Privacy Policy

Effective: April 30, 2026  ·  Version 2.0

This Privacy Policy applies to the StingLeads website (stingleads.com), our mobile applications for iOS and Android, and all related services operated by StingLeads LLC. We use a single policy across web and mobile so the same protections and rights apply everywhere.

1. Who We Are

StingLeads LLC ("StingLeads," "we," "us") provides lead generation, appointment scheduling, and a marketplace where licensed home-service contractors purchase access to inbound homeowner appointment requests. We operate at stingleads.com and through our mobile apps.

2. Information We Collect

From Contractors (account holders):

  • Account info: Name, email address, password (hashed), business name, phone number, service area, service type.
  • Verification info: Contractor license number or LLC name (used to onboard and to comply with marketplace policies).
  • Payment info: Card details are collected and stored by Stripe, Inc.; we receive only a customer ID and last-4 / brand for our records.
  • App interaction: Which leads you view and reveal, jobs you mark Won/Lost/Quoted, balance top-ups, photos and notes you upload to your jobs.
  • Device info (mobile only): Push notification token (Expo / APNs / FCM), platform (iOS or Android), device name, app version. Used solely to deliver notifications and authenticate sessions.
  • Diagnostics: IP address, approximate region from IP, user-agent, timestamps. Used for security, fraud prevention, and to satisfy legal obligations.

About Homeowners (third-party data):

StingLeads contacts homeowners via SMS using lists compiled from publicly available and lawfully obtained data sources. A homeowner becomes part of our lead pipeline only after they reply and explicitly request a free quote - that reply is the homeowner's consent under the Telephone Consumer Protection Act (TCPA) and applicable state laws. We retain that opt-in record (timestamp, message content, source) for at least four years.

Once a homeowner has requested a quote, we collect and may share the following with the contractor who pays the lead fee: full name, mobile phone number, street address, requested service description, and the conversation summary. This data is shared only with verified contractors who have agreed to use it solely for the requested in-person job and not to resell, redistribute, or use it for unrelated marketing.

3. How We Use Information

  • To operate the StingLeads service: deliver leads, run the marketplace, process payments, send push and email notifications.
  • To verify contractor identity and prevent abuse, fraud, or stalkerware-style misuse of homeowner contact data.
  • To comply with legal obligations (tax records, TCPA recordkeeping, response to lawful subpoena).
  • To respond to support requests and to send transactional messages about your account.
  • To improve the service in aggregate (we do not use individual behavioral profiles for advertising).

We do not sell your personal information to advertisers. We do not use your data to train third-party AI models. We do not share mobile phone numbers or SMS opt-in records with any third party for marketing or promotional purposes.

4. Sub-Processors

We rely on the following service providers ("sub-processors") to operate StingLeads. Each is bound by a written data-processing agreement:

  • Stripe, Inc. - payment processing and card storage.
  • Cloud infrastructure providers - application hosting and managed database (US region, encrypted at rest).
  • Push notification providers - mobile push delivery (Apple APNs, Google FCM).
  • Email provider - transactional email delivery.
  • Cloudflare, Inc. - CDN, DDoS protection, and bot mitigation.

The current list is published at stingleads.com/sub-processors. We will publish updates with at least 30 days' notice for material changes.

5. How We Share Information

  • With contractors: homeowner contact details after the contractor pays the lead fee, for the sole purpose of fulfilling the requested in-person quote.
  • With sub-processors: as listed above, only what each provider needs to perform its function.
  • For legal compliance: when required by law, subpoena, or to enforce our Terms.
  • In a business transfer: if StingLeads is acquired or merged, your information may transfer subject to this Privacy Policy.

6. Data Retention

  • Active account data: while your account is active.
  • Closed account data: PII deleted within 30 days of account closure (see "Your Rights" below).
  • SMS conversation records (homeowner consent proof): 4 years (TCPA recordkeeping).
  • Payment records: 7 years (US tax law). PII removed; only ledger entries retained.
  • Push notification tokens: deleted when the device unregisters or 180 days after last use.
  • Backups: encrypted nightly backups retained for 30 days, then purged.

7. Your Rights - Account Deletion

You can delete your StingLeads account at any time:

  • In the mobile app: Settings → Delete Account. Reauth with your password, confirm, and the cascade runs immediately.
  • On the web: visit stingleads.com/delete-account to request a confirmation link via email. Click the link to permanently delete your account.
  • By email: ops@stingleads.com. We respond within 30 days.

Deletion permanently removes your profile, your saved leads' homeowner PII, your photos and notes, and your device records. We retain anonymised billing records as required by US tax law.

8. Your Rights - California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, the sources, the purposes, and the categories of recipients.
  • Access a copy of the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information (see Section 7 above).
  • Opt out of sale or sharing of your personal information. Submit your request at stingleads.com/do-not-sell.
  • Limit use of sensitive personal information.
  • Non-discrimination - we will not deny service or charge different prices for exercising any right.

We honor the Global Privacy Control (GPC) signal as a valid Do-Not-Sell-or-Share request.

"Sale" disclosure under CCPA: in the prior 12 months we shared homeowner contact information with contractors who paid a lead fee. California regulators may classify this as a "sale" under the CCPA's broad definition. California homeowners may opt out at any time using the link above; opt-out applies to future sharing.

9. Your Rights - Other US States

Residents of states with comprehensive privacy laws - including Texas (TDPSA), Virginia, Colorado, Connecticut, Utah, and a growing number of others - have substantially the same access, correction, deletion, portability, and opt-out rights described above. Submit requests via the same channels listed in Section 7.

10. Your Rights - European Economic Area / UK (GDPR)

StingLeads is a US-based service and does not target the EEA or UK. If you access the service from there, our lawful bases for processing are contract (accounts), consent (homeowner opt-in), legitimate interest (security and fraud prevention), and legal obligation (tax and legal records). You may exercise rights of access, correction, erasure, restriction, portability, and objection, and we respond to verified data-protection requests, by emailing ops@stingleads.com.

11. Children's Privacy (COPPA)

StingLeads is a B2B service for adult contractors. We do not knowingly collect personal information from anyone under 13. If you believe a minor has registered, contact us and we will delete the account.

12. Mobile App - Permissions and Data Flows

Our iOS and Android apps request only the permissions strictly necessary for app functionality:

  • Notifications (Android 13+ runtime permission): to deliver alerts about new leads. You can disable in Settings.
  • Internet (auto-granted): to communicate with our servers.

The app does not request: contacts, SMS access, call log, microphone, camera (in v1), background location, or device-wide phone state. We do not use any third-party advertising SDK, tracking SDK, analytics SDK that profiles individual users, or the iOS Identifier for Advertisers (IDFA). The app does not display ads.

Card payments inside the app use Stripe's mobile SDK with their PaymentSheet; card data is sent directly to Stripe and never touches our servers.

13. Security

We use industry-standard safeguards including encryption in transit, salted password hashing, secure session tokens, rate limiting, and DDoS protection. We follow the principle of least privilege for sub-processor access and run periodic security reviews. No system is perfectly secure; we will notify affected users of any breach in the timeframes required by applicable law.

14. International Data Transfers

StingLeads is operated from the United States. If you access the service from outside the US, your information will be transferred to and processed in the US.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and through an in-app notice with at least 30 days' notice. The "Effective" date at the top of this page reflects the most recent version.

16. Contact

StingLeads LLC
30 N. Gould St, Suite R
Sheridan, WY 82801
Email: ops@stingleads.com
Support: ops@stingleads.com
Phone: +1 (281) 323-5956

This policy is provided for transparency and to satisfy applicable privacy laws and the Apple App Store and Google Play developer requirements. It is not legal advice. We encourage you to consult counsel about your specific obligations.