Skip to content

Privacy Policy

Last updated: 14 May 2026

1. Who we are

Leo is operated by CurrentLabs B.V., a private limited company registered in the Netherlands (Dutch Chamber of Commerce KvK 99541122), with its registered office at Borneostraat 96E, 1094 CR, Amsterdam, the Netherlands. CurrentLabs is the data controller for personal data described in this policy. For any privacy-related question or to exercise the rights described below, write to privacy@currentlabs.tech.

2. What this policy covers

This policy applies to the Leo marketing website (https://leonotepad.com) and the Leo macOS application. Where this policy distinguishes between the two, it says so explicitly. It does not cover third-party websites you may reach by clicking links in our editorial content (e.g., blog or comparison posts) — those operate under their own policies.

3. Personal data we collect

When you visit the marketing website (no account required):

  • The marketing website at https://leonotepad.com runs no client-side analytics, sets no cookies, and writes nothing to your device's localStorage, sessionStorage, or any other terminal storage. The bare HTTP request your browser makes (your IP address, user-agent string, and the page path) is briefly visible to Cloudflare, our content-delivery network, in normal HTTP access logs.
  • If you arrived via a Google Ads click, the gclid URL parameter that Google attaches to your click. When you click the Download button, we send this identifier (and only this identifier, with a timestamp) to Google Ads server-to-server to attribute the visit to the originating campaign. The gclid is not stored on your device — it travels in URLs only and leaves with your click.

When you create a Leo account (in the macOS app):

  • Account identifiers — your name and email address as provided by the identity provider you sign in with (Apple, Google, or email/password).
  • Authentication tokens issued by Firebase Authentication.
  • A unique user ID and any associated subscription metadata.

When you use the macOS app:

  • Content you create or save — notes, captured web pages and articles, YouTube transcripts, collections, folders, and tags. This data lives in Google Firestore under your account ID.
  • Chat history and prompts you send to the AI features. Conversational-assistant prompts are forwarded to Anthropic Claude through our own server-side proxy; background pipeline tasks (such as summarisation and source extraction) are forwarded to Google Gemini through Firebase AI Logic. The resulting conversation is stored in your account.
  • Product-usage events (which features you use, how often, error states) sent to PostHog for product improvement.
  • Subscription status and billing-event metadata received from Lemon Squeezy.

Leo never sends keystrokes from other applications, the contents of your screen, or arbitrary file-system data to any server. The macOS permissions Leo asks for are scoped to specific user-initiated actions and are explained at /permissions.

4. Legal bases for processing (GDPR)

Under the EU General Data Protection Regulation we may only process your personal data if we have a legal basis to do so. The basis depends on the purpose:

  • Performance of a contract (GDPR Art. 6(1)(b)) — when you create an account and use Leo, including paid features and AI requests, processing is necessary to deliver the service you signed up for.
  • Legitimate interest (GDPR Art. 6(1)(f)) — for marketing-campaign attribution (the gclid mechanism, recognised in GDPR Recital 47), basic website analytics, fraud prevention, and product-quality improvement. You have the right to object to any processing on this basis.
  • Consent (GDPR Art. 6(1)(a)) — if you ever subscribe to marketing communications or opt into a non-essential cookie. Withdrawable at any time.
  • Legal obligation (GDPR Art. 6(1)(c)) — for tax and accounting records, regulatory disclosures, and responses to lawful information requests.

5. Cookies and similar technologies

The Leo marketing website is cookieless. Visiting https://leonotepad.com, browsing any page, or downloading Leo does not set any cookies, does not write to localStorage or sessionStorage, and does not place any other identifier on your device. This is by design — we don't load third-party analytics or advertising scripts on the marketing site, so there is nothing for us to ask consent for under EU ePrivacy rules.

The Google Ads conversion mechanism described in §3 also writes nothing to your device — the gclid is read from the URL into memory and forwarded server-side once you click Download.

Inside the Leo macOS application, after you sign in, the app uses local storage on your Mac to remember your session, your settings, and cached content. The app also sends product-analytics events to PostHog (see §6) so we can understand how features are used and fix bugs — this is in-application telemetry, not browser cookies, and it operates under the contract you accept when creating your account.

6. Subprocessors and international transfers

We rely on the following processors. Each receives only the personal data necessary for the function listed. Where a processor is established outside the European Economic Area, transfers occur under the European Commission's Standard Contractual Clauses (SCCs) or an equivalent adequacy mechanism.

  • Google Firebase (Authentication, Firestore, Cloud Functions, Cloud Storage) — operated by Google Ireland Ltd. and Google LLC. Stores account credentials, user content (notes, captures, chat history), and runs server-side functions.
  • Anthropic PBC (Claude AI) — operated in the United States. Receives the AI prompts and conversation context you send through the in-app conversational assistant, via our own server-side proxy. Anthropic states it does not train on customer API traffic; see Anthropic's privacy policy.
  • Google LLC (Gemini AI) — operated in the United States, accessed through Firebase AI Logic with the Google AI backend. Receives prompts and context for background pipeline features that route to Gemini models (for example, summarisation and source-extraction tasks). Under Google's paid-tier Gemini API terms, prompts and responses are not used to train Google's models; see Gemini API additional terms of service.
  • Lemon Squeezy (payments) — operated by Lemon Squeezy LLC (US). Acts as merchant of record: collects payment, handles VAT, processes refunds, and stores billing-related personal data. Lemon Squeezy is the data controller for your billing data; we receive only subscription status and limited metadata from them.
  • PostHog (in-app product analytics) — operated by PostHog Inc., hosted on EU infrastructure for our deployment (eu.i.posthog.com). Used only inside the Leo macOS application, after you sign in. PostHog is configured with person_profiles: 'identified_only', receives product events (which features you use, error states) and is not loaded on the https://leonotepad.com marketing website at all.
  • Google Ads (marketing-attribution upload) — operated by Google Ireland Ltd. Receives only the gclid identifier and the timestamp of your download click; no name, email, IP, or device fingerprint.
  • Cloudflare (CDN, DNS, R2 binary hosting) — operated by Cloudflare Inc. Sits in front of the website and the download subdomain; processes connection metadata.
  • Apple (Sign in with Apple, code signing, notarisation) — Apple Distribution International Ltd. (Ireland).

7. Retention

  • Account and user content — kept for as long as your account is active. If you delete your account, the content is hard-deleted within 30 days by a scheduled background job.
  • Marketing-website analytics — PostHog event data is retained for up to 7 years per our retention configuration; aggregate Ahrefs data is retained per Ahrefs's own retention policy.
  • Marketing-attribution data sent to Google Ads — retained by Google under its own policies; we do not retain a separate copy.
  • Billing records — retained for 7 years to meet Dutch tax-law requirements (algemene wet inzake rijksbelastingen).
  • Server logs — Firebase function logs and Cloudflare access logs retained for up to 90 days for operational and security purposes.

8. Your rights

If you are in the European Economic Area, the United Kingdom, or another jurisdiction with comparable data-protection law, you have the following rights with respect to your personal data:

  • Right of access — obtain a copy of the personal data we hold about you.
  • Right to rectification — correct inaccurate or incomplete data.
  • Right to erasure ("right to be forgotten") — request deletion of your data, subject to legal-retention obligations.
  • Right to restrict processing — pause certain processing while a dispute is resolved.
  • Right to data portability — receive your data in a structured, commonly used, machine-readable format.
  • Right to object — object to processing based on legitimate interest, including marketing-attribution and analytics.
  • Right to withdraw consent — for any processing based on consent, at any time.
  • Right to lodge a complaint — with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) or your local supervisory authority.

To exercise any of these rights, write to privacy@currentlabs.tech. We respond within one month (extendable by two further months for complex requests, as permitted by GDPR Art. 12(3)). We may need to verify your identity before processing the request.

You can also opt out of Google's ad personalisation at adssettings.google.com.

9. Security

We protect your data through transport-layer encryption (HTTPS throughout the marketing site, the app's API calls, and all subprocessor connections), strong authentication on administrative consoles, and the principle of least privilege for engineering access. The macOS application is Apple Developer ID code-signed and Apple-notarised; auto-updates are cryptographically verified by EdDSA signature before installation. No system can be guaranteed completely secure; we take reasonable measures appropriate to the sensitivity of the data we hold.

10. Children

Leo is not directed at children under 16. We do not knowingly collect personal data from anyone under that age. If you believe a child has provided us with personal data, contact privacy@currentlabs.tech and we will delete it.

11. Changes to this policy

We may update this policy to reflect changes in how Leo works or in legal requirements. The "Last updated" date at the top of this page reflects the most recent revision. Material changes will be announced in the app and on this page at least 30 days before they take effect, except where an earlier change is required by law.

12. Contact

Privacy enquiries: privacy@currentlabs.tech
Security disclosure: security@currentlabs.tech (see also our security.txt)
Postal: CurrentLabs B.V., Borneostraat 96E, 1094 CR, Amsterdam, the Netherlands