Lev8 Logo

PRIVACY POLICY

Last Updated: January 23, 2026

1. INTRODUCTION AND SCOPE

SIMPLEX AI TECHNOLOGIES PTE. LTD. ("Lev8", "we", "our" or "us") respects your privacy and is committed to protecting it through our compliance with this Privacy Policy (the "Policy").

This Policy describes the types of information we may collect from you or that you may provide when you visit our website or use our data and intelligence platform, API, and related tools (collectively, the "Services"), and our practices for collecting, using, maintaining, protecting, and disclosing that information.

This Privacy Policy focuses on how we collect, use, and protect your personal information. For complete terms regarding subscriptions, Credits usage, billing, cancellations, and refunds, please refer to our Terms of Service.

1.1 Applicability of this Policy

To provide clarity on how we handle data, we distinguish between the different individuals whose data we process. This Policy applies to the following categories:

  • Customers (or "Users"): Individuals who register for an account, sign up for a subscription, or access the Services to conduct searches, analyze data, or manage outreach.
  • Prospects (or "Business Profiles"): Business professionals whose contact and firmographic information is included in our proprietary database, even if those individuals have never registered for or used Lev8 Services.
  • Visitors: Individuals who visit our websites but do not register for an account or log in.

1.2 Lev8 as a Data Controller

  • For Customers and Visitors: Lev8 acts as the Data Controller of the personal data you provide to us (such as your login credentials and billing info).
  • For Prospects: Lev8 acts as the Data Controller of the business contact information contained within our Prospect Database.
  • For Connected Account Data: When you authorize us to access your email (e.g., Gmail) to perform outreach, Lev8 acts as a Data Processor, processing such data solely on your behalf and in accordance with your instructions.

1.3 A Note on Google User Data

Notwithstanding anything else in this Policy, if you provide Lev8 access to your Google data (e.g., via Gmail API), our use of that data is subject to additional restrictions set forth in the Google Limited Use Policy Disclosure (see Section 4).

2. INFORMATION WE COLLECT

We collect information from and about you, as well as about third-party business professionals (Prospects), in the following ways:

2.1 Information You Provide to Us (Customer Data)

We collect information directly from you when you register for an account, use our API, or interact with our Services. This includes:

  • Account and Profile Information: Your name, business email address, company name, job title, phone number, and password/authentication credentials.
  • Third-Party Login (SSO): If you choose to register or log in using a third-party account (e.g., Sign in with Google), we collect your basic profile information from that provider, such as your name, email address, and profile picture, solely for authentication and account creation purposes.
  • Payment Information: If you purchase a subscription, our third-party payment processor (Stripe) collects your billing address and credit card details. Lev8 does not store raw credit card numbers.
  • Subscription Data: We store information about your subscription status, including your plan type (Free or Starter), billing cycle, billing date, Credits balance and usage history, and subscription status (active, canceled, or expired). This data is necessary to provide and manage your access to the Services.
  • User Intent Inputs (Prompts & Queries): We collect the content you submit to the Services, including natural language prompts, search queries, business objectives, and any feedback you provide on the generated results.
    • Note: As described in Section 3, we treat these Inputs as essential data for delivering and improving our AI models.

2.2 Information from Connected Accounts (Outreach Data)

In order to provide our Outreach Services, you may choose to link a third-party email account (e.g., Gmail, Outlook) to your Lev8 account. When you do so, we access and process:

  • Access Tokens: OAuth tokens that allow us to connect to your email provider without storing your password.
  • Email Metadata and Content: We only access necessary headers, send/reply status, and timestamps to send emails, track replies, and measure engagement metrics. Data unrelated to these functions is not accessed or retained. Lev8 will not access or retain email content, attachments, or sensitive information not required for functionality.
  • No Human Access: We strictly limit access to automated systems. No human reads your email content except for security purposes or legal compliance, as detailed in Section 4.

2.3 Information We Collect from Third Parties (Prospect Data)

To build our database of Business Profiles (Prospects), we collect "Business Contact Information" from a variety of sources. Our data sources include:

  • Publicly Available Information: We index professional information that is available from public sources, such as business social networks (e.g., LinkedIn), company websites, press releases, news articles, and government records.
  • Third-Party Data Partners: We license data from trusted third-party vendors and data brokers who have legally collected business contact information and have represented to us that they have the necessary rights to share such information.

Types of Prospect Data We Collect: The information in our Prospect Database typically includes:

  • First and last name;
  • Job title and department;
  • Company name and firmographic details (e.g., industry, revenue, location);
  • Business email address and business phone number; and
  • Social media profile URLs (e.g., LinkedIn profile links).

2.4 Information Collected Automatically (Usage Data)

When you use the Services, we automatically collect certain technical information, including:

  • Log Data: IP address, browser type, operating system, and referral URLs.
  • Interaction Data: Metadata regarding how you interact with the filters, the duration of your sessions, and the features you use.

3. HOW WE USE YOUR INFORMATION

We use the information we collect for specific purposes based on the type of data and our relationship with you.

3.1 To Provide and Maintain the Services

We use Customer Data and Usage Data to operate our platform, including:

  • Verifying your identity and authenticating your access;
  • Subscription Management: Managing your Credits allocation and consumption, including tracking usage, enforcing Credits limits, and automatically resetting monthly Credits quotas on your billing date for Starter plan subscribers;
  • Task Automation: Suspending automated tasks when Credits are exhausted and notifying you via email;
  • Providing customer support and responding to your inquiries; and
  • Sending you technical notices, updates, security alerts, and administrative messages.

3.2 To Improve and Train Our AI Models (Research & Development)

We use User Intent Inputs (e.g., search queries, prompts), Enriched Data, and Usage Data to research, develop, train, fine-tune, and improve our artificial intelligence models and search algorithms.

  • Purpose: This processing enables us to better understand user intent, improve the relevance of "Derived Filters," and enhance the overall accuracy of our Sourcing Services for all users.
  • Privacy Safeguard: We aggregate or de-identify Customer Data whenever feasible. Lev8 will NOT use any personally identifiable information (PII) from Connected Accounts (e.g., specific email bodies) or sensitive personal data (e.g., financial info) to train generalized AI models.
  • Google API Exclusion: Notwithstanding the above, we do NOT use data accessed from Connected Accounts (specifically, the content of emails read via Gmail or Outlook APIs) to train, fine-tune, or improve our generalized AI models. Such data is used solely to provide the specific user-facing features (e.g., reply detection).

3.3 To Maintain and Enrich Our Prospect Database (Controller Role)

Acting as a Data Controller, we process Prospect Data to build and maintain our curated business contact database ("Lev8 Data").

  • Legal Basis (GDPR/UK GDPR): We rely on Legitimate Interest as our legal basis.
  • Balancing Test: We maintain an internal balancing test to ensure our interest in facilitating B2B communication does not override the fundamental rights of data subjects. Lev8 conducts periodic reviews of this processing.
  • Rights: Individuals may request access to, correction of, or deletion of their data at any time as described in Section 6.2.
  • Data Accuracy: We use third-party data vendors and public signals to verify the accuracy of the contact information (e.g., verifying email deliverability).

3.4 To Provide Outreach Services (Processor Role)

Lev8 acts solely as a data processor and operates under user instructions to:

  • Draft and send emails;
  • Track replies to pause automated sequences;
  • Sync activity logs to CRM (if enabled).
  • Data Retention and Deletion: Connected Account data is retained only for as long as necessary to provide the service. Email content and sensitive information are deleted immediately after the functionality is completed and are not used for AI training or shared with third parties. Aggregated or anonymized statistics may be retained for service operations but do not contain personally identifiable email content.
  • User Consent and Authorization: By connecting an email account, users explicitly authorize Lev8 to operate using OAuth tokens. Users may revoke authorization or disconnect accounts at any time. Once disconnected, Lev8 immediately stops access and deletes all related data.

3.5 For Marketing and Communications

We may use your (Customer) email address to send you newsletters, promotional materials, and other information that may be of interest to you. You may opt-out of receiving any, or all, of these communications by following the unsubscribe link.

4. GOOGLE USER DATA POLICY DISCLOSURE

(Note: This section is mandatorily required by Google for any app accessing Gmail APIs.)

Lev8’s use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy, including the Limited Use requirements.

Specifically, for data accessed via Restricted Scopes (e.g., reading or sending emails via Gmail):

  • No Generalized AI Training: We do NOT use data obtained from your Restricted Scopes (e.g., the content of your emails) to train, fine-tune, or improve our generalized artificial intelligence or machine learning models.
  • No Transfer to Third Parties: We will not transfer this data to third parties unless:
    • It is necessary to provide or improve the specific user-facing features (e.g., sending the email via an SMTP provider);
    • It is required for security purposes (e.g., investigating abuse);
    • It is required to comply with applicable laws; or
    • It is part of a merger, acquisition, or sale of assets.
  • No Advertising: We will not use this data for serving advertisements, including retargeting, personalized, or interest-based advertising.
  • Human Access: No humans at Lev8 will read your Restricted Scope data unless:
    • We have your affirmative agreement for specific messages (e.g., for technical support);
    • It is necessary for security purposes (e.g., investigating a bug or abuse); or
    • Our use is limited to internal operations and the data (including derivations) have been aggregated and anonymized.

5. HOW WE SHARE YOUR INFORMATION

We do not sell your Customer Data (account info, prompts) to third parties. We do not sell Connected Account Data (emails). However, we may share information in the following limited circumstances:

5.1 Service Providers and Sub-Processors

We engage trusted third-party service providers to perform functions and provide services to us. These may include:

  • AI & LLM Providers: We may transmit your User Intent Inputs to third-party Large Language Model providers (e.g., OpenAI, Anthropic) solely for the purpose of generating responses and processing your requests. We have agreements in place to ensure these providers do not use your inputs to train their public models.
  • Hosting & Infrastructure: We use Amazon Web Services (AWS) as our primary cloud infrastructure provider. They host our databases, backend services, and APIs. AWS stores your encrypted data on secure servers located primarily in the United States. They maintain robust physical and digital security standards (including SOC 2 and ISO 27001 compliance) to protect your information. For more details, please visit AWS Data Privacy.
  • Payment Processing: We use Stripe as our payment processor. Stripe handles all payment transactions, stores your payment methods securely, and provides a Customer Portal where you can manage your subscription, update payment methods, view invoices, and cancel or resume your subscription. Lev8 does not store your complete credit card information. We only receive limited payment information from Stripe, such as the last 4 digits of your card and transaction status. For more details, please visit Stripe Privacy.

5.2 Data Licensing (Prospect Data Only)

As a core part of our business, we license access to our Prospect Database (Business Profiles) to our Customers. This means if you are a "Prospect" in our database, your professional contact information may be viewed by our Customers for B2B commercial purposes.

5.3 Legal Requirements

We may disclose your information if required to do so by law or in the good faith belief that such action is necessary to comply with a legal obligation, protect and defend the rights or property of Lev8, or protect the personal safety of users of the Services or the public.

5.4 Business Transfers

If we are involved in a merger, acquisition, financing due diligence, reorganization, bankruptcy, or sale of all or a portion of our assets, your information (both Customer Data and Prospect Data) may be transferred as part of that transaction.

6. YOUR PRIVACY RIGHTS AND CHOICES

We provide different rights depending on whether you are a Customer (User) or a Prospect (Profile).

Response Timing: We aim to respond to all verified privacy requests (deletion, access, or opt-out) within 30 days of receipt, or as otherwise required by applicable law.

6.1 For Customers (Users)

  • Access and Update: You can access and update your account information directly within your account settings.
  • Opt-Out of Marketing: You may opt-out of marketing emails by following the unsubscribe instructions in those emails.
  • Delete Account: You may request the deletion of your account by contacting us at contact@lev8.com. We will delete your Customer Data, subject to legitimate business data retention required by law (e.g., billing records).
    • Note: Upon account deletion, we will retain billing and transaction records for legal and accounting purposes for up to 7 years as required by applicable law. Unused Credits are non-refundable and will be forfeited upon account deletion. If you have an active paid subscription, you should cancel it through the Stripe Customer Portal before requesting account deletion to avoid future charges.

6.2 For Prospects (Profiles in Our Database)

If you are not a user of Lev8 but believe your professional profile is listed in our database, you have the following rights:

  • Opt-Out & Suppression ("Do Not Sell My Info"): You have the right to request that we stop selling or sharing your data.
  • The "Suppression List" Mechanism: To ensure your data does not reappear in our database after deletion (e.g., if we receive your data again from a third-party source), we will place your business email and phone number on our internal Suppression List. This is a permanent "blocklist" used solely to prevent future re-acquisition of your data.
  • How to Exercise: To exercise this right, please email us at contact@lev8.com. We may ask for limited information (e.g., your business email) strictly to verify your identity and locate the correct profile.

6.3 California Privacy Rights (CCPA/CPRA)

If you are a resident of California, the following applies to you:

  • Notice of "Sale" or "Sharing": Because Lev8 licenses professional contact data to our customers for B2B outreach, this activity constitutes a "sale" or "sharing" of personal information as defined under the CCPA/CPRA.
  • Right to Opt-Out: You have the right to opt-out of this sale at any time by clicking the "Do Not Sell or Share My Personal Information" link on our website footer or using the contact methods in Section 6.2.
  • Non-Discrimination: We will not discriminate against you (e.g., by denying services) for exercising any of your privacy rights.

6.4 GDPR & UK Privacy Rights

If you are located in the EEA or UK, you have additional rights, including:

  • Right of Access: To know exactly what data we hold about you and how we processed it.
  • Right to Rectification: To correct inaccurate business information.
  • Right to Object: To object to our processing based on "Legitimate Interest" (see Section 3.3).
  • Lodge a Complaint: You have the right to lodge a complaint with your local data protection authority (DPA).

7. DATA SECURITY AND RETENTION

7.1 Security Measures

The security of your personal information is important to us. While we employ appropriate technical and organizational measures designed to protect your information from unauthorized access, use, alteration, or disclosure, please acknowledge the following:

  • No Absolute Guarantee: No security measures are impenetrable, and we cannot guarantee "perfect security".
  • Transmission Risks: Any information you send or transmit electronically, while using the Services or otherwise interacting with us, may not be secure while in transit.
  • User Responsibility: We recommend that you do not use unsecure channels to send us sensitive or confidential information.

7.2 Data Retention

We retain your personal information only for as long as is necessary for the purposes set out in this Policy:

  • Customer Data: We retain your account information for as long as your account is active or as needed to provide you the Services. If you delete your account, we will delete your data within 30 days, except where retention is required by law (e.g., tax records).
  • Prospect Data: We retain Business Profiles in our database for as long as we have a Legitimate Interest in maintaining an accurate business directory. Generally, we retain such data for no longer than five (5) years from the last verification date, unless a data subject exercises their Right to Opt-Out earlier.
  • Google User Data: We retain data accessed via Google APIs only for the duration required to perform the specific action (e.g., sending the email or checking for a reply). We do not build permanent profiles of your email correspondents using Google data.

8. INTERNATIONAL DATA TRANSFERS

8.1 Transfer and Processing

Lev8 is operated by SIMPLEX AI TECHNOLOGIES PTE. LTD., which is based in Singapore. However, our servers, infrastructure, and third-party service providers (e.g., AWS, OpenAI, Google Cloud) may be located in the United States or other jurisdictions. By using the Services, you acknowledge that your information will be transferred to and processed in Singapore, the United States, and potentially other countries where privacy laws may not be as protective as those in your jurisdiction. Customers may request details regarding the specific regions where their data is stored by contacting our support team.

8.2 Transfer Mechanisms

When we transfer Personal Data from the EEA, UK, or Switzerland to countries that have not been deemed to provide an adequate level of data protection, we rely on legal mechanisms such as the Standard Contractual Clauses (SCCs) approved by the European Commission or the UK Information Commissioner’s Office, to ensure your data remains protected.

9. CHANGES TO THIS POLICY AND CONTACT

9.1 Changes to this Policy

We may update this Privacy Policy from time to time. If we make material changes, we will notify you via email (sent to the email address specified in your account) and through a prominent notice on the Lev8 Platform prior to the change becoming effective.

9.2 Contact Us

If you have any questions about this Privacy Policy, or if you wish to exercise your privacy rights (including the right to opt-out of our Prospect Database), please contact us at:

SIMPLEX AI TECHNOLOGIES PTE. LTD.

Email: contact@lev8.com

Address: 112 ROBINSON ROAD, #03-01, ROBINSON 112, SINGAPORE 068902