Leaderato Privacy Policy

LEADERATO, INC.

PRIVACY POLICY

Leaderato Academy — Leadership Development Programs

Effective Date: February 27, 2026  |  Governing Law: State of California

Leaderato, Inc., a California corporation ("Leaderato," "we," "us," or "our"), operates the Leaderato Academy website and all associated digital properties (collectively, the "Service"). This Privacy Policy explains how we collect, use, disclose, and protect your personal information — including our use of cookies and tracking technologies. By using the Service, you agree to the practices described herein.

We may update this Privacy Policy at any time. Material changes will be communicated via email or prominent notice on the Service with an updated effective date. Your continued use of the Service after changes are effective constitutes acceptance.

1. Information We Collect

1.1 Personal Data You Provide

When you interact with the Service — including completing forms, enrolling in Programs, submitting assessments, or requesting information — we may collect:

Full name and business title

Email address and phone number (including mobile)

Business name, industry, and team size

Billing and mailing address

Assessment responses and program submissions

Payment information (processed entirely by our third-party payment processor — we do not store card details)

Communications you send to us

1.2 Data Collected Automatically

When you visit our Service, we automatically collect:

IP address and general geographic location

Browser type and version, operating system

Pages visited, time on page, and referral source

Device identifiers and session data

1.3 Cookies & Tracking Technologies

We use cookies, pixels, web beacons, and similar technologies to operate and improve the Service. A cookie is a small text file placed on your device by websites you visit. We use the following categories of cookies:

Strictly Necessary Cookies: Required for core Service functionality such as account access and enrollment. These cannot be disabled.

Preference Cookies: Remember your settings and preferences across visits.

Analytics Cookies: Collect aggregate, anonymous data about how visitors use the Service to help us improve it.

Marketing & Targeting Cookies: Track browsing activity to enable retargeting and measure advertising effectiveness across platforms.

Platform & CRM Cookies: Set by our program delivery and marketing platforms to track form submissions, funnel interactions, and lead activity for program delivery and follow-up.

You may manage your cookie preferences through the Cookie Consent banner displayed on your first visit to our Service, or through your browser settings (Chrome: Settings > Privacy and Security; Firefox: Options > Privacy & Security; Safari: Preferences > Privacy; Edge: Settings > Privacy). Note that disabling certain cookies may impair Service functionality including the ability to log in or complete enrollment.

To opt out of interest-based advertising across platforms, visit aboutads.info/choices (US) or youronlinechoices.eu (EU), or use your mobile device's 'Limit Ad Tracking' (iOS) or 'Opt out of Ads Personalization' (Android) setting.

California Residents: We do not sell or share your personal information for cross-context behavioral advertising. If this changes, you will have the right to opt out via a 'Do Not Sell or Share My Personal Information' link in our website footer.

2. How We Use Your Information

We use collected information to:

Provide, operate, and improve the Service and Programs;

Process enrollments, payments, and account management;

Deliver and personalize Program content and assessments;

Communicate regarding your account, updates, and support;

Send marketing communications consistent with your enrollment history and preferences;

Track cart abandonment and re-engage prospective clients;

Conduct analytics and improve Service quality;

Detect, prevent, and address fraud, security threats, and technical issues;

Comply with legal obligations and enforce our agreements.

You may opt out of non-essential marketing communications at any time via the unsubscribe link in any email. Transactional and account-related communications are not subject to opt-out.

3. Legal Basis for Processing (GDPR — EEA Users)

For users in the European Economic Area, our legal bases for processing personal data include:

Contract performance: Processing necessary to deliver Programs you enrolled in;

Consent: Where you have expressly opted in to a specific use;

Legitimate interests: Service improvement, fraud prevention, and direct marketing to prior customers;

Legal obligation: Compliance with applicable laws and regulations.

4. California Privacy Rights — CCPA / CPRA

As a California corporation serving California residents, we fully comply with the California Consumer Privacy Act (CCPA) as amended by the California Privacy Rights Act (CPRA).

4.1 Categories of Personal Information We Collect

In the preceding twelve (12) months, we have collected: identifiers (name, email, phone, IP address); commercial information (purchase history, enrollment records); internet activity (browsing behavior on our Service); geolocation data (general location from IP); and inferences drawn from the above.

4.2 Your California Rights

Know: Request disclosure of the categories and specific pieces of personal information we have collected, used, or disclosed.

Delete: Request deletion of personal information we hold, subject to certain legal exceptions.

Correct: Request correction of inaccurate personal information.

Opt-Out: We do not sell or share personal information. If this changes, you will have the right to opt out.

Limit Sensitive Data Use: Request that we limit use of sensitive personal information to necessary purposes only.

Non-Discrimination: We will not discriminate against you for exercising your privacy rights.

4.3 How to Submit a Request

Submit a verifiable consumer request to [email protected] with the subject line 'California Privacy Rights Request.' We will respond within forty-five (45) days, with a possible extension of forty-five (45) additional days with notice. Requests may be submitted twice per twelve-month period at no charge.

4.4 Authorized Agents

You may designate an authorized agent to submit requests on your behalf. The agent must provide written authorization signed by you, and we may verify your identity directly.

5. Sharing & Disclosure of Personal Information

5.1 Service Providers

We share personal information with trusted third-party Service Providers who assist in operating the Service — including platforms for CRM and funnel management, payment processing, email and SMS communications, assessment delivery, analytics, advertising and retargeting, scheduling, and hosting. Each provider is contractually prohibited from using your data for any purpose beyond the services they perform on our behalf and is required to maintain appropriate security standards. To request a current list of our active Service Providers, contact us at [email protected].

5.2 Business Transfers

In the event of a merger, acquisition, or sale of assets, personal information may be transferred to the successor entity subject to equivalent privacy protections. We will notify you of such transfer.

5.3 Legal Requirements

We may disclose personal information when required by law, subpoena, or court order, or when we believe in good faith that disclosure is necessary to protect our legal rights or property, prevent fraud, protect user safety, or comply with applicable law.

5.4 No Sale of Personal Information

We do not sell, rent, or trade your personal information to third parties for their own independent marketing or commercial purposes.

6. Data Retention

We retain personal information for as long as necessary to fulfill the purposes described in this Policy, maintain your account, comply with legal obligations, resolve disputes, and enforce our agreements. When data is no longer needed, we securely delete or anonymize it. Usage and analytics data is generally retained for shorter periods unless required for security or legal compliance.

7. International Data Transfers

The Service is operated in the United States. If you access the Service from outside the United States, your personal information will be transferred to, stored in, and processed in the United States. By using the Service, you consent to this transfer. We implement appropriate safeguards, including standard contractual clauses where required by applicable law.

8. Data Security

We implement commercially reasonable administrative, technical, and physical safeguards to protect your personal information from unauthorized access, disclosure, alteration, or destruction — including encryption of data in transit (TLS/SSL), access controls, and regular security reviews. No method of electronic transmission is one hundred percent (100%) secure. We cannot guarantee absolute security.

In the event of a data breach that poses a risk to your rights, we will notify affected individuals and relevant authorities as required by applicable law, including California Civil Code Section 1798.82.

9. SMS / Text Messaging — TCPA Compliance

If you have opted in to receive text messages from Leaderato, Inc., we use your mobile number to send program updates, account communications, and promotional messages. Message and data rates may apply. You may opt out at any time by replying STOP. We do not sell or share your mobile number with third-party marketers. See Section 10 of our Terms of Service for full TCPA disclosures.

10. Do Not Track Signals

California law requires that we disclose how we respond to "Do Not Track" (DNT) signals. Our Service does not currently respond to DNT browser signals. You may manage tracking preferences through the Cookie Consent banner and the opt-out mechanisms described in Section 1.3 above.

11. Children's Privacy

The Service is not directed to individuals under eighteen (18) years of age. We do not knowingly collect personal information from children. If we learn that a child has provided personal information without parental consent, we will promptly delete it. Contact us immediately at [email protected] if you believe a child has submitted information to our Service.

12. Links to Third-Party Sites

Our Service may contain links to external websites for convenience. We are not responsible for the content or privacy practices of those sites. A link on our Service does not constitute endorsement. We encourage you to review the privacy policy of every site you visit.

13. Changes to This Privacy Policy

We may update this Privacy Policy at any time. We will provide notice of material changes by posting the updated Policy on this page with a revised effective date, and where required by law, by email notification. Changes are effective when posted unless a later date is specified.

14. Contact Us

For questions, requests, or complaints regarding this Privacy Policy or our data practices:

Leaderato, Inc.

Email: [email protected]

Website: leaderato.com

California Privacy Rights Requests: Use subject line 'California Privacy Rights Request' — response within 45 days.

GDPR Requests (EEA Residents): Use subject line 'GDPR Data Request.'

© Leaderato, Inc. • All Rights Reserved  |  leaderato.com  |  [email protected]