Privacy Policy

1. Who We Are

LEAP OS is a small-business operating system operated by LEAP Solutions, LLC ("LEAP Solutions," "we," "us," or "our"), a Michigan limited liability company founded by AJ Poole. LEAP OS is delivered as a hosted web application at os.leaptosolutions.com. This Privacy Policy explains what information LEAP OS collects from the people who sign in and use it, how we use that information, and the choices you have.

Contact: hello@leaptosolutions.com.

2. Information We Collect

Account information

• Your name, email address, and (optionally) profile picture, provided when you sign up or sign in with Google or Microsoft
• The name of your organization and your role within it
• Any information you enter into LEAP OS itself — for example, contacts in the CRM, contracts, invoices, calendar events you create, or messages you send

Usage and technical information

• Standard server logs (IP address, user agent, request timestamps) used for security and to keep the service reliable
• First-party cookies that keep you signed in
• Errors and diagnostic events generated by the application — never including the contents of your records

Information from third-party services you connect

If you choose to connect a third-party service to LEAP OS — for example, Google Calendar or Microsoft Outlook Calendar — we receive only the information needed to provide the feature you turned on. See Section 4 for the specific Google data we access and what we do with it.

3. How We Use Your Information

• To provide LEAP OS to you and your team — store your records, sync your calendar, send the email you asked us to send, etc.
• To keep the service secure — detect abuse, investigate incidents, and prevent unauthorized access
• To improve the product using aggregate, non-identifying signals (e.g., which features are used). We do not train AI/ML models on your data.
• To communicate with you about your account, billing, and material changes to LEAP OS. We do not send marketing email to in-app users without explicit opt-in.

We do not sell your personal information, ever. We do not share your data with advertisers.

4. Google User Data — Limited Use Disclosure

If you choose to connect your Google Account to LEAP OS, we request only the scopes required for the feature you turned on. As of this date, those scopes are:

• openid, userinfo.email, userinfo.profile — to identify you when you sign in with Google
• https://www.googleapis.com/auth/calendar.readonly — to read your existing calendar events so LEAP OS can show your schedule, find free time, and avoid double-booking
• https://www.googleapis.com/auth/calendar.events — to create, update, or cancel calendar events on your behalf when you ask LEAP OS to schedule something (for example, a customer booking from the AI receptionist or a meeting set in the CRM)

What we do with Google data

• We use Google Calendar data only to power the calendar features you see inside LEAP OS — viewing events, creating events you initiate, and reflecting changes back to your Google Calendar.
• We store the OAuth tokens we receive from Google encrypted at rest in our database (Supabase, hosted in the United States). Tokens are scoped to your organization and are never shared between organizations.
• We retain the tokens until you disconnect Google Calendar from inside LEAP OS or delete your account, after which we revoke and delete them.

What we do not do with Google data

• We do not use Google user data to serve advertising of any kind.
• We do not use Google user data to develop, improve, or train generalized AI or machine-learning models.
• We do not sell or transfer Google user data to third parties, except (a) as necessary to provide or improve the user-facing features that you have turned on, with sub-processors that are contractually bound by the same restrictions; (b) for security purposes, such as investigating abuse; (c) to comply with applicable law; or (d) as part of a merger, acquisition, or sale of assets, in which case we will notify you and provide a meaningful choice.
• We do not allow humans to read Google user data, except (a) with your specific affirmative consent (for example, if you ask LEAP Solutions support for help with a calendar issue and explicitly authorize us to look at the relevant event), (b) for security purposes such as investigating abuse, (c) to comply with applicable law, or (d) where the data has been aggregated and de-identified.

How to disconnect or delete Google data

You can disconnect Google Calendar from LEAP OS at any time inside Settings → Integrations, which immediately revokes the OAuth token and deletes the stored credentials on our side. You can also revoke LEAP OS from your Google Account at myaccount.google.com/permissions. To request deletion of any other personal information we hold, email hello@leaptosolutions.com.

5. Microsoft User Data

If you choose to connect your Microsoft 365 / Outlook account to LEAP OS, we request only the scope required for the feature you turned on:

• Calendars.ReadWrite — to read your existing Outlook calendar events so LEAP OS can show your schedule and detect conflicts, and to create, update, or cancel events on your behalf when you ask LEAP OS to schedule something
• offline_access — Microsoft's standard scope that lets us refresh your access token without prompting you again

What we do with Microsoft data

• We use Microsoft Outlook calendar data only to power the calendar features you see inside LEAP OS — viewing events, creating events you initiate, and reflecting changes back to your Outlook calendar.
• We store the OAuth tokens encrypted at rest in our database (Supabase, hosted in the United States). Tokens are scoped to your organization and are never shared between organizations.
• We retain the tokens until you disconnect Microsoft Outlook from inside LEAP OS or delete your account.

What we do not do with Microsoft data

• We do not use Microsoft user data to serve advertising of any kind.
• We do not use Microsoft user data to develop, improve, or train AI or machine-learning models.
• We do not sell or transfer Microsoft user data to third parties, except (a) as necessary to provide the user-facing features you have turned on, (b) for security purposes, (c) to comply with applicable law, or (d) as part of a merger or acquisition with notice to you.

How to disconnect

You can disconnect Microsoft Outlook from LEAP OS at any time inside Settings → Integrations, which removes the OAuth tokens from our database. You can also revoke LEAP OS from your Microsoft account at account.microsoft.com/privacy/app-access.

6. Third-Party Services We Use

We use a small number of reputable vendors to operate LEAP OS. These vendors only see the minimum data needed to do their job and are contractually prohibited from using it for other purposes.

• Supabase — database, authentication, and backend infrastructure
• Vercel — application hosting
• Stripe — payment processing for paid plans
• Resend — transactional email delivery
• Anthropic (Claude API) — AI features inside LEAP OS. Anthropic does not use customer API inputs or outputs to train models.
• Cloudflare Turnstile — captcha for sign-in/sign-up
• Google APIs — only the scopes listed in Section 4, only when you connect Google Calendar
• Microsoft Graph — only when you connect Outlook Calendar

7. How Long We Keep Your Data

• Account information and the records you create: retained while your subscription is active, and for up to 90 days after cancellation, then deleted unless you ask us to delete sooner
• Google OAuth tokens and synced calendar metadata: retained until you disconnect the integration or delete your account, then revoked and deleted
• Server logs: 30 days, then deleted

You can ask us to delete your information at any time by emailing hello@leaptosolutions.com.

8. Your Rights

Regardless of where you live, you may ask us to:

• Tell you what personal information we hold about you
• Correct information that is inaccurate
• Delete your information (subject to legal retention requirements)
• Export your information in a machine-readable format
• Stop contacting you by any non-essential channel

To exercise any of these rights, email hello@leaptosolutions.com. We will respond within 30 days.

9. Security

We protect your data with industry-standard technical and organizational measures: TLS for all data in transit, encryption at rest in our database, role-based access control (RLS) so that organization data is isolated, and least-privilege access for the small number of LEAP Solutions personnel who can investigate incidents.

No system is perfectly secure. If we ever experience a security incident affecting your data, we will notify you without undue delay.

10. Children

LEAP OS is for businesses and the adults who run them. We do not knowingly collect information from anyone under 18. If you believe a child has provided us with personal information, contact us and we will delete it.

11. International Users

LEAP OS is operated from the United States. If you access LEAP OS from outside the United States, you acknowledge that your information will be processed in the United States.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective" date at the top of this page and notify active users by email. Continued use of LEAP OS after an update means you accept the revised policy.

13. Contact

LEAP Solutions, LLC
AJ Poole, Founder
Email: hello@leaptosolutions.com
Southwest Michigan, USA

View LEAP OS Terms & Conditions →