Privacy Policy
Effective date: May 30, 2026
This Privacy Policy describes how Leadly Egypt LLC, a Delaware limited liability company (referred to in this document as "Leadly", "we", "us", or "our"), collects, uses, stores, and shares information when you or your clinic use the Leadly platform, our website at leadly-egypt.com, or any related services (collectively, the "Services").
Leadly provides services to clinics ("Customers"). When a Customer's patient interacts with the Leadly platform, the Customer is the controller of that patient's personal data and Leadly acts as a processor on the Customer's behalf. When you visit our website or contact us directly, Leadly is the controller of your personal data.
1. Who we are
The data controller for our website and direct customer relationships is:
Leadly Egypt LLC
16192 Coastal Highway
Lewes, DE 19958
United States
Email: privacy@leadly-egypt.com
2. Information we collect
2.1 Information from clinic Customers
When a clinic signs up to use Leadly, we collect:
- Clinic name, address, branch locations, and contact information
- Names, roles, and contact details of clinic owners, administrators, doctors, and staff
- Billing information, including payment method details (processed by our payment provider — see Section 5)
- Configuration data such as service catalog, pricing, working hours, and clinic-specific prompts
2.2 Information from clinic patients (processed on behalf of Customers)
When a patient interacts with a Customer through Leadly, we process:
- Identifiers such as name, phone number, and (where provided) date of birth and national ID
- Conversation content — message text, voice recordings, transcriptions, and media (images, documents, payment receipts)
- Booking information — appointment details, doctor and branch assignment, no-show history
- Clinical information that the patient or clinic chooses to record — medical history, allergies, prescriptions, treatment plans, X-rays, lab reports, and visit notes
- Payment information — deposit confirmations, invoice records, and payment method references
2.3 Information collected automatically
When you visit our website or use the platform, we and our service providers may collect:
- IP address, browser type, device identifiers, and approximate location
- Pages viewed, links clicked, and time spent on the site
- Server logs containing API request metadata for operational monitoring and abuse prevention
3. How we use information
We use information to:
- Provide, operate, and improve the Services
- Process bookings, send reminders, and route patient communications to the right doctor and branch
- Generate AI-assisted replies, transcribe voice messages, and synthesize voice replies
- Detect and prevent abuse, fraud, and security incidents
- Process payments and bill Customers for the Services
- Comply with legal obligations and enforce our Terms of Service
- Communicate with you about updates, support requests, and (where you've opted in) marketing
4. Legal bases (for Customers and patients in regions with data protection laws)
Where applicable law requires a legal basis for processing personal data, we rely on:
- Contract: processing necessary to deliver the Services to a Customer or to respond to a patient's booking request
- Legitimate interests: operational monitoring, security, fraud prevention, and product improvement
- Consent: where you've explicitly opted in (for example, marketing communications)
- Legal obligation: compliance with applicable law
5. Sub-processors and third parties
We use a small number of carefully chosen sub-processors to deliver the Services. Each sub-processor is bound by contractual data protection obligations. The current list:
| Sub-processor | Purpose | Location |
|---|---|---|
| Anthropic, PBC | Conversational AI (Claude models for understanding patient messages and generating replies) | United States |
| OpenAI, L.L.C. | Speech-to-text transcription for incoming voice calls and voice notes | United States |
| ElevenLabs Inc. | Text-to-speech synthesis for outgoing voice replies | United States |
| Google LLC | Google Calendar API for clinic appointment scheduling | United States |
| Render Services, Inc. | Application hosting and runtime infrastructure | United States |
| Upstash, Inc. | Managed Redis for session and conversation state | United States |
| Cloudinary Ltd. | Media storage and image delivery (X-rays, before/after photos, receipts) | Israel / United States |
| Stripe Payments Company | Payment processing (where applicable for online card payments) | United States |
We will update this list when we add or change sub-processors. Customers can subscribe to notifications by emailing privacy@leadly-egypt.com.
6. International data transfers
Some of our sub-processors operate in the United States and other jurisdictions outside Egypt. Where personal data is transferred internationally, we rely on the sub-processor's contractual safeguards (typically Standard Contractual Clauses or equivalent mechanisms) and our own data processing agreements with each sub-processor.
7. Data retention
We retain information for as long as necessary to:
- Deliver the Services to active Customers
- Comply with legal, accounting, or reporting obligations
- Resolve disputes and enforce agreements
Conversation history and patient records are retained for the duration of the Customer's subscription plus 90 days after termination, after which we delete or anonymize the data unless retention is required by law. Customers can request earlier deletion of specific records by emailing privacy@leadly-egypt.com.
8. Security
We use industry-standard technical and organizational measures to protect personal data, including encryption in transit (TLS 1.2 or higher) and at rest, role-based access controls, multi-tenant data isolation, audit logging, and regular security reviews. No system is perfectly secure, but we work continuously to maintain a strong security posture. See our Security page for additional detail.
9. Your rights
Depending on where you live, you may have the right to:
- Access the personal data we hold about you
- Request correction of inaccurate data
- Request deletion of your data, subject to applicable legal exceptions
- Object to or restrict certain processing
- Receive a portable copy of your data
- Withdraw consent (where processing is based on consent)
- Lodge a complaint with a data protection authority
For patient data, requests should typically be directed to the clinic that you interact with, since the clinic is the data controller. If you cannot reach the clinic, contact us and we will assist in routing your request appropriately.
10. Children's privacy
The Services are intended for use by clinics and their adult patients. Some clinics use Leadly to manage appointments for minor patients with parental consent. Where we process information about minors, we do so on instruction from the clinic and on the legal basis of the parent or guardian's consent. We do not knowingly collect personal data directly from children for our own marketing or product development purposes.
11. Cookies and tracking
Our website uses essential cookies to maintain session state and security. We do not currently use third-party advertising or analytics cookies on our marketing website. The product application uses functional cookies necessary for authentication.
12. Changes to this policy
We may update this Privacy Policy from time to time. When we make material changes, we will update the "Effective date" above and, where appropriate, notify Customers by email or through the platform. We encourage you to review this policy periodically.
13. Contact
For privacy-related questions or to exercise your rights, contact:
Leadly Egypt LLC
Attention: Privacy Team
16192 Coastal Highway, Lewes, DE 19958, United States
Email: privacy@leadly-egypt.com