← Back to Home

Privacy Policy

Last Updated: January 11, 2026

1. Introduction

Winningly Media LLC ("Company," "we," "us," or "our") respects your privacy and is committed to protecting your personal information. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Lead Generation Strategist platform (the "Service").

By using the Service, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree with this policy, please do not use our Service.

2. Information We Collect

2.1 Information You Provide Directly

Account Information:

  • Email address (required for account creation and authentication)
  • Password (encrypted and never stored in plain text) or Google OAuth credentials
  • Account preferences and settings

Brand Information:

  • Company name and business description
  • Industry and target audience details
  • Ideal Customer Avatar (ICA) information including demographics, psychographics, pain points
  • Products and services offered
  • Unique selling proposition and value proposition

Lead Generation Inputs:

  • Search criteria and filters for lead generation
  • Lead mode preferences (Clients vs Partners)
  • Custom search queries and industry specifications

Payment Information:

  • Payment card details (processed securely by Stripe; we do not store full card numbers)
  • Billing address
  • Transaction history

Communications:

  • Messages you send to our support team
  • Feedback and survey responses

2.2 Information Generated by the Service

Lead Data:

  • Names and business information of potential leads (sourced from public web data)
  • Contact information found through Google Search grounding
  • Lead qualification scores and relevance assessments
  • Pipeline status and engagement history

AI-Generated Content:

  • Engagement agendas (6-step and 5-step plans)
  • Outreach messages and scripts
  • Nurture diagnosis reports
  • Scale with Ads strategies

2.3 Information Collected Automatically

Usage Data:

  • Log data (IP address, browser type, device information, operating system)
  • Pages visited, features used, time spent on the Service
  • Lead generation requests and results
  • Error logs and performance data
  • API usage patterns

Usage Metrics:

  • Daily lead generation counts
  • Feature usage patterns (agents used, leads saved, exports)
  • Subscription tier usage

Cookies and Tracking Technologies:

  • Session cookies for authentication and maintaining login state
  • Analytics cookies to understand how you use the Service
  • Preference cookies to remember your settings

You can control cookie preferences through your browser settings, but disabling certain cookies may limit Service functionality.

2.4 Information from Third Parties

Authentication Services:

  • If you use Google OAuth through Firebase Authentication, we receive your email address and basic profile information

Payment Processor:

  • Stripe provides us with payment confirmation and transaction details (but not full card numbers)

Lead Data Sources:

  • Google Search Grounding provides real-time, publicly available information about potential leads

3. How We Use Your Information

We use the information we collect for the following purposes:

3.1 Service Delivery

  • Creating and managing your account
  • Processing your subscription payments
  • Generating AI-powered leads based on your brand information and search criteria
  • Creating engagement agendas, outreach content, and strategies
  • Storing and retrieving your leads and generated content
  • Enforcing daily usage limits based on your subscription plan
  • Providing customer support and responding to your inquiries

3.2 Service Improvement

  • Analyzing usage patterns to improve features and user experience
  • Identifying and fixing technical issues
  • Developing new features and functionality
  • Improving AI model accuracy (using anonymized data only)

3.3 Communication

  • Sending transactional emails (account creation, password resets, payment confirmations)
  • Sending service announcements and updates
  • Responding to your support requests
  • Sending marketing communications (with your consent; you may opt out at any time)

3.4 Legal and Security

  • Enforcing our Terms of Service
  • Detecting and preventing fraud, abuse, and security threats
  • Complying with legal obligations and responding to legal requests
  • Protecting our rights, property, and safety

4. How We Share Your Information

We do not sell your personal information. We share your information only in the following limited circumstances:

4.1 Service Providers

We share information with third-party vendors who help us operate the Service:

Google Cloud Platform (GCP):

  • Purpose: Cloud infrastructure, AI processing, and serverless compute
  • Data Shared: Brand profiles, search queries, generated content
  • Services Used:
    • Cloud Run (serverless compute)
    • Vertex AI with Gemini (AI-powered lead generation and content creation)
    • Google Search Grounding (real-time web search for lead discovery)
  • Privacy Policy: https://policies.google.com/privacy

Firebase (Google):

  • Purpose: Authentication and database storage
  • Data Shared: Account information, brand profiles, leads, generated content
  • Services Used:
    • Firebase Authentication (user authentication)
    • Firebase Firestore (NoSQL database)
  • Privacy Policy: https://firebase.google.com/support/privacy

Stripe:

  • Purpose: Payment processing
  • Data Shared: Payment card information, billing address, transaction details
  • Privacy Policy: https://stripe.com/privacy

4.2 Legal Requirements

We may disclose your information if required to do so by law or in response to:

  • Valid legal requests from government authorities
  • Court orders, subpoenas, or legal process
  • Protection of our rights, property, or safety
  • Enforcement of our Terms of Service
  • Prevention of fraud or security threats

4.3 Business Transfers

If we are involved in a merger, acquisition, asset sale, or bankruptcy, your information may be transferred as part of that transaction. We will notify you of any such change in ownership or control of your personal information.

4.4 With Your Consent

We may share your information with third parties when you explicitly consent to such sharing.

5. Data Retention

5.1 Account Data

We retain your account information for as long as your account is active.

5.2 Brand and Lead Data

Brand profiles and lead data are retained indefinitely while your account is active. They are permanently deleted within 30 days of account deletion.

5.3 Generated Content

  • Engagement Agendas: Stored with each lead until the lead is deleted
  • Outreach Content: Stored with each lead until the lead is deleted
  • Strategies: Retained until you delete them

5.4 Usage Records

  • Daily generation counts: Reset at midnight UTC
  • Rate limiting data: Short-term retention for service protection

5.5 Payment Records

Payment transaction records retained as required by financial regulations (typically 7 years).

5.6 System Logs

  • Application logs: 30 days
  • Security audit logs: 365+ days

5.7 After Account Deletion

When you delete your account:

  • Your brand profiles, leads, and generated content are permanently deleted within 30 days
  • We may retain certain information for legal or regulatory compliance purposes
  • Some data may be retained in system logs for up to 365 days for security purposes
  • Anonymized usage data may be retained for analytics and service improvement

6. Data Security

We implement industry-standard security measures to protect your information:

6.1 Technical Safeguards

  • Encryption in Transit: All data transmitted between your browser and our servers uses TLS/SSL encryption
  • Encryption at Rest: Sensitive data is encrypted when stored in Firebase Firestore
  • Access Controls: Firebase Security Rules limit data access to authorized users
  • Authentication Security: Firebase Authentication with secure token management
  • Infrastructure Security: GCP infrastructure with built-in DDoS protection, firewalls, and security monitoring

6.2 Organizational Safeguards

  • Regular security reviews and updates
  • Secure development practices
  • Incident response procedures for data breaches
  • Logging and monitoring of system access

6.3 No Guarantee

While we strive to protect your information, no method of transmission or storage is 100% secure. We cannot guarantee absolute security.

7. Your Privacy Rights

Depending on your location, you may have certain rights regarding your personal information:

7.1 Access and Portability

  • Right to Access: You can request a copy of the personal information we hold about you
  • Right to Data Portability: You can export your leads and data from the platform

7.2 Correction and Deletion

  • Right to Correct: You can update your account information at any time through your account settings
  • Right to Delete: You can delete leads, brand profiles, and request deletion of your account

7.3 Opt-Out Rights

  • Marketing Communications: Unsubscribe from marketing emails via the link in each email
  • Cookies: Control cookie preferences through your browser settings

7.4 California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act:

  • Right to know what personal information is collected, used, and shared
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of sale of personal information (we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

Categories of Personal Information Collected:

  • Identifiers (email address, IP address)
  • Commercial information (subscription history, payment records)
  • Internet activity (usage patterns, feature interactions)
  • Professional information (business details in brand profiles)
  • Inferences (AI-generated content based on your inputs)

To exercise these rights, contact us at: minnieg@winninglymedia.com

7.5 European Privacy Rights (GDPR)

If you are in the European Economic Area (EEA), you have rights under the General Data Protection Regulation:

  • Right to access your personal data
  • Right to rectification of inaccurate data
  • Right to erasure ("right to be forgotten")
  • Right to restrict processing
  • Right to data portability
  • Right to object to processing
  • Right to withdraw consent
  • Right to lodge a complaint with a supervisory authority

Legal Basis for Processing:

  • Contract Performance: Processing necessary to provide the Service
  • Legitimate Interest: Service improvement, security, and analytics
  • Consent: Marketing communications and optional features
  • Legal Obligation: Compliance with applicable laws

Data Controller: Winningly Media LLC

To exercise these rights, contact us at: minnieg@winninglymedia.com

8. International Data Transfers

The Service is hosted in the United States on Google Cloud Platform. All data processing occurs in the United States.

If you access the Service from outside the United States, your information will be transferred to, stored, and processed in the United States. The United States may have data protection laws that differ from those in your country. By using the Service, you consent to the transfer of your information to the United States.

For EEA Users: We rely on Standard Contractual Clauses or other approved transfer mechanisms to ensure adequate protection of your data.

9. Lead Data and Third-Party Privacy

Our Service generates leads using publicly available information found through Google Search. Important considerations:

9.1 Lead Information Sources

  • Lead data is sourced from publicly available web content
  • We use Google Search Grounding to find current, relevant information
  • We do not scrape private databases or purchase lead lists

9.2 Your Responsibility

  • You are responsible for how you use lead information
  • You must comply with applicable laws when contacting leads (CAN-SPAM, GDPR, etc.)
  • You should verify lead information before use

9.3 Lead Rights

Individuals whose information appears as leads have rights under applicable privacy laws. If a lead requests removal of their information from your account, you should honor that request.

10. Children's Privacy

The Service is not intended for users under 18 years of age. We do not knowingly collect personal information from children under 18.

If you are a parent or guardian and believe your child has provided us with personal information, please contact us at minnieg@winninglymedia.com. We will promptly delete such information from our systems.

11. Third-Party Links

The Service may contain links to third-party websites or services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing them with any information.

12. Do Not Track Signals

Some browsers offer a "Do Not Track" (DNT) signal. We do not currently respond to DNT signals because there is no industry-wide standard for how to interpret them.

13. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. If we make material changes:

  • We will notify you by email or through a prominent notice on the Service
  • The "Last Updated" date at the top of this policy will be revised
  • Your continued use of the Service after the effective date constitutes acceptance of the updated policy

We encourage you to review this Privacy Policy periodically.

14. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

Winningly Media LLC
Privacy Inquiries: minnieg@winninglymedia.com
Response Time: We will respond to your inquiry within 30 days (or as required by applicable law).

© 2026 Winningly Media LLC. All rights reserved.