Privacy Policy — Lead Titan AI

1. Introduction and Governing Entity

Lead Titan AI (the "Service") is owned and operated by AtmosAI, Inc., doing business as Marketing Titan ("AtmosAI," "Company," "we," "us," or "our"). AtmosAI, Inc. is the parent entity and data controller responsible for Lead Titan AI and its suite of related products, including Marketing Titan and IT Titan. This Privacy Policy explains how we collect, use, store, disclose, and protect information in connection with your use of the Service, including through integrations with third-party platforms such as CRM systems, calendar scheduling tools, email delivery providers, and telecommunications infrastructure providers.

By creating an account or using the Service, you acknowledge that you have read and agree to this Privacy Policy. If you do not agree, discontinue use immediately.

We are committed to compliance with all applicable data protection, privacy, and consumer protection laws, including but not limited to:

Telephone Consumer Protection Act (TCPA), 47 U.S.C. § 227
CAN-SPAM Act, 15 U.S.C. § 7701 et seq.
California Consumer Privacy Act (CCPA) and California Privacy Rights Act (CPRA)
General Data Protection Regulation (GDPR) and UK GDPR
Canada's Anti-Spam Legislation (CASL)
Florida Telephone Solicitation Act (FTSA) and applicable state telemarketing laws
Federal Trade Commission Act (FTC Act), 15 U.S.C. § 45
Health Insurance Portability and Accountability Act (HIPAA), where applicable
Fair Debt Collection Practices Act (FDCPA), where applicable
Applicable state wiretapping, call recording, and consumer protection statutes

2. Information We Collect

2.1 Account and Identity Information

Full legal name, email address, company name, job title, and password (hashed and salted)
Legal entity name, state of incorporation, and business identifier (e.g., EIN), collected for compliance and fraud prevention
Billing contact information and payment details (processed securely by our payment processor; we do not store full card numbers)
Phone number for account verification and support purposes

2.2 Usage and Platform Activity Data

Pages visited, features accessed, search queries, lead exports, and interaction patterns
AI Caller session metadata, call logs, recordings and transcripts (where permitted by applicable law), sequence activity, campaign data, and outreach results
Browser type, operating system, IP address, device identifiers, and referring URLs
Time-stamped logs of consent attestations provided at signup and at feature activation

2.3 Integration and Connected Platform Data

When you connect third-party platforms to the Service, we may collect and process data through those integrations. The categories of integrations and associated data are as follows:

CRM Integrations: When you connect a customer relationship management (CRM) platform to the Service, we may access, sync, and write contact records, account data, activity logs, deal or pipeline data, and custom fields as authorized by your integration configuration. We act as a data processor with respect to CRM data and process it only on your instruction.

Calendar and Scheduling Integrations: When you connect a calendar or scheduling platform, we may access calendar availability, meeting data, event details, and attendee information to facilitate appointment booking, call scheduling, and follow-up sequencing through the Service. We access only the calendar data necessary to provide the scheduling features you enable.

Email Provider Integrations: When you connect an email account or email delivery provider to the Service, we may access, send, receive, and log emails on your behalf as part of outreach sequence automation. This includes send/delivery status, open and click tracking data, bounce data, and reply detection. We do not read or store the content of inbound emails beyond what is necessary to detect replies and manage sequences.

Transactional Email Delivery Providers: When you use the Service's email delivery infrastructure, your outreach emails are transmitted through third-party transactional email delivery providers operating under data processing agreements with AtmosAI. These providers process email content, recipient addresses, and delivery metadata on our behalf.

Telecommunications Providers: Voice calls, SMS messages, and phone number provisioning are facilitated through third-party telecommunications infrastructure providers with whom AtmosAI has an established ISV/reseller relationship. Call metadata, call recordings (where enabled), SMS content, and telephony logs may be transmitted through and stored by these providers in accordance with their own data processing terms.

Social and Professional Network Integrations: When you use professional network or social platform outreach features, we interact with those platforms on your behalf using your authenticated credentials or authorized API access. We access only the data and functionality necessary to execute outreach sequences and log activity.

2.4 B2B Lead Data

Lead Titan AI provides access to publicly available business contact information sourced from public records, company websites, professional networks, and licensed third-party data partners, for B2B sales and marketing purposes. We do not intentionally collect or provide consumer data for consumer marketing or telemarketing purposes. However, users acknowledge that:

B2B phone numbers, including mobile numbers belonging to business professionals, may be subject to TCPA protections regardless of their business-use context
Users are solely responsible for determining the legal basis for contacting any individual using platform data
AtmosAI does not warrant that any lead data has opted in to receive calls, texts, or emails from platform users

2.5 Communications and Outreach Activity Data

Call logs, recordings, and transcripts where recording is enabled and legally permissible
Email and SMS delivery status, open rates, click rates, reply detection, and engagement data
Outreach sequence activity, step completions, replies, and conversion events
Calendar meeting bookings, reschedules, and cancellations initiated through the Service
CRM activity entries created or synced through the Service
Opt-out, unsubscribe, and do-not-contact requests received through any outreach channel

2.6 Sensitive Information

We do not intentionally collect sensitive categories of personal data (e.g., health information, financial account details, government ID numbers) through the Service. If you or your clients process such data through integrations or outreach activities, you are solely responsible for compliance with applicable laws including HIPAA, GLBA, and PCI-DSS.

3. How We Use Your Information

To provision, operate, maintain, and improve the Service and its features
To provision telecommunications infrastructure (voice, SMS, and phone numbers) on your behalf through our telecommunications provider relationships
To facilitate CRM sync, calendar scheduling, and email delivery through your connected integrations
To support AI-generated voice calling, email, SMS, and social outreach sequence automation
To process subscription payments and manage billing
To send product updates, feature announcements, and optional marketing communications (with your consent)
To detect, investigate, and prevent fraud, abuse, policy violations, and security incidents
To enforce our Terms of Service and Acceptable Use Policy
To maintain records required for TCPA, CAN-SPAM, GDPR, CCPA, and other regulatory compliance
To respond to legal process, court orders, regulatory requests, and law enforcement demands
To conduct internal analytics and improve Service performance and data accuracy

4. Third-Party Integrations: Data Sharing and Processor Relationships

4.1 Categories of Sub-Processors and Integration Partners

To provide the Service, we share data with third-party service providers and integration partners operating as sub-processors or data processors under data processing agreements with AtmosAI. Categories include:

Payment processing providers: for subscription billing and transaction management
Cloud infrastructure and hosting providers: for secure storage, compute, and delivery of the Service
Telecommunications infrastructure providers: for voice call routing, SMS delivery, and phone number provisioning on our ISV/reseller arrangement
Transactional email delivery providers: for outbound email transmission and delivery tracking
CRM platforms: accessed through user-authorized integrations to sync contact and activity data
Calendar and scheduling platforms: accessed through user-authorized integrations for appointment booking and availability management
Email providers and inbox platforms: accessed through user-authorized OAuth connections for outreach sequence delivery and reply tracking
Analytics and monitoring providers: for platform performance, security, and usage analytics
Social and professional network platforms: accessed through user-authorized credentials or API access for outreach sequencing

4.2 OAuth and API-Based Integrations

Certain integrations (CRM, calendar, email inbox, social platforms) are connected by you via OAuth authorization or API key. By connecting a third-party platform, you authorize AtmosAI to access, use, and transmit data from that platform to the extent necessary to provide the integrated features you enable. You are responsible for reviewing the privacy policies and terms of service of any platform you connect. AtmosAI's access to connected platforms is limited to the scopes you authorize, and you may revoke access at any time through your account settings or the third-party platform's own authorization management.

4.3 Data Shared With Third Parties

We do not sell your personal information. We may share data in the following circumstances:

With sub-processors and integration partners as described in Section 4.1, operating under data processing agreements
With affiliated entities within the AtmosAI, Inc. family of products, including Marketing Titan and IT Titan, for operational, analytics, and product improvement purposes
In response to valid legal process, subpoenas, court orders, or regulatory demands
In connection with a merger, acquisition, reorganization, or sale of assets, provided the acquiring entity agrees to honor this Privacy Policy
With your explicit consent, for any other purpose

4.4 Third-Party Platform Responsibility

AtmosAI is not responsible for the privacy practices, data handling, security measures, or terms of any third-party platform you integrate with through the Service. Your use of connected platforms is governed by those platforms' own terms of service and privacy policies. We encourage you to review them carefully before connecting any integration.

5. B2B Lead Data and Outreach Compliance

5.1 Nature of Lead Data

Lead data provided through the Service is sourced from publicly available sources, professional networks, and licensed data partners for legitimate B2B sales and marketing purposes. We do not provide consumer data for consumer marketing or telemarketing purposes.

5.2 User Responsibility for Outreach Compliance

Users are solely responsible for ensuring their use of lead data and all outreach activities conducted through the Service — including through connected CRM, email, calendar, SMS, voice, and social integrations — comply with all applicable laws. AtmosAI does not obtain consent on behalf of users, does not perform DNC scrubbing unless explicitly offered as a feature, and does not warrant the legal suitability of any data for any specific outreach purpose.

5.3 TCPA and AI Voice Call Notice

Business phone numbers, including mobile numbers, may be subject to TCPA protection regardless of their business-use context. Users must independently verify that contacts have provided prior express written consent before placing any automated or AI-generated voice call or text message. Statutory damages under TCPA range from $500 to $1,500 per violation.

6. Telecommunications, Call Recording, and AI Disclosure

6.1 Telecommunications Infrastructure

Voice calls and SMS messages facilitated through the Service are transmitted through third-party telecommunications infrastructure providers with whom AtmosAI maintains an ISV/reseller relationship. Call and SMS data, including metadata, recordings (where enabled), and logs, may be processed and stored by these providers subject to their own terms and privacy policies.

6.2 Call Recording

If you enable call recording, you are solely responsible for complying with all applicable federal and state wiretapping, electronic surveillance, and call recording laws. Two-party or all-party consent is required in numerous states, including California, Florida, Illinois, Maryland, Massachusetts, Nevada, New Hampshire, Oregon, Pennsylvania, and Washington. You must configure appropriate disclosures and obtain required consents before recording any call.

6.3 AI Caller Identity Disclosure

Applicable state and federal regulations may require that AI-driven or automated callers identify themselves as such at the start of a call or communication. Users are responsible for configuring AI Caller features to comply with applicable disclosure requirements in all jurisdictions where they operate. AtmosAI recommends including an AI identification disclosure at the start of every AI-initiated call as a best practice, regardless of jurisdiction.

7. International Data Transfers

AtmosAI, Inc. is based in the United States. Data may be transferred to and processed in the United States and in other jurisdictions where our sub-processors and integration partners operate. For users in the European Economic Area (EEA) or United Kingdom, such transfers are made pursuant to applicable legal transfer mechanisms, including Standard Contractual Clauses (SCCs). Users in Canada are subject to applicable PIPEDA and provincial privacy law requirements.

If you require a Data Processing Agreement (DPA) for GDPR compliance, contact privacy@marketingtitan.ai.

8. HIPAA Notice

Lead Titan AI is not a HIPAA-covered entity by default, and the Service is not designed for use with Protected Health Information (PHI). If you are a HIPAA-covered entity or business associate and wish to use the Service in connection with PHI — including through connected CRM, email, or calendar integrations — you must execute a Business Associate Agreement (BAA) with AtmosAI prior to any such use. Contact legal@marketingtitan.ai to request a BAA.

9. Data Security

256-bit SSL/TLS encryption for data in transit across the Service and its integrations
Encryption of sensitive data at rest
SOC 2-aligned cloud infrastructure
Role-based access controls and principle of least privilege
Regular security audits, vulnerability assessments, and penetration testing
Incident response procedures with notification timelines consistent with applicable law

No method of electronic transmission or storage is 100% secure. We cannot guarantee absolute security of data transmitted through third-party integrations, which are subject to those providers' own security practices.

10. API Access and Data

AtmosAI makes an API available to users on eligible plans. When you access the Service via API:

API keys are treated as account credentials and are subject to the same security and confidentiality obligations as your login credentials
All data accessed through the API is subject to the same use restrictions, compliance obligations, and retention schedules as data accessed through the platform interface
API activity logs, including request timestamps, endpoints accessed, and data retrieved, are retained for 12 months for security, audit, and abuse prevention purposes
API keys are stored in hashed form and may be revoked by AtmosAI at any time in response to suspected abuse or security incidents
Data retrieved via the API may not be resold, redistributed, or used in violation of these policies or applicable law

11. Data Retention

Account data: retained while your account is active and for 30 days following deletion for recovery purposes
Integration access tokens and credentials: retained only while the integration is active; revoked tokens are deleted promptly
CRM sync logs and activity data: retained for 12 months
Call recordings and transcripts: retained for 12 months unless a different period is required by law or configured by you
Email, SMS, and outreach activity logs: retained for 12 months for analytics, compliance, and audit purposes
Calendar booking records: retained for 12 months
Consent records and opt-out/DNC logs: retained for a minimum of 5 years, or as required by applicable law
Billing and financial records: retained for 7 years per standard accounting and tax requirements

12. Your Privacy Rights

All Users

Access the personal data we hold about you
Request correction of inaccurate or incomplete data
Request deletion of your data, subject to legal retention obligations
Withdraw consent at any time, without affecting the lawfulness of prior processing

California Residents (CCPA/CPRA)

Right to know what personal information is collected, used, disclosed, or shared
Right to opt out of sale or sharing of personal information (we do not sell personal information)
Right to non-discrimination for exercising privacy rights
Right to correct inaccurate personal information
Right to limit use of sensitive personal information

EEA/UK Residents (GDPR/UK GDPR)

Right to data portability
Right to object to or restrict processing
Right to lodge a complaint with your applicable supervisory authority

To exercise any of these rights, contact privacy@marketingtitan.ai. We will respond within the timeframe required by applicable law (45 days under CCPA; 30 days under GDPR).

13. Cookies and Tracking Technologies

Essential cookies: required for authentication, session management, and core functionality
Analytics cookies: used to understand usage patterns and improve the Service (optional; manageable via browser settings)
Integration session tokens: used to maintain authenticated connections to third-party platforms you connect

We do not use cookies or tracking technologies for cross-site behavioral advertising.

14. Children's Privacy

The Service is not directed to individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that a minor has created an account or provided information, we will promptly delete that information and close the account.

15. Export Controls and Sanctions Compliance

The Service may not be used by individuals or entities subject to U.S. economic sanctions administered by the Office of Foreign Assets Control (OFAC). By using the Service, you represent that you are not located in, organized under the laws of, or subject to the jurisdiction of any sanctioned country or region, and that you are not listed on any U.S. government prohibited parties list.

16. Changes to This Policy

We may update this Privacy Policy periodically to reflect changes in our practices, integrations, technology, legal requirements, or business operations. We will notify you of material changes via email and a prominent notice on the Service no fewer than 14 days before the change takes effect. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

17. Contact and Data Protection Inquiries

AtmosAI, Inc. dba Marketing Titan
Privacy inquiries: privacy@marketingtitan.ai
Legal inquiries: legal@marketingtitan.ai
GDPR/DPA requests: privacy@marketingtitan.ai