Privacy Policy

LeapXpert Privacy Policy

Last Updated: July 25, 2023

We at LeapXpert are committed to protecting the privacy of your personal information. This Privacy Policy describes how we collect, use, store, transfer, and process information associated with an identified or identifiable individual (referred to in this Privacy Policy as “Personal Data”) when you interact with our website, products, and services. It also describes your choices and rights with respect to your Personal Data, including your rights of access and correction of your Personal Data. Please read this Privacy Policy carefully. If you do not agree with this Privacy Policy, you should not use our website, products, services, or any other sites that link to this Privacy Policy.

Updates in this version of the Privacy Policy reflect changes in certain data protection laws. In addition, we have worked to make the Privacy Policy clearer and more understandable by:

  • Organizing it into the sections listed in the Table of Contents below,
  • Providing a series of examples that help illustrate how the policies may be implemented by LeapXpert, and
  • Defining and capitalizing a few terms that are used more than once for simplicity and brevity.

When we refer to “LeapXpert”, we mean LeapXpert, Inc. or any other LeapXpert affiliate that provides services or products to customers, as relevant.

Table of Contents:

  1. Applicability Of This Privacy Policy
  2. Information We Collect And Receive
  3. How We Use Personal Data
  4. How We Share And Disclose Information
  5. Disclosures of Personal Data
  6. Your Rights
  7. Data Retention
  8. Cookies and Similar Technologies
  9. Security
  10. Age Limitations
  11. Third Party Services
  12. Jurisdiction and Cross-Border Transfers
  13. Changes To This Privacy Policy
  14. Contacting LeapXpert

1. Applicability Of This Privacy Policy

This Privacy Policy applies to LeapXpert’s communication tools and platform, including the Leap Work application, which enable enterprise and other business customers (our “Customers”) to integrate and federate various third-party messaging and voice communication apps and platforms used by their employees (the “Services”). This enables our Customers to capture and archive any workrelated communications of their employees in order to comply with, for example, internal policies or applicable law or regulations.

This Privacy Policy does not apply to any third-party applications or software that integrate with the Services (“Third-Party Services”), or any other third-party products, services, or businesses, even if they are accessible through our Services. Additionally, a separate agreement between LeapXpert and each of our Customers governs access and use of the Services (the “Customer Agreement”), including the processing of data such as messages, files, images, voice, or other content submitted through the Services (collectively, “Customer Data”). Customers control their instance of the Services (their “Customer Instance”) and any associated information collected through the Customer Instance.

If you are affiliated with a company or organization that is our Customer (for example, because you are an employee, a supplier, or client of such Customer), you may be granted access to a Customer Instance, or be invited to join a Customer Instance (“Customer Users”). In that case, your use of the Services is subject to the privacy policy of the company or organization as our Customer, who is the “controller” of your Personal Data. The Customer can (i) control and administer your Customer Instance account, including controlling privacy-related settings of the Services (e.g., retention of data and access to data); and (ii) access and process your information, including the contents of your communications through the Services. If you have any questions about specific Customer Instance settings and privacy practices, please contact the Customer whose Customer Instance you use.

Note that the Services allow Customer Users to communicate with individuals for business purposes through communication services that are integrated with the Services. If you communicate with a Customer User, the Services will also collect certain information from you, like your phone number. When you use our Services as a Customer User or communicate with a Customer User through our Services (collectively, “End Users”), our processing of your Personal Data is governed by the Customer Agreement.

When delivering the Services, LeapXpert processes End Users’ Personal Data as a “processor” on behalf of such Customer as described in the Customer Agreement. This includes processing for the following purposes:

  • Providing the Services to Customer and its Customer Users, including providing personalized user experiences;
  • Troubleshooting and providing technical support;
  • Technically improving the functioning of the Services (e.g., to detect bugs, fix errors, troubleshooting); and
  • Securing the Services.

In each Customer Agreement, the Customer has authorized LeapXpert to further process certain End Users’ Customer Data, including any Personal Data, for its own legitimate business purposes as a controller, as described in this Privacy Policy. LeapXpert does not process the Customer Data through the Services for its own business purposes.

Finally, this Privacy Policy also does not apply to and other LeapXpert websites, as well as other interactions (e.g., customer service inquiries, user conferences, etc.) you may have with LeapXpert. For additional information, please see the Website Privacy Policy located at

2. Information We Collect And Receive

LeapXpert may collect and receive your Personal Data in a variety of ways:

InformationExamples of Personal DataSource
Customer DataAs described above, Customer Data includes messages, files, images, voice, or other content submitted through the Services by End Users. Customer Data may also include similar data a Customer User provides in accordance with the consent process provided by your device, including any contact information that a Customer User chooses to import (such as importing an address book to find coworkers), images (for example, when sending images as messages when using the Services), or other files submitted through the Services via your device.End Users who use the Services to make and receive calls or send and receive messages
Customer Instance and Customer User Account InformationEmail address, phone number, password, domain and/or similar account details.Customer or Customer Users
Call and Message Log DataYour phone number, sending-party number, receiving-party number, forwarding numbers, sender and recipient email address, time and date of calls and messages, duration of calls, routing information, and types and volumes of calls and messages.End Users who use the Services to make and receive calls or send and receive messages
Usage MetadataWhen a Customer User interacts with the Services, metadata is generated that provides additional context about the way the Customer User works and/or uses the Services, including information on Customer Instances, people, features, content and links you interact with, the types of files shared and what Third Party Services are used (if any).Customer Users
Device InformationInformation about devices accessing the Services, including type of device, what operating system is used, device settings, application IDs, unique device identifiers and crash data. Whether we collect some or all of this information depends on the type of device used and its settings.Customer Users
Location InformationApproximate location and/or precise location. Whether we collect some or all of this information depends on the specific Services plan set forth in the applicable Customer Agreement. We may, for example, use a business address submitted by our Customer, or an IP address received from your device to determine approximate location. We may also collect location information from devices in accordance with the consent process provided by your device, for example from GPS and other sensor data from your device, or information about things near you, such as Wi-Fi access points, cell towers, and Bluetooth-enabled devices.Customer Users

3. How We Use Personal Data

LeapXpert will only process Customer Data as a processor on behalf of the Customer, in accordance with the Customer’s instructions set forth in the Customer Agreement. LeapXpert will not process Customer Data for its own business purposes.

LeapXpert uses other information as described in the following table:

PurposeExample of Processing ActivityCategories of Personal InformationLegal Basis
Managing Customer Instance AccountsCreate or update Customer Instance accountCustomer Instance and Customer User Account InformationWe undertake these activities to perform our obligations under the Customer Agreement.
Product Development and Improvement
  • Analyzing usage statistics to improve our Services
  • Developing productivity tools and additional features
  • Developing new products and services
  • Performing analytics and measuring data to optimize product design
Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe undertake these activities because we have a legitimate interest to develop and improve our products so that we can continue our business activities.
Security and Fraud PreventionAuthenticating accounts and activity, detecting, investigating, and preventing malicious conduct or unsafe experiences, addressing security threats, protecting public safety, and securing LeapXpert Services. This includes detecting, preventing, and responding to fraud, abuse, security risks, and technical issues that could harm LeapXpert, you, or the Customer.Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe undertake these activities because we have a legitimate interest to maintain the safety and security of our Services.
Compliance with Law and Legal ObligationsComplying with law applicable to LeapXpert that requires the processing of Personal Data, including responding to data subject requests and a valid and binding order of a governmental body.Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe will undertake these activities to comply with a legal obligation where this obligation stems from a European or Member State law, or because we have a legitimate interest in complying with other laws applicable to us.
Asserting or Defending Against Legal Claims and ProceedingsAs relevant to assert or defend against legal claims and proceedings, including but not limited to investigations issued by supervisory authorities, class action claims, group litigation orders and proceedings initiated by data subjects.Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe undertake these activities because we have a legitimate interest to assert or defend against claims.
Aggregating and/or Anonymizing Personal InformationWe may aggregate and/or anonymize Personal Data such that it will no longer be considered Personal Data. We may use such aggregated or anonymous information for any purpose. For example, we may share aggregated or anonymized information with prospects or partners for business or research purposes, such as telling a prospective LeapXpert Customer the average amount of time spent using the Services.Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe will undertake these activities because we have a legitimate interest to generate data for our use, which we may use and disclose for any purpose, as it no longer identifies you or any other individual.
Business TransactionsIn case of a merger, acquisition and/or other reorganization and restructuring of our business (including prospective transactions), we might need to disclose your Personal Data to the prospective buyer or business partner to facilitate such a business transaction.Customer Instance and Customer User Account Information; Call and Message Log Data; Usage Metadata; Device Information; Location InformationWe undertake these activities because we have a legitimate interest to facilitate the business transaction, which may take place for various business reasons.

Generally, no one is under a statutory or contractual obligation to provide any Personal Data or other information. However, certain information is collected automatically and, if certain information is not provided, we may be unable to provide the Services.

4. Disclosures of Personal Data

We disclose Personal Data to our affiliates and service providers, such as hosting providers, IT and related infrastructure providers and analytics providers. We also disclose your Personal Data as necessary or appropriate, in particular when we have a legal obligation or legitimate interest to do so, to comply with a legal obligation, including public authority requests for disclosure, for dispute resolution purposes, and in connection with a sale or business transaction.

5. Your Rights

If you would like to request to access, correct, update, suppress, restrict, or delete Personal Data, object to or opt out of the processing of Personal Data, withdraw your consent where processing is based on your consent (which will not affect the lawfulness of processing prior to the withdrawal), or if you would like to request to receive a copy of your Personal Data for purposes of transmitting it to another company (to the extent these rights are provided to you by applicable law), you should contact the Customer whose Customer Instance you use. As an End User, your Personal Data is managed by the Customer as the controller of your Personal Data. We can only act on the instructions of our Customers, so you must contact the Customer directly to exercise any rights over your Personal Data.

If you are a resident of the European Economic Area (“EEA”) or the United Kingdom, you have the right to lodge a complaint with an EU/EEA data protection authority for your country or region where you have your habitual residence or place of work or where an alleged infringement of applicable data protection law occurs, or with the UK’s Information Commissioner. A list of EU data protection authorities is available at

6. Data Retention

We will retain Customer Data in accordance with a Customer’s instructions, including any applicable terms in the Customer Agreement and Customer’s use or non-use of the Services, unless a longer retention period is required or permitted by law (for example, for the purposes of satisfying any legal, regulatory, tax, accounting or reporting requirements). Depending on the Services plan, the Customer may be able to customize its retention settings and apply those customized settings at the Customer Instance level. Customer may also apply different settings to messages, files or other types of Customer Data. The deletion of Customer Data and other use of the Services by Customer may result in the deletion and/or de-identification of certain associated Personal Data. For more detail, please contact the Customer whose Customer Instance you use.

LeapXpert may retain Personal Data pertaining to you for as long as necessary for the purposes described in this Privacy Policy. This may include keeping your Personal Data after you have deactivated your account for the period of time needed for LeapXpert to pursue legitimate business interests, conduct audits, comply with (and demonstrate compliance with) legal obligations, resolve disputes and enforce our agreements.

The criteria used to determine our retention periods include (i) the length of time we have an ongoing relationship with you and provide the Services to you (for example, for as long as you have an account with us or keep using the Services); (ii) whether there is a legal obligation to which we are subject; or (iii) whether retention is advisable in light of our legal position (such as in regard to applicable statutes of limitations, litigation or regulatory investigations).

Where a legal obligation arises or retention is advisable in light of our legal position, in some circumstances, we will retain certain Personal Data, even after your account has been deleted and/or we no longer provide the Services to you; for example if we receive a preservation order or search warrant, related to your Services account, we will preserve Personal Data subject to such order or warrant after you delete your Services account.

7. Cookies and Similar Technologies

We may collect Personal Data through the use of cookies and similar technologies on our website Please see our cookies and similar technologies policy as posted on

8. Security

LeapXpert takes security of data very seriously. LeapXpert works hard to protect Personal Data you provide from loss, misuse, and unauthorized access or disclosure. These steps take into account the sensitivity of the Personal Data we collect, process, and store, and the current state of technology. Given the nature of communications and information processing technology, LeapXpert cannot guarantee that Personal Data, during transmission through the Internet or while stored on our systems or otherwise in our care, will be 100% safe from intrusion by others.

9. Age Limitations

The Services are not directed to individuals under the age of sixteen (16), and we do not knowingly collect Personal Data from individuals under 16.

10. Third Party Services

This Privacy Policy does not address, and we are not responsible for, the privacy, information, or other practices of any Third-Party Services, including any third party operating any website or service to which the Services link. The inclusion of a link or the integration of a Third-Party Service on the Services does not imply endorsement of the linked site or service by us or by our affiliates.

11. Jurisdiction and Cross-Border Transfers

Your Personal Data may be stored and processed in the United States where we have facilities or in which we engage service providers, and by using the Services you understand that your Personal Data will be transferred to countries outside of your country of residence, including the United States, which may have data protection rules that are different from those of your country.

Where this will involve transferring your Personal Data outside the UK and/or EEA, we rely on the following safeguards:

  • Adequacy Decisions: The UK Secretary of State and the European Commission have recognized certain countries as providing an adequate level of data protection, so that Personal Data can be transferred to those countries without additional safeguards. For transfers from the EEA, the full list of these countries is available here. For transfers from the UK, the full list of these countries is available here.
  • Standard Contractual Clauses: For transfers of Personal Data from the UK and/or EEA to the United States, which are not currently considered adequate as explained above, we have put in place standard contractual clauses to protect your Personal Data. You may obtain a copy of these measures by contacting us in accordance with the “Contacting LeapXpert” section below or by following this link.

12. Changes To This Privacy Policy

The “Last Updated” legend at the top of this Privacy Policy indicates when this Privacy Policy was last revised. Any changes will become effective when we post the revised Privacy Policy on the Services or our website. We encourage you to review our Privacy Policy to stay informed. If we make changes that materially alter your privacy rights, LeapXpert will provide additional notice, such as via email or through the Services.

13. Contacting LeapXpert

LeapXpert Inc., located at 230 Park Ave, Floor 3, New York, New York 10169, United States of America, is the point of contact for questions regarding this Privacy Policy and the collection, use, and disclosure of your Personal Data under this Privacy Policy.

If you have any questions about this Privacy Policy, please contact us at

Because email communications are not always secure, please do not include credit card or other sensitive information in your emails to us.

You may also contact our Data Protection Officer (DPO) by emailing