LeadPilot

Home Page
Tracker page
Loading page
Email notification

Inspiration

We were inspired by the rise of data-scraping tools that collect personal information without the user's knowledge. Instead of contributing to the problem, we wanted to flip the idea on its head—what if, instead of giving someone’s email address, we notified the target that someone was trying to find them? LeadPilot is a satirical take on data privacy, built to spark conversation.

What it does

LeadPilot masquerades as an email finder tool, but instead of returning a lead’s email and their data, it secretly notifies the person (the “victim”) that someone attempted to access their contact info. It’s a satirical tool designed to demonstrate how often personal data is queried without the user’s knowledge.

How we built it

We structured LeadPilot as a Flask web application, following a modular design to separate concerns and keep the project maintainable:

The core app logic lives inside the app folder, organized under main, which contains:

routes.py: Defines the main Flask routes, handling page requests and form submissions.

forms.py: Contains the form definitions and input validation logic.

templates/: Holds page templates like home.html, about.html, tracker.html, and error.html, rendered dynamically via Flask and Jinja2.

We used a static/ folder to organize assets like CSS (styles/page.css) and images, keeping frontend styling separate from logic.

A top-level templates/ folder holds base.html, serving as the main layout template extended by other pages.

The Emailer.py module implements a custom class for sending notification emails via smtplib and email.mime, managing SMTP authentication, building HTML emails, and handling send errors.

Configuration settings are stored in config.py, keeping sensitive and environment-specific details out of the main logic.

The application is launched from run.py, setting up the Flask app and pointing to the main blueprint.

We tied these components together using Flask blueprints, template inheritance, and static routing to build a convincing SaaS-style interface. Despite its appearance, no actual data scraping occurs—input data is only used to notify the “target” via email.

Challenges we ran into

We had to deal with email provider limits and and are still working to ensure our notification emails don't end up in spam folders. Finding the right balance between realism and ethical awareness was key.

Accomplishments that we're proud of

We’re proud of creating a complete user flow—from form submission to the notification email—in under this short amount of time. The platform successfully looks legitimate at first glance, which makes the notification even more impactful. We’re also proud that LeadPilot sparks conversations about privacy and data ethics.

What we learned

We learned about crafting deceptive (but ethical) UI/UX design, working with email APIs, and deploying Flask apps quickly. We also gained insight into email deliverability challenges and how much people trust professional-looking web interfaces.

What's next for LeadPilot

We’d love to expand LeadPilot into an interactive cybersecurity education tool, giving notified users actionable tips on data privacy. We’re also considering adding an opt-in leaderboard showing how many times a user was “searched” as a fun feature.