Privacy Policy

We collect only what we need to provide the service and improve it.

• Email address — captured naturally during your conversation with Paul, with your consent.
• Conversation transcript — the text of your session with the AI Change Lead, stored to send you a consultation summary and to improve the platform.
• Reference token — the source that brought you here (e.g. a campaign link or referral), used to open Paul's conversation contextually.
• Country / approximate location — derived from your IP address via ipapi.co, used only to localise Paul's email sign-off. We do not store your IP address.
• Consent record — whether you opted in to receive communications, and when.
• Account information — if you sign up: your name, email, organisation name, and role.

• To send you a consultation summary email after your session — if you gave consent.
• To provide the OnLead.ai platform and Paul's AI Change Lead capabilities.
• To personalise Paul's opening and responses based on your context.
• To improve the platform — Paul Human reviews anonymised conversation patterns.
• To contact you about your account, subscription, or platform updates.

We do not sell your data. We do not use your data for advertising. We do not share your data with third parties except as described in Section 4.

We collect your email address only after Paul asks for it naturally during conversation. A consent card then appears — you choose whether to opt in to receiving a consultation summary and occasional insights. If you decline, we do not send you anything.

You can withdraw consent at any time by emailing paul@onlead.ai. We will remove you from all communications within 48 hours.

We use the following third-party services to operate the platform:

• Supabase — database and authentication. Data stored in East US (North Virginia). Privacy policy →
• Vercel — platform hosting and deployment. Privacy policy →
• Anthropic — AI model powering Paul's intelligence. Conversation content is processed by Anthropic's API. Privacy policy →
• xAI — voice model powering Paul's voice. Audio is processed by xAI's API. Privacy policy →
• Resend — email delivery. Privacy policy →
• ipapi.co — country detection from IP address. Your IP is not stored by us. Privacy policy →

Your data is stored in Supabase (East US). We use industry-standard security practices including encrypted connections (HTTPS), server-side API key management, and role-based access controls. API keys are never exposed in client-side code.

No system is perfectly secure. If you have concerns about a specific piece of data, contact us and we will address it directly.

You have the right to:

• Access the personal data we hold about you.
• Correct inaccurate data.
• Delete your data — we will remove it within 30 days of your request.
• Withdraw consent for communications at any time.
• Object to processing of your data in certain circumstances.
• Data portability — receive your data in a structured, machine-readable format.

To exercise any of these rights, email paul@onlead.ai. We will respond within 30 days.

We use only essential cookies required for the platform to function (session management and authentication). We do not use advertising cookies, tracking cookies, or third-party analytics cookies.

OnLead.ai is an enterprise platform intended for professionals. We do not knowingly collect data from anyone under the age of 18. If you believe a minor has submitted data through this platform, contact us immediately.

We will update this policy as the platform evolves. When we make material changes, we will update the “Last updated” date at the top of this page. Continued use of the platform after changes constitutes acceptance of the revised policy.