Legal & Compliance Suite

LeadFrog is a software service operated by Ziwiz Technologies Private Limited ("LeadFrog", "we", "us", "our"). It operates an AI-powered lead capture and CRM automation platform that connects to your Instagram Business account and WhatsApp Business number to capture, classify, and follow up on leads automatically (the "Service").

These Terms of Service ("Terms") constitute a legally binding agreement between you (the individual or entity registering an account — "Customer", "you", "your") and LeadFrog. They govern your access to and use of the Service, our website (leadfrog.in), our mobile application (if any), and all associated features and content.

By clicking "Sign Up", "Get Started", or any similar button, or by otherwise accessing or using the Service, you confirm that:

• You have read and understood these Terms.
• You have the legal capacity to enter into a binding contract (you are at least 18 years old and, if acting on behalf of a company, you have authority to bind that company).
• You agree to be bound by these Terms and by our Privacy Policy, Cookie Policy, and Data Processing Addendum, each of which is incorporated into these Terms by reference.

To use LeadFrog you must register for an account. You agree to:

• Provide accurate, current, and complete information during registration and keep it updated.
• Maintain the confidentiality of your password and any API keys associated with your account.
• Be solely responsible for all activity that occurs under your account, whether or not you authorised it.
• Notify us immediately at security@leadfrog.in if you suspect unauthorised access to your account.

You may not share your account credentials with others, use another person's account, or create accounts for the purpose of circumventing usage limits. Each subscription covers one business entity. Teams can be added as sub-users within a single account at no extra charge (up to the limit for your plan).

LeadFrog reserves the right to suspend or terminate accounts that show signs of credential sharing, automated sign-up abuse, or any other violation of these Terms.

The Service requires you to connect your Meta (Instagram / WhatsApp) business accounts via OAuth. By doing so, you:

• Represent that you are the authorized administrator of those accounts and have the right to grant LeadFrog the permissions requested.
• Acknowledge that your use of Meta's platforms through LeadFrog remains subject to Meta's own Terms of Service, Platform Policy, and WhatsApp Business Policy. LeadFrog cannot override Meta's rules on your behalf.
• Understand that if Meta revokes, restricts, or changes its API access policies, features of the Service that depend on those APIs may be reduced or unavailable. LeadFrog will not be liable for such third-party platform changes.
• Agree to promptly notify us if your Instagram or WhatsApp account is suspended, restricted, or transferred to another owner.

Violation of these acceptable use rules may result in immediate suspension or termination of your account without refund. Serious violations (e.g., spamming, data scraping, illegal activity) will be reported to relevant authorities including CERT-In, TRAI, and law enforcement as appropriate.

LeadFrog and its licensors own all intellectual property rights in the Service, including the LeadFrog name, logo, software, UI design, documentation, and all AI models and prompt configurations developed by LeadFrog. Nothing in these Terms transfers any ownership of LeadFrog's intellectual property to you.

You are granted a limited, non-exclusive, non-transferable, revocable license to use the Service solely for your business purposes in accordance with these Terms. This licence does not include any right to sub-license, modify, create derivative works, or use LeadFrog's brand assets in any way without prior written consent.

If you provide feedback, suggestions, or ideas about the Service, you grant LeadFrog a perpetual, irrevocable, royalty-free license to use that feedback for any purpose without compensation to you.

Both parties may have access to the other's confidential information in the course of using the Service. "Confidential Information" means any non-public information disclosed by one party to the other that is designated as confidential or that reasonably should be understood to be confidential given the context.

Each party agrees to: (a) protect the other's Confidential Information with at least the same care it uses for its own confidential information (but not less than reasonable care); (b) not disclose it to third parties without prior written consent; and (c) use it only for the purposes of the business relationship. These obligations do not apply to information that is publicly known, independently developed, or required to be disclosed by law.

THE SERVICE IS PROVIDED "AS IS" AND "AS AVAILABLE" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED. TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, LEADFROG DISCLAIMS ALL WARRANTIES INCLUDING IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT.

In particular, LeadFrog does not warrant that:

• AI classifications will be accurate, complete, or free from errors or bias.
• The Service will be uninterrupted, error-free, or free from security vulnerabilities (though we commit to the SLA in Document 05).
• Results obtained from using the Service will meet your business objectives.
• Third-party platforms (Meta, WhatsApp) will remain available or maintain their current API capabilities.

TO THE MAXIMUM EXTENT PERMITTED BY APPLICABLE LAW, LEADFROG'S TOTAL CUMULATIVE LIABILITY TO YOU FOR ANY CLAIMS ARISING OUT OF OR RELATED TO THESE TERMS OR THE SERVICE — WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STATUTE, OR OTHERWISE — SHALL NOT EXCEED THE TOTAL FEES PAID BY YOU TO LEADFROG IN THE 12 MONTHS PRECEDING THE CLAIM.

IN NO EVENT SHALL LEADFROG BE LIABLE FOR: (A) LOSS OF REVENUE, PROFITS, OR BUSINESS OPPORTUNITIES; (B) LOSS OF DATA (BEYOND THE DATA RECOVERY COMMITMENT IN THE SLA); (C) INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, OR PUNITIVE DAMAGES; EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

Some jurisdictions do not allow certain liability exclusions. In those jurisdictions, our liability is limited to the maximum extent permitted by law.

Nothing in these Terms excludes or limits LeadFrog's liability for: (i) fraud or fraudulent misrepresentation; (ii) death or personal injury caused by our negligence; (iii) any other liability that cannot be excluded by applicable Indian law.

You agree to defend, indemnify, and hold harmless LeadFrog, its officers, employees, contractors, and agents from and against any claims, liabilities, damages, losses, and expenses (including reasonable legal fees) arising out of or related to:

• Your violation of these Terms or any applicable law (including the IT Act, DPDP Act, TRAI regulations, or Meta's policies).
• Your content or your Subscribers' data — including any claim that your use of Subscriber Data violated a Data Principal's rights.
• Your failure to obtain valid consent from Subscribers before collecting or processing their data.
• Any dispute between you and your customers or Subscribers.

LeadFrog reserves the right to modify the Service and these Terms. We will notify you of material changes:

• Changes to Terms: email notice at least 30 days before they take effect.
• Changes to pricing: at least 30 days' notice.
• Feature additions: in-app announcement or changelog post.
• Feature removals (core features): at least 30 days' notice.

Your continued use of the Service after the effective date of a change constitutes your acceptance. If you disagree with a material change, you may terminate your subscription before the change takes effect and receive a pro-rata refund for the unused portion of any annual plan.

• Entire Agreement: These Terms, the Privacy Policy, Cookie Policy, DPA, SLA, and AI Supplementary Terms constitute the entire agreement between you and LeadFrog regarding the Service and supersede all prior agreements.
• Severability: If any provision is found unenforceable, it will be modified to the minimum extent necessary to make it enforceable. The remaining provisions continue in full force.
• Waiver: LeadFrog's failure to enforce any right or provision is not a waiver of that right. A waiver in one instance does not constitute a waiver of future enforcement.
• Assignment: You may not assign these Terms or any rights under them without our prior written consent. LeadFrog may assign these Terms in connection with a merger, acquisition, or sale of assets, with notice to you.
• Force Majeure: Neither party is liable for failures or delays caused by events beyond their reasonable control — including natural disasters, war, pandemic, government action, or third-party platform outages.
• Relationship: These Terms do not create any employment, agency, partnership, or joint venture relationship between you and LeadFrog.
• Language: These Terms are written in English. If translated into another language, the English version prevails in case of conflict.

This Privacy Policy explains how LeadFrog ("we", "us", "our"), a software platform operated by Ziwiz Technologies Private Limited, collects, uses, stores, shares, and protects personal data in connection with the LeadFrog platform (app.leadfrog.in) and website (leadfrog.in).

It applies to three groups of people:

• Customers — businesses and individuals who register for a LeadFrog account and use the Service.
• Subscribers — the end-users of our customers: the Instagram commenters, DM senders, and WhatsApp contacts whose data flows through the Service on behalf of our customers.
• Website Visitors — anyone who visits leadfrog.in without logging in.

If you are a Subscriber (i.e., your data is in a Customer's LeadFrog CRM because you commented on their Instagram post), the Customer is the Data Fiduciary responsible for your data. You should direct rights requests to that Customer. If they do not respond, contact us at privacy@leadfrog.in and we will assist.

We share personal data only as described below. We do not sell your data.

Under India's Digital Personal Data Protection Act, 2023, and applicable Indian law, you have the following rights:

We will respond to all rights requests within 30 days. In complex cases, we may take up to 60 days with a notice of extension. We verify your identity before acting on any request. We do not charge a fee for reasonable requests.

We keep your data only as long as necessary. Here is our retention schedule:

LeadFrog stores and processes data using approved infrastructure providers including Supabase, Vercel, and Hostinger, as described in the Service Providers & Sub-Processors document.

• Data processing agreements with Standard Contractual Clauses or equivalent with each overseas sub-processor.
• Data minimization — we transfer the minimum data required for each specific function.

As the Government of India notifies the list of permitted countries for cross-border data transfer under Section 16 of the DPDP Act, we will update our transfer mechanisms to comply.

We take data security seriously. Our measures include:

• AES-256 encryption at rest for all databases and file storage.
• TLS 1.2+ encryption in transit for all data flows.
• Multi-factor authentication mandatory for all staff with production access.
• Automated dependency scanning and vulnerability patching.
• Role-based access control — staff access only the data their role requires.

If we become aware of a data breach that is likely to affect your rights, we will notify you within 72 hours of discovery, describe what happened, what data was involved, what we are doing about it, and what you can do to protect yourself.

LeadFrog is not intended for anyone under 18. We do not knowingly collect data from minors. If you believe a minor has created a LeadFrog account or that a minor's data is in a Customer's CRM without proper consent, contact privacy@leadfrog.in immediately. We will delete the relevant data promptly and notify the affected Customer.

Under the DPDP Act 2023, processing children's data (under 18) requires verifiable parental consent. This is beyond the scope of what LeadFrog currently supports — Customers must not use LeadFrog to collect or process data of minors.

The Service integrates with Meta (Instagram, WhatsApp), Razorpay, and may link to other third-party services. This Privacy Policy does not cover how those third parties handle your data. We encourage you to review their privacy policies before connecting their services to LeadFrog.

We may update this policy as our product evolves or as Indian law changes. When we make material changes:

• We will email all registered Customers at least 14 days before the change takes effect.
• We will update the "Last Reviewed" date at the top of this document.
• We will post a summary of what changed at leadfrog.in/legal/privacy-changelog.

Your continued use of the Service after the effective date constitutes acceptance of the updated policy. If you do not agree, you may close your account before the change takes effect.

LeadFrog currently uses only essential cookies required for authentication, security, and core platform functionality.

These cookies include:

• Session authentication cookies used to keep users logged in securely.
• Security cookies used to prevent unauthorized access and malicious activity.
• Preference cookies used to remember basic platform settings.

LeadFrog does not currently use:

• Advertising cookies
• Marketing cookies
• Behavioral tracking cookies
• Meta Pixel
• Google Analytics cookies
• Third-party profiling cookies

When you use LeadFrog, some of your data and your Subscribers' data passes through third-party companies we have contracted to provide specific infrastructure or services. These companies are called sub-processors (under DPDP Act terminology: processors engaged by a processor) or service providers.

We publish this list because we believe you have a right to know exactly who handles data on your behalf. We update it whenever we add, change, or remove a provider — and give you at least 14 days' notice before any change that affects how personal data is processed.

This Service Level Agreement ("SLA") documents LeadFrog's commitments to paid subscribers regarding platform availability, support responsiveness, data backup, and incident communication. It is legally binding as an addendum to the LeadFrog Terms of Service. Free-tier users receive best-effort support without SLA guarantees.

LeadFrog provides commercially reasonable efforts to maintain platform availability and reliability. Specific uptime commitments, support levels, and enterprise service guarantees may vary by subscription plan and will be published on the LeadFrog website or communicated directly to Customers. LeadFrog may update service levels as the platform evolves.

Support hours: Monday–Saturday 09:00–18:00 IST. P1 incidents are handled 24×7 via on-call rotation. Submit via support@leadfrog.in or the in-app Help button (P1 incidents should include "P1" in the subject line for immediate routing).

• Standard window: Sundays 02:00–04:00 IST (low-traffic; 48 hours' notice).
• Major upgrades (database migrations, API version bumps): communicated 7+ days in advance.
• Emergency security patches: may occur any time; announced by email within 30 minutes of commencement.

• Scheduled and announced maintenance windows.
• Third-party platform outages: Meta/Instagram API downtime, WhatsApp Business API issues, Razorpay payment gateway outages.
• Events of Force Majeure: earthquakes, floods, war, pandemic, government-mandated shutdowns.
• Issues caused by the Customer's own misconfiguration, API misuse, or violation of Terms of Service.
• Internet connectivity issues outside LeadFrog's network.
• Features explicitly labelled "Beta" or "Preview".
• Attacks (DDoS, brute force) specifically targeting the Customer's account, provided LeadFrog took reasonable mitigation steps.

• P1 incidents: status page updated within 30 minutes; email blast to all affected accounts.
• Post-Incident Report (PIR): published within 5 business days of P1 resolution; includes root cause, impact duration, and corrective actions.
• Recurring P2 incidents: root-cause analysis shared with the affected Customer on request.

When you use LeadFrog to capture leads from Instagram and route them through WhatsApp, you instruct LeadFrog to process personal data belonging to third parties — your Instagram followers, commenters, and WhatsApp contacts ("Subscribers"). This Data Processing Addendum ("DPA") sets out the legal framework governing that processing relationship.

This DPA is governed by India's Digital Personal Data Protection Act, 2023 ("DPDP Act"). Where Customers are based in the European Economic Area, the GDPR also applies and the relevant provisions of this DPA should be read accordingly.

LeadFrog unconditionally commits to the following:

1. Process Subscriber Data only on the Customer's documented instructions. If we are legally required to process data in a way the Customer has not instructed, we will notify the Customer before doing so unless prohibited by law.
2. Ensure that all LeadFrog personnel with access to Subscriber Data are bound by written confidentiality obligations and receive appropriate data protection training.
3. Implement and maintain the technical and organisational security measures listed in Schedule A of this DPA.
4. Assist the Customer in responding to Data Principal rights requests (access, correction, erasure, portability, grievance) within 7 business days of the Customer's request to us.
5. Notify the Customer without undue delay — and within 72 hours of becoming aware — of any personal data breach affecting Subscriber Data, including the nature of the breach, categories and approximate number of records affected, likely consequences, and measures taken or proposed.
6. Notify the Customer if we receive a direct request from a Data Principal or a government authority regarding Subscriber Data, without disclosing any data before the Customer authorises us to do so (unless legally compelled).
7. Ensure any sub-processor we engage (see Document 04) is bound by data protection obligations equivalent to those in this DPA, and that we remain fully liable to the Customer for the sub-processor's performance.
8. Not engage new sub-processors without at least 14 days' prior written notice to the Customer.
9. On termination or expiry of the Customer's subscription, delete all Subscriber Data within 30 days unless the Customer requests a data export first, and certify deletion in writing upon request.
10. Make available, on reasonable notice, all information necessary for the Customer to verify LeadFrog's compliance with this DPA, and allow audits (or third-party assessments) not more than once per year.

By using LeadFrog, the Customer agrees that they:

1. Have a lawful basis under the DPDP Act (typically: freely given, specific, informed consent from the Data Principal) to collect and process each Subscriber's data.
2. Have provided Data Principals with a clear privacy notice disclosing that LeadFrog processes their data on the Customer's behalf, the purposes of that processing, and their rights.
3. Will not instruct LeadFrog to process data in a manner that would violate the DPDP Act, Meta's Platform Terms, WhatsApp Business Policy, TRAI regulations, or any other applicable law.
4. Are solely responsible for the accuracy, legality, and completeness of data they cause to be collected through LeadFrog.
5. Will not use LeadFrog to process Special Category Data — including health data, biometric data, financial account credentials, caste, religion, political affiliation, or sexual orientation — unless explicitly agreed in a separate written contract.
6. Will comply with all Data Principal rights requests within statutory timeframes, with LeadFrog's assistance as described in Section 3.
7. Will notify LeadFrog promptly if they become aware of any misuse of the Service or any circumstances that may give rise to a personal data breach.

Some Subscriber Data is processed outside India (primarily by Groq in the USA for AI inference, and by Meta's global infrastructure for Instagram/WhatsApp API calls). LeadFrog handles these transfers as follows:

• We execute data processing agreements with each overseas sub-processor containing Standard Contractual Clauses or equivalent transfer mechanisms.
• We minimise data transferred overseas — Groq receives only comment/DM text for classification; it does not receive phone numbers, names, or any other PII.
• We will update transfer mechanisms to comply with any country whitelist or additional conditions notified by the Government of India under Section 16 of the DPDP Act, as and when notified.

• Encryption in Transit: TLS 1.2+ encryption for all communication between users, LeadFrog services, and approved third-party providers.
• Encryption at Rest: Data stored using encrypted storage provided by infrastructure providers including Supabase and other approved service providers.
• Access Control: Role-based access controls are implemented where applicable. Access to production systems is restricted to authorized personnel only.
• API & Token Security: OAuth 2.0 is used for Meta integrations. Authentication tokens and secrets are stored securely and are not exposed publicly.
• Vulnerability Management: LeadFrog applies security updates, dependency updates, and vulnerability fixes on a regular basis.
• Audit Logging: Authentication events, API activity, and operational logs are retained for security monitoring and troubleshooting purposes.
• Incident Response: LeadFrog maintains internal procedures for identifying, investigating, and responding to security incidents.
• Personnel Security: Access to production systems is limited to authorized personnel who are subject to confidentiality obligations.
• Backup & Recovery: Backup and recovery procedures are maintained to support service continuity and disaster recovery.

These AI Supplementary Terms ("AI Terms") apply to all features of LeadFrog that use artificial intelligence, machine learning, large language models, or automated scoring algorithms (collectively, "AI Features"). They supplement the Terms of Service and the DPA. In a conflict, these AI Terms govern with respect to AI Features.

Current AI Features include:

• AI Lead Classifier — classifies Instagram comments and DMs by purchase intent (Hot Lead / Warm / Cold / Spam / Inquiry / Other) using a large language model.
• Auto-Reply Composer — drafts context-aware WhatsApp follow-up suggestions for the Customer to review and optionally send.
• Lead Score Engine — assigns a numeric intent score (0–100) to each lead using a combination of comment text classification, reply velocity, and link-click behaviour.
• Link Intent Analytics — attributes website behaviour (pages visited, time on page, product clicks) to individual leads via tracked DM links, generating an enriched intent profile.

AI Features produce probabilistic outputs — they make educated guesses, not guaranteed determinations. A "Hot Lead" label means the model detected strong purchase intent signals in that comment; it does not guarantee the person will buy, or that the classification is correct in every case.

LeadFrog does not warrant that AI outputs are accurate, unbiased, complete, or fit for any specific purpose. Classification errors will occur. You are responsible for reviewing AI outputs and deciding how to act on them. Do not rely solely on AI classifications for material business decisions (e.g., large contract negotiations, credit decisions, staffing decisions) without human review.

If you notice systematic misclassification for your industry or language, contact support@leadfrog.in. We can adjust the prompt configuration for your account.

You must not use LeadFrog AI Features to:

1. Discriminate against any person based on religion, caste, gender, sexual orientation, disability, race, nationality, or any other protected characteristic under Indian law or international human rights norms.
2. Generate or send deceptive, manipulative, coercive, or psychologically harmful messages to Subscribers, including dark patterns designed to exploit cognitive biases.
3. Target vulnerable individuals (minors, persons in crisis, financially distressed individuals) with predatory messaging.
4. Make or communicate decisions that have material legal or financial effects on individuals (loan approvals, employment decisions, insurance underwriting) without a human reviewer in the loop.
5. Profile individuals in ways that would violate the DPDP Act or any applicable privacy law.
6. Circumvent Meta's spam or automation policies — all auto-reply and auto-DM flows must comply with Meta's Messaging Policy.
7. Generate, spread, or amplify misinformation, hate speech, or content that violates Indian law (IT Act Sections 66A–66F, IPC provisions on defamation and incitement).

Indian law (DPDP Act, Section 12 principles) and best practice require human oversight for automated decisions that significantly affect individuals. LeadFrog's Auto-Reply Composer generates suggestions, not final messages — you decide what to send. The platform's AI-driven pipeline movement is a recommendation; your team can override it at any time.

Where you configure fully automated reply flows (e.g., auto-DM to all "Hot Lead" comments without human approval), you must ensure:

• The auto-reply content is pre-reviewed and approved by a human.
• Subscribers have a clear way to opt out of automated messages (a "STOP" keyword or equivalent).
• You do not send more than the number of messages permitted by Meta's Messaging Policy per 24-hour window.

The DPDP Act's principles of Purpose Limitation, Data Minimisation, and Storage Limitation apply to AI processing:

• Purpose Limitation: AI classification is performed only for the purpose of operating the LeadFrog Service for your account. We do not use it to build profiles for advertising, creditworthiness, or any other secondary purpose.
• Data Minimisation: We send only the specific comment/DM text to the inference API — not phone numbers, addresses, or any other PII that is not necessary for classification.
• Storage Limitation: Classification labels and scores are stored only as long as the lead record exists in your workspace. If you delete a lead or your account, the associated AI outputs are deleted.

LeadFrog will notify you at least 14 days before switching the AI model or inference provider, unless the change is required urgently to remediate a security vulnerability. In that case, notification will follow within 72 hours. Any replacement provider must:

• Commit contractually to not using Customer data for model training.
• Process data in-flight only (no retention beyond the inference call).
• Provide at least equivalent security certifications (SOC 2 Type II or ISO 27001).

When you click thumbs-up or thumbs-down on a classification in the LeadFrog UI, this feedback is used only to improve LeadFrog's own prompt templates and classification logic — not to fine-tune the underlying model. Feedback data is anonymised before any analysis. It is never shared with Groq or any other third party.

LeadFrog relies on trusted infrastructure providers including Supabase, Vercel, and Hostinger. Security protections include:

• Encrypted communications using HTTPS/TLS
• Infrastructure-level security controls provided by hosting providers
• Access controls and authentication protections
• Monitoring of platform availability and operational health
• Regular software updates and maintenance

LeadFrog reviews infrastructure security practices periodically and implements reasonable safeguards appropriate for a cloud-hosted SaaS platform.

• Continuous compliance scanning: AWS Security Hub runs continuous checks against CIS AWS Foundations Benchmark and AWS Foundational Security Best Practices. Any failed control generates an alert.
• Access log review: API access logs are reviewed weekly by our security lead for anomalous patterns. Automated alerts fire for: after-hours production access, bulk data export operations, failed authentication spikes.
• Annual security review: a formal annual review covers all security controls, sub-processor security assessments, and a read-through of this policy to confirm it reflects current practice.
• DPDP Act readiness: as DPDP Act rules are notified by the Government of India, we conduct a gap assessment within 30 days and implement required changes before the applicable effective date.

LeadFrog operates on cloud infrastructure. We do not own or operate data centres. Physical security of the underlying hardware is provided by AWS and is certified to:

• ISO 27001, SOC 1 Type II, SOC 2 Type II, and PCI DSS Level 1.
• Physical access to AWS data centres in Mumbai and Hyderabad is controlled by biometric authentication, 24×7 security personnel, and CCTV surveillance.
• AWS's physical security certifications are available at aws.amazon.com/compliance.

LeadFrog employees do not have physical access to any server hardware. All administration is done remotely through secure, logged, MFA-protected sessions.

Data that is no longer needed is a liability — for you, for your Subscribers, and for us. Keeping data longer than necessary increases the risk of a breach, wastes storage, and, under the DPDP Act 2023, is not permitted. The law requires that personal data be erased as soon as the purpose for which it was collected is fulfilled or consent is withdrawn.

This policy sets out every scenario in which data is deleted, the precise timeline for each, and the technical method used. It covers data about you (Customer account data) and data you hold in LeadFrog (Subscriber / lead data).

Some data must be retained for legal reasons even after you delete your account. We are transparent about exactly what this is:

Customers may request deletion of Meta Platform Data associated with their LeadFrog account by contacting privacy@leadfrog.in or through available account settings.

Upon verification of the request, LeadFrog will delete applicable Meta Platform Data within 30 days unless retention is required by applicable law, regulatory obligations, fraud prevention requirements, or ongoing dispute resolution processes.

LeadFrog does not retain Meta Platform Data beyond the period necessary to provide the Service and fulfill legal obligations.

For all deletion requests via email, we verify your identity before acting. We will acknowledge your request within 24 hours and confirm completion once deletion is done.

LeadFrog is an Indian company, built for Indian small businesses, and subject to Indian law. This document explains — in plain language — every major statute and regulation that applies to us, what each one requires, and exactly how we comply. We have structured it as a law-by-law reference so Customers can quickly find what they need.

TRAI's Telecom Commercial Communications Customer Preference Regulations 2018 (as amended) govern bulk commercial communications. If you use LeadFrog to send promotional WhatsApp messages, you must:

• Register as a Principal Entity with TRAI through your telecom provider.
• Obtain prior explicit opt-in consent from each recipient before sending promotional messages.
• Register your message templates with TRAI and have them pre-approved via Meta's WhatsApp Business API.
• Honour DND (Do Not Disturb) preferences — LeadFrog flags "STOP" replies automatically.
• Include your sender identity and an opt-out mechanism in every commercial message.

Transactional messages (order confirmations, appointment reminders, OTPs) are exempt from the opt-in requirement but must follow TRAI's template format. LeadFrog's automated flow templates are designed to comply with these format requirements.

Customers are solely responsible for TRAI compliance. LeadFrog provides the technical platform but does not accept liability for your regulatory non-compliance. We reserve the right to suspend accounts found to be sending spam or violating TRAI rules.

The Indian Computer Emergency Response Team (CERT-In) issued mandatory directions requiring organisations to:

LeadFrog is registered under India's Goods and Services Tax framework. Here is what this means for you as a Customer:

• GST at 18% (the rate applicable to "online information and database access or retrieval services" / OIDAR) is applied to all subscriptions purchased by India-based businesses.
• You receive a GST-compliant tax invoice at the registered email address for your account, which you can use to claim input tax credit (ITC) if your business is GST-registered.
• To receive invoices with your GSTIN, update your billing details in Account Settings → Billing.
• Customers outside India are not charged GST. International transactions are treated as export of services under the IGST Act, subject to FEMA (Foreign Exchange Management Act, 1999) regulations.
• LeadFrog retains all billing records and GST invoices for a minimum of 8 years in compliance with GST record-keeping rules.

As an e-commerce entity, LeadFrog complies with the Consumer Protection (E-Commerce) Rules, 2020 under the Consumer Protection Act, 2019:

• Our legal name, registered address, and contact details are displayed on leadfrog.in.
• All subscription pricing is shown inclusive of applicable taxes before checkout.
• We do not use dark patterns, forced account creation for price comparison, or misleading countdown timers.
• Refund and cancellation policies are clearly stated in our Terms of Service.
• Grievance Officer details are published as required by Rule 4 of the E-Commerce Rules.

So you understand the stakes, here is a summary of the key laws and the violations they penalise:

LeadFrog's compliance framework is designed to protect both us and our Customers from these risks. Where we identify a compliance gap in your use of the platform, we will notify you and work with you to resolve it.

Indian digital law is evolving at pace. This document will be updated:

• As the Central Government notifies rules under the DPDP Act (expected in phases through 2027).
• As CERT-In issues new directions or amends existing ones.
• When TRAI updates its commercial communications framework.
• When any other applicable regulation changes in a way that affects LeadFrog or our Customers.

Material updates are communicated by email and posted at leadfrog.in/legal with a changelog. We recommend bookmarking that page.