Privacy Policy

Last updated: May 6, 2026

LeadCognition helps teams turn public GitHub activity into account and developer intent signals. This policy explains what we collect, how we use it, and how to contact us about access, deletion, or opt-out requests.

This page is intended for product users, API/MCP users, marketplace reviewers, and people whose public developer profile information may appear in LeadCognition results.

Information We Collect

Account information: name, email, organization, authentication provider, role, plan, credits, and support/contact details.
Workspace information: tracked repositories, Discover sessions, selected domains, saved filters, exports, integration settings, and webhook subscription metadata.
Public GitHub activity: public repository, star, fork, issue, pull request, commit, contributor, organization, and event metadata used to infer developer or company intent.
Enriched contact fields: company, role, LinkedIn URL, work email, and related business contact fields when a customer unlocks or imports them through the product.
API and MCP usage: API key prefix, organization id, route/tool name, scope, status, request timing, rate-limit metadata, and audit events. We do not intentionally log raw API keys, OAuth tokens, or passwords.
Integration delivery metadata: Clay/webhook delivery status, destination host, event type, timestamps, retry status, and signing-secret metadata. Webhook secrets are shown once and are not returned in list responses.
Website and product analytics: page views, signup source, onboarding progress, feature usage, and diagnostic events through analytics and support tools.

How We Use Information

Provide GitHub signal intelligence, Discover sessions, lead/company ranking, MCP tools, REST API responses, and Clay-ready exports.
Authenticate users, enforce API/MCP scopes, prevent abuse, rate-limit requests, and keep an audit trail for security and billing.
Operate support, onboarding, troubleshooting, marketplace review, and customer-success workflows.
Improve product quality, docs, ranking logic, reliability, and security.
Attribute signups and usage by channel, including ChatGPT, Claude, Clay, Cursor, MCP directories, and direct API usage.

MCP, API, and Connector Data

LeadCognition exposes the same backend capabilities through the web app, MCP, REST API, ChatGPT Apps, Claude remote connectors, Cursor, Clay HTTP integrations, and webhook delivery. These clients do not bypass LeadCognition authorization. Requests must use a valid session, OAuth token, or organization API key with the required scope.

Read tools such as listing sessions or finding intent use `mcp:read`. Export and delivery tools such as Clay export and webhook send use `mcp:export`. A customer can revoke API keys and OAuth-derived tokens from the LeadCognition account surface.

Sharing and Processors

We share information with service providers that help us run the product, including hosting, database, authentication, analytics, support, payment, email, enrichment, and integration-delivery providers. Customers may also send LeadCognition rows to tools they configure, such as Clay, webhook.site, CRM systems, or custom webhooks.

We do not sell API keys, OAuth tokens, passwords, or webhook secrets. Customer-configured exports and webhooks are controlled by the customer and should be sent only to destinations they trust.

Retention

We retain account, workspace, billing, usage, audit, support, and integration records for as long as needed to operate LeadCognition, comply with legal obligations, resolve disputes, prevent abuse, and support customers. Product-specific defaults are documented in our MCP/API data-retention policy and may be shortened when data is no longer useful or legally required.

Security

LeadCognition stores API keys as hashes, scopes them to organizations, and returns raw API keys only at creation or activation time. Webhook signing secrets are returned only on creation. We use audit logs, rate limits, and scoped authorization to reduce misuse.

Your Choices

Customers can revoke API keys, disconnect integrations, and request account deletion.
People whose public developer data appears in results can request suppression or correction.
For developer-profile opt-out, use /privacy/opt-out.
For other privacy requests, contact [email protected].

Changes

We may update this policy as the product, MCP/API surfaces, integrations, or legal requirements change. The latest version will remain available at this URL.