Legal

1. Acceptance of Terms

By accessing or using Leapable, you agree to be bound by these Terms of Service. If you do not agree, do not use the service.

2. Service Description

Leapable provides a local-first AI workspace for private vault search, citation retrieval, provenance, and optional Share Mode. Share Mode lets a user publish a sanitized sealed copy of a vault to the Library for other users to search with full provenance.

3. User Accounts

You are responsible for maintaining the security of your account credentials. You must provide accurate information when creating an account. Accounts are non-transferable.

4. Share Mode Terms

Users who publish through Share Mode must have the legal right to distribute the content they share. Revenue share is 70% for published Library vaults. Payouts are processed monthly via Stripe Connect.

4.1 Copyright warranty. By publishing a vault through Share Mode, you represent and warrant that (a) you own the content or have an unrestricted, transferable license to redistribute the sealed sanitized copy to paying Library users and to permit the uses described in §4.3 below; (b) the content does not infringe the copyright, trademark, trade-secret, publicity, or privacy rights of any third party; and (c) you have obtained any consents required from individuals appearing in or identifiable from the content.

4.2 Indemnification. You agree to defend, indemnify, and hold harmless Leapable Inc., its directors, officers, employees, agents, and affiliates from and against any and all claims, damages, losses, liabilities, judgments, settlements, costs, and expenses (including reasonable attorneys' fees) arising out of or relating to (a) any breach of §4.1, (b) any allegation that your published content infringes a third party's intellectual-property or privacy rights, or (c) your use of the Share Mode tools in violation of these Terms or applicable law.

4.3 AI-training grant. You grant Leapable Inc. a worldwide, non-exclusive, royalty-free, sublicensable license to use the sanitized, PII-stripped version of your Share Mode published content — specifically, the sealed snapshot that passes the server-side residue-scan gate — as training data, evaluation data, and model-improvement data for Leapable-owned or Leapable-partner AI models. This grant applies only to the sealed published copy, not to your private workspace vault, local source files, unpublished drafts, or local answer history. You may revoke this grant prospectively at any time by unpublishing the affected vault; prior training uses are not affected by revocation.

4.4 Per-publish re-affirmation. Because copyright circumstances change, you must re-affirm §4.1-4.3 on every Share Mode publish via the explicit consent checkboxes in the publish modal. Your acceptance is not reused across publish actions — every share is a fresh affirmation.

5. Subscriber Terms

Subscriptions are billed monthly. You may cancel at any time, effective at the end of the current billing period. Refunds are handled on a case-by-case basis.

6. Acceptable Use

You may not use Leapable for unlawful purposes, to distribute malware, to harass others, or to infringe on intellectual property rights. We reserve the right to terminate accounts that violate these terms.

7. Limitation of Liability

Leapable is provided "as is" without warranty of any kind. We are not liable for any indirect, incidental, or consequential damages arising from your use of the service.

1. Data Collection

We collect only the minimum data necessary to provide the service: email address, account preferences, billing state, support metadata, and usage analytics. We do not collect or store private workspace documents unless you explicitly submit them to a cloud workflow or publish a sanitized copy through Share Mode.

2. Local Processing

When you use local processing (.md, .txt files), all data remains on your machine. Private documents, local search state, and answer history are not transmitted to our servers by the local path.

3. Cloud Processing

When you use cloud OCR for PDFs or images, files are uploaded to transient processing workers and deleted after the run. Leapable stores operational job records needed to provide, secure, and support the requested workflow. Share Mode retains only the sealed sanitized copy you explicitly publish.

4. Payment Data

All payment processing is handled by Stripe. We never see, store, or have access to your full payment card details. Stripe's privacy policy applies to payment data.

5. Data Sharing

We do not sell, rent, or share your personal information with third parties for marketing purposes. Data may be shared with subprocessors listed below strictly for operating the service, including payments, email delivery, edge routing, transient OCR, and limited infrastructure support.

6. Data Retention

Account data is retained for the duration of your account. Upon account deletion, all associated data is permanently removed within 30 days.

7. Your Rights

You have the right to access, correct, export, or delete your data at any time. Contact us at legal@leapable.ai to exercise these rights. Specific California, EU/UK, and other jurisdictional rights are described in dedicated sections below.

Subscription cancellations

You may cancel any platform subscription (Starter, Builder, Pro, Max) or creator-vault subscription at any time from your billing portal. Cancellations take effect at the end of the current billing period; you retain access until that date and you are not charged for the next period.

Subscription refunds

Subscription fees are non-refundable except where required by law (including the EU 14-day distance-selling withdrawal right and applicable U.S. state laws). If you believe a charge was made in error or you experienced a service outage materially impacting your use, contact support@leapable.ai within 14 days and we will review on a good-faith basis.

Credit packs

One-time credit-pack purchases (200-credit, 1000-credit) are refundable for the unused-credit portion within 14 days of purchase. Credits already consumed against Library answer requests or OCR work are non-refundable because the underlying compute (GPU OCR, semantic indexing, answer processing) has already been billed by our providers.

Library vault answer requests

Per-answer credit charges to access a published Library vault are final once the answer has been delivered, except where the response was empty due to a Leapable platform fault, in which case the answer is automatically refunded. Disputes about creator content quality should be raised with the creator and, if unresolved, reported to support; Leapable does not arbitrate factual disputes about third-party creator content.

Chargebacks & disputes

If you initiate a chargeback or payment dispute through your bank or card issuer rather than contacting us first, we may suspend your account pending resolution. Successful chargebacks may result in account termination and credit-pack forfeiture under §6 of our Terms.

Creator payouts & reserves

Creator payouts are subject to a 60-day reserve period to absorb chargebacks and refunds against the creator's earnings. Reserves release automatically after the reserve window closes (see POST /v1/owner/reserve/sweep). Creators may request earlier release in writing; approval is at Leapable's sole discretion.

Categories of personal information we collect

• Identifiers — email address, account ID, license key, machine ID, IP address.
• Commercial information — subscription tier, credit balance, purchase history (via Stripe).
• Internet activity — pages visited, answer requests submitted, AI-client identification (Claude, Cursor, etc.), session timestamps.
• Inferences — usage patterns derived from answer and OCR activity, used solely for product analytics and abuse detection.

We do not collect: precise geolocation, biometric information, racial/ethnic origin, religious beliefs, health information, sexual orientation, or any other "sensitive personal information" under CPRA. We do not knowingly collect information about minors under 16.

Sources, purposes, and retention

We collect personal information directly from you (account signup, answer requests, OCR uploads) and from authentication providers (Google, GitHub, Apple) when you sign in via OAuth. We use it to provide and secure the service, process payments, deliver email notifications, and detect abuse. We retain account data for the life of your account; answer and OCR records for up to 12 months for abuse-detection and accounting purposes; financial records for up to 7 years to satisfy U.S. tax-record retention requirements.

Your CCPA / CPRA rights

• Right to know — request a copy of the personal information we hold about you.
• Right to delete — request deletion of your personal information.
• Right to correct — request correction of inaccurate information.
• Right to opt-out of sale or sharing — we do not sell personal information; we share with service providers (Stripe, Resend, Cloudflare, RunPod, AWS, Google, Apple, GitHub) only as necessary to operate the service. Use the global Privacy Control (Sec-GPC) signal or email legal@leapable.ai with subject line "Do Not Sell or Share" to register an opt-out.
• Right to limit use of sensitive personal information — not applicable; we do not collect or use sensitive personal information beyond what is necessary to provide the service.
• Right to opt-out of automated decision-making technology (ADMT) — see the AI & Automated Decisions section below.
• Right to non-retaliation — exercising any of the above will not result in worse pricing or service quality.

How to exercise your rights

Email legal@leapable.ai from the email associated with your account. We will verify your identity and respond within 45 days (extendable by 45 days where reasonably necessary). You may designate an authorised agent in writing.

AB 1008 — AI & personal information

Under California AB 1008 (effective Jan 1, 2026), AI systems that output personal information are within the scope of the CCPA. Leapable's Library search may surface text from Share Mode published vaults that, despite our PII-residue redaction gate, could include identifying information. We treat such output as personal information under the CCPA: you may exercise the rights above with respect to it. We do not train Leapable-owned models on private workspace documents or subscriber answer requests; we may train on sanitized Share Mode snapshots that pass the residue gate, under the licence in §4.3 of our Terms.

Hallucination & output disclaimer

Leapable's AI search returns results based on statistical similarity between your question and the underlying source library. AI models can produce factually incorrect, misleading, or fabricated output ("hallucinations"). Always verify AI output against the cited source documents before relying on it. Leapable is not liable for decisions you make based on AI output without independent verification.

No internal LLM synthesis

Leapable itself does not call third-party LLMs (OpenAI, Anthropic, Google, etc.) to synthesise answers from creator content. Leapable returns ranked source-grounded results with citations. AI clients you connect through the MCP protocol (Claude, Cursor, etc.) may then synthesise answers from those results — that synthesis is governed by the AI client's own terms and privacy policy, not ours.

Training data uses

Leapable trains and evaluates models only on: (a) Sanitized Share Mode snapshots that pass our PII-residue redaction gate, under the AI-training licence each publisher grants per §4.3 of the Terms and the per-publish checkbox flow. (b) Aggregated, de-identified telemetry about latency, cache-hit rates, and abuse signals.

We do not train on: your local documents, your answer requests, your account email or identifiers, or any creator content that has been unpublished or that failed the residue gate.

Automated decisions affecting you

Leapable uses automated rules to: (1) detect and gate suspicious or abusive activity (rate-limits, abuse-rule scoring), (2) reconcile entitlements against verified Stripe events, (3) order and rank source-grounded search results. None of these produce legal or similarly significant effects in the CPRA/GDPR sense; we do not use ADMT for credit decisions, employment, housing, insurance, or essential goods.

Opt-out of automated decisions

If you believe an automated decision (e.g., an abuse-detection action against your account) was made in error, email legal@leapable.ai and request a human review. We will respond within 14 days. Where required by law (CPRA, GDPR Art. 22), you may opt out of solely automated decision-making with significant effect; in practice, every account-affecting enforcement action at Leapable already requires owner review before becoming permanent.

Designated DMCA agent

DMCA notices and counter-notices must be sent to our designated agent:

Leapable Inc. — DMCA Agent
Attn: Christopher Royse
210 W Home St E, Junction City, KS 66441, USA
Email: dmca@leapable.ai

Designated-agent registration with the U.S. Copyright Office is in progress; until registration completes, notices to dmca@leapable.ai remain effective for purposes of §512(c)(2) actual-knowledge.

What a DMCA notice must contain

• Your physical or electronic signature.
• Identification of the copyrighted work claimed to have been infringed.
• Identification of the material on Leapable that is claimed to be infringing, with sufficient detail (creator slug, vault name, answer fragment, or URL) for us to locate it.
• Your contact information (address, phone, email).
• A statement that you have a good-faith belief that the use is not authorised by the copyright owner, its agent, or the law.
• A statement, under penalty of perjury, that the information in your notice is accurate and that you are the copyright owner or authorised to act on the owner's behalf.

Counter-notice

If you are a creator whose content was removed and you believe the removal was a mistake or misidentification, you may submit a counter-notice including: your signature, identification of the removed material, a statement under penalty of perjury that you have a good-faith belief the material was removed by mistake, your contact information, and your consent to jurisdiction in the U.S. District Court for the District of Kansas.

Repeat-infringer policy

Creators whose published content is the subject of two or more substantiated DMCA takedowns within any rolling 12-month period will have their creator role permanently revoked and their pending payouts withheld pending resolution of any outstanding disputes.

Misrepresentation

Misrepresentation in a DMCA notice or counter-notice may subject you to liability for damages, costs, and attorneys' fees under 17 U.S.C. §512(f).

First-party cookies

• session — HttpOnly, Secure, SameSite=Lax. Signs you into the authenticated app; expires after 30 days. Required for authenticated routes.
• device_remember — HttpOnly, Secure. Remembers a verified device for autologin; revocable from your profile page.
• Local-storage entries used for client-side preferences (timezone, theme). Server has no access to local storage.

Third-party cookies

• Stripe — __stripe_mid, __stripe_sid on checkout/billing portal pages. Required for fraud prevention.
• Cloudflare Insights — aggregate, no-cookie analytics about page views and Core Web Vitals; no individual identifiers.

Choices

You can block third-party cookies in your browser without losing access to authenticated routes — the session cookie is first-party. EU/UK visitors are shown a consent banner before any non-essential cookie is set; consent is recorded in user_preferences and can be revoked at /account/security.