LeadOptima

Privacy Policy

Last updated: February 8, 2026

1. Introduction

LeadOptima, a subsidiary of CDAID Holdings, is committed to protecting your privacy and handling your data with transparency and care. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our platform.

For questions about this Privacy Policy or our data practices, please contact us at [email protected].

2. Information We Collect

We collect information in the following ways:

Account Information

When you register for early access or create an account, we collect your name, email address, company name, and role. This information is used to provide you with access to the platform and communicate updates.

CRM Data

When you connect your CRM, we access enrollment and customer data as configured in your field mappings. We only access data necessary to provide enrollment intelligence services.

Usage Data

We collect information about how you interact with the platform, including configuration changes, dashboard views, and feature usage. This helps us improve the platform and provide better service.

Technical Data

We collect IP addresses, browser types, device information, and other technical data to ensure platform security and performance.

3. How We Use Your Information

We use collected information to:

  • Provide, maintain, and improve the LeadOptima platform
  • Process and analyze your enrollment data to generate insights
  • Communicate with you about your account, updates, and support
  • Ensure platform security and prevent fraud or abuse
  • Comply with legal obligations and enforce our Terms of Service
  • Develop new features and enhance existing functionality

4. Healthcare Data Protection

As a platform serving healthcare organizations, we implement specific protections:

  • Identity Resolution: We use hashing techniques to protect personally identifiable information
  • AI Guardrails: No raw Protected Health Information (PHI) is sent to AI models for analysis
  • Tenant Isolation: Your data is isolated from other customers at the infrastructure level
  • Audit Logging: All data access and configuration changes are logged with timestamps and user attribution
  • HIPAA Compliance: We are actively pursuing formal HIPAA compliance certification

5. Data Sharing and Disclosure

We do not sell your data. We may share information in the following limited circumstances:

  • Service Providers: We work with third-party service providers who assist in platform operations (hosting, analytics, support). These providers are contractually obligated to protect your data.
  • Legal Requirements: We may disclose information if required by law, court order, or government regulation.
  • Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.
  • With Your Consent: We may share information with your explicit permission for specific purposes.

6. Data Retention

We retain your data for as long as your account is active or as needed to provide services. Configuration history and audit logs are retained to support versioning and compliance requirements. When you close your account, we will delete or anonymize your data within a reasonable timeframe, except where retention is required by law or legitimate business purposes.

7. Data Security

We implement industry-standard security measures to protect your data, including encryption in transit and at rest, access controls, regular security audits, and employee training. However, no method of transmission over the internet or electronic storage is completely secure. While we strive to protect your data, we cannot guarantee absolute security.

8. Your Rights and Choices

You have the right to:

  • Access and review the personal information we hold about you
  • Request correction of inaccurate or incomplete data
  • Request deletion of your data (subject to legal retention requirements)
  • Export your configuration and enrollment data
  • Opt out of marketing communications (you will still receive service-related messages)
  • Disconnect your CRM integration at any time

9. Cookies and Tracking

We use cookies and similar tracking technologies to maintain your session, remember your preferences, and analyze platform usage. You can control cookie settings through your browser, but disabling cookies may limit platform functionality.

10. Children's Privacy

LeadOptima is not intended for use by individuals under the age of 18. We do not knowingly collect personal information from children. If we become aware that we have collected data from a child, we will take steps to delete that information.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of significant changes by email or through the platform. Your continued use of LeadOptima after changes become effective constitutes acceptance of the updated policy.

12. Contact Us

If you have questions or concerns about this Privacy Policy or our data practices, please contact us through the early access program or via our website. We are committed to addressing your privacy concerns promptly.