Use Your Information

We use your data to provide services, authenticate users, communicate updates, improve platform performance, and comply with legal obligations.

Cookies and Tracking

Essential (Always Active): Authentication tokens (sb-access-token, sb-refresh-token) and consent preference cookie (12-month expiration).

Non-Essential (Require Consent): Sentry error tracking and Session Replay with privacy masking for platform reliability.

Manage preferences at your consent settings. Withdrawing consent disables non-essential tracking while keeping your account functional.

Data Sharing

We do not sell personal data. Third-party processors: Supabase (authentication, database), Sentry (error monitoring, consent-only), Resend (transactional email). Each follows their privacy policies.

Your Rights

Under GDPR, you may:

Access, rectify, or erase your personal data
Restrict or object to processing
Request data portability (machine-readable format)
Withdraw consent via consent settings

Data Retention

Account data retained while active. Deleted within 90 days of account deletion (except legal retention). Consent records kept 5 years (GDPR Article 30).

Security

We use encryption (TLS/HTTPS, at rest), role-based access controls, security audits, and automatic session expiration. No storage method is 100% secure—use strong passwords and MFA.

Changes to This Policy

Material changes require re-consent via banner. We update the “Last updated” date and notify users when tracking practices change.

Contact Us

Entity: LeapToward.AI
Get in touch via our contact form