Last updated: April 16, 2026
Lead Policy
What This Covers
This policy explains what happens to leads — inquiries submitted by prospects on a Islet-built lead-capture experience — once they are captured.
Collection
When a prospect submits a form, we collect the fields they provide (name, contact, project details, timing). We store this in a secure Supabase Postgres database.
Delivery
Leads are delivered exclusively to the client for whom they were captured. Delivery methods include email and SMS alerts. No lead is delivered to more than one client. No lead is resold or aggregated.
Security
All data is encrypted in transit (TLS) and at rest (Supabase-managed encryption). Row-level security policies restrict each client's access to their own leads.
Retention
Leads are retained for the duration of the client's engagement plus 24 months, or per the client agreement.
Deletion Requests
Prospects or clients can request deletion by emailing zack@isletmedia.com. Deletions are processed within 30 days unless retention is required by law.
Third Parties
Leads are stored in Supabase and transmitted via Resend (email) and Twilio (SMS). No other third-party access.