Privacy Policy

Effective: April 30, 2026  ·  Version 2.0

This Privacy Policy applies to the StingLeads website (stingleads.com), our mobile applications for iOS and Android, and all related services operated by StingLeads LLC. We use a single policy across web and mobile so the same protections and rights apply everywhere.

1. Who We Are

StingLeads LLC ("StingLeads," "we," "us") provides SMS-based lead generation, appointment scheduling, and a marketplace where licensed home-service contractors purchase access to inbound homeowner appointment requests. We operate at stingleads.com and through our mobile apps.

2. Information We Collect

From Contractors (account holders):

  • Account info: Name, email address, password (hashed), business name, phone number, service area, service type.
  • Verification info: Contractor license number or LLC name (used to onboard and to comply with marketplace policies).
  • Payment info: Card details are collected and stored by Stripe, Inc.; we receive only a customer ID and last-4 / brand for our records.
  • App interaction: Which leads you view and reveal, jobs you mark Won/Lost/Quoted, balance top-ups, photos and notes you upload to your jobs.
  • Device info (mobile only): Push notification token (Expo / APNs / FCM), platform (iOS or Android), device name, app version. Used solely to deliver notifications and authenticate sessions.
  • Diagnostics: IP address, approximate region from IP, user-agent, timestamps. Used for security, fraud prevention, and to satisfy legal obligations.

About Homeowners (third-party data):

StingLeads contacts homeowners via SMS using lists sourced from publicly available property and county-assessor records and from partner sources. A homeowner becomes part of our lead pipeline only after they reply and explicitly request a free quote — that reply is the homeowner's consent under the Telephone Consumer Protection Act (TCPA) and applicable state laws. We retain that opt-in record (timestamp, message content, source) for at least four years.

Once a homeowner has requested a quote, we collect and may share the following with the contractor who pays the lead fee: full name, mobile phone number, street address, requested service description, and the conversation summary. This data is shared only with verified contractors who have agreed to use it solely for the requested in-person job and not to resell, redistribute, or use it for unrelated marketing.

3. How We Use Information

  • To operate the StingLeads service: deliver leads, run the marketplace, process payments, send push and email notifications.
  • To verify contractor identity and prevent abuse, fraud, or stalkerware-style misuse of homeowner contact data.
  • To comply with legal obligations (tax records, TCPA recordkeeping, response to lawful subpoena).
  • To respond to support requests and to send transactional messages about your account.
  • To improve the service in aggregate (we do not use individual behavioral profiles for advertising).

We do not sell your personal information to advertisers. We do not use your data to train third-party AI models. We do not share mobile phone numbers or SMS opt-in records with any third party for marketing or promotional purposes.

4. Sub-Processors

We rely on the following service providers ("sub-processors") to operate StingLeads. Each is bound by a written data-processing agreement:

  • Stripe, Inc. — payment processing and card storage.
  • Expo (650 Industries, Inc.) — mobile push notification relay (passes our pushes to APNs/FCM).
  • Apple Push Notification service (APNs) — iOS push delivery.
  • Google Firebase Cloud Messaging (FCM) — Android push delivery.
  • Supabase Inc. — managed PostgreSQL database hosting (US region).
  • Hostinger International Ltd. / VPS provider — application hosting.
  • Cloudflare, Inc. — CDN, DDoS protection, bot mitigation (Turnstile).
  • SMTP provider — transactional email delivery.
  • Telegram FZ-LLC — internal operator notifications (no homeowner PII).

The current list is published at stingleads.com/sub-processors. We will publish updates with at least 30 days' notice for material changes.

5. How We Share Information

  • With contractors: homeowner contact details after the contractor pays the lead fee, for the sole purpose of fulfilling the requested in-person quote.
  • With sub-processors: as listed above, only what each provider needs to perform its function.
  • For legal compliance: when required by law, subpoena, or to enforce our Terms.
  • In a business transfer: if StingLeads is acquired or merged, your information may transfer subject to this Privacy Policy.

6. Data Retention

  • Active account data: while your account is active.
  • Closed account data: PII deleted within 30 days of account closure (see "Your Rights" below).
  • SMS conversation records (homeowner consent proof): 4 years (TCPA recordkeeping).
  • Payment records: 7 years (US tax law). PII removed; only ledger entries retained.
  • Push notification tokens: deleted when the device unregisters or 180 days after last use.
  • Backups: encrypted nightly backups retained for 30 days, then purged.

7. Your Rights — Account Deletion

You can delete your StingLeads account at any time:

  • In the mobile app: Settings → Delete Account. Reauth with your password, confirm, and the cascade runs immediately.
  • On the web: visit stingleads.com/delete-account to request a confirmation link via email. Click the link to permanently delete your account.
  • By email: [email protected]. We respond within 30 days.

Deletion permanently removes your profile, your saved leads' homeowner PII, your photos and notes, and your device records. We retain anonymised billing records as required by US tax law.

8. Your Rights — California (CCPA / CPRA)

If you are a California resident, you have the right to:

  • Know what personal information we collect, the sources, the purposes, and the categories of recipients.
  • Access a copy of the personal information we hold about you.
  • Correct inaccurate personal information.
  • Delete your personal information (see Section 7 above).
  • Opt out of sale or sharing of your personal information. Submit your request at stingleads.com/do-not-sell.
  • Limit use of sensitive personal information.
  • Non-discrimination — we will not deny service or charge different prices for exercising any right.

We honor the Global Privacy Control (GPC) signal as a valid Do-Not-Sell-or-Share request.

"Sale" disclosure under CCPA: in the prior 12 months we shared homeowner contact information with contractors who paid a lead fee. California regulators may classify this as a "sale" under the CCPA's broad definition. California homeowners may opt out at any time using the link above; opt-out applies to future sharing.

9. Your Rights — Texas, Virginia, Colorado, Connecticut, Utah, and other US states

Texas residents under the Texas Data Privacy and Security Act (TDPSA) have the same access, correction, deletion, portability, and opt-out rights described above, with no minimum business-size threshold. Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Oregon, Delaware, Iowa, Indiana, Tennessee, Montana, Rhode Island, New Jersey, Maryland, Minnesota, and Kentucky have substantially similar rights under their respective comprehensive privacy laws. Submit requests via the same channels listed in Section 7.

10. Your Rights — European Economic Area / UK (GDPR)

If you are in the EEA or the UK, our lawful bases for processing are:

  • Contract for contractor accounts (Article 6(1)(b)).
  • Consent for homeowner SMS opt-in (Article 6(1)(a)).
  • Legitimate interest for security, fraud prevention, and aggregate analytics (Article 6(1)(f)).
  • Legal obligation for tax records and lawful requests (Article 6(1)(c)).

You have rights of access, rectification, erasure, restriction, portability, objection, and withdrawal of consent. We commit to notifying the relevant supervisory authority within 72 hours of any personal-data breach affecting EEA or UK users (GDPR Article 33). To exercise rights or file a complaint, email [email protected].

11. Children's Privacy (COPPA)

StingLeads is a B2B service for adult contractors. We do not knowingly collect personal information from anyone under 13. If you believe a minor has registered, contact us and we will delete the account.

12. Mobile App — Permissions and Data Flows

Our iOS and Android apps request only the permissions strictly necessary for app functionality:

  • Notifications (Android 13+ runtime permission): to deliver alerts about new leads. You can disable in Settings.
  • Internet (auto-granted): to communicate with our servers.

The app does not request: contacts, SMS access, call log, microphone, camera (in v1), background location, or device-wide phone state. We do not use any third-party advertising SDK, tracking SDK, analytics SDK that profiles individual users, or the iOS Identifier for Advertisers (IDFA). The app does not display ads.

Card payments inside the app use Stripe's mobile SDK with their PaymentSheet; card data is sent directly to Stripe and never touches our servers.

13. Security

We use TLS 1.2+ for all network traffic, bcrypt password hashing, signed JWT session tokens, hashed refresh tokens, rate limiting, fail2ban on SSH, and Cloudflare for DDoS protection. We follow the principle of least privilege for sub-processor access and run periodic security reviews. No system is perfectly secure; we will notify affected users of any breach in the timeframes required by applicable law.

14. International Data Transfers

StingLeads is operated from the United States. If you access the service from outside the US, your information will be transferred to and processed in the US. For EEA/UK users, we rely on the European Commission's Standard Contractual Clauses with our sub-processors where applicable.

15. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email and through an in-app notice with at least 30 days' notice. The "Effective" date at the top of this page reflects the most recent version.

16. Contact

StingLeads LLC
30 N. Gould St, Suite R
Sheridan, WY 82801
Email: [email protected]
Support: [email protected]
Phone: +1 (281) 323-5956

This policy is provided for transparency and to satisfy applicable privacy laws and the Apple App Store and Google Play developer requirements. It is not legal advice. We encourage you to consult counsel about your specific obligations.