How We Handle Your Data

Who we are

LeadFindy ("LeadFindy", "we", "us", "our") provides B2B cold email outreach, lead list building, and LinkedIn outreach services. We are the data controller for personal data processed in connection with our website and direct client engagements.

This Privacy Policy applies to leadfindy.com and any other domains we operate as part of our service delivery. For data we process on behalf of our clients, the client acts as the data controller and we operate as a data processor.

Information we collect

We collect different types of information depending on how you interact with us. This includes:

• Contact details you provide via forms, email, calls, or chat — name, work email, phone, company, role.
• Account & billing data for active clients — invoicing details, payment-method metadata (we never store full card numbers), tax IDs.
• Engagement data from campaigns we run — emails opened/replied, calls booked, performance metrics.
• Website usage — IP, browser, device, pages visited, referrer, time-on-page (collected via cookies and analytics).
• Prospect data processed on behalf of clients — publicly available business contact information (names, work emails, titles, companies) sourced from third-party data providers.

How we use your data

We use personal data for these specific purposes:

• To deliver and manage the services you've engaged us for.
• To respond to your enquiries and support requests.
• To send service updates, performance reports, and contractual communications.
• To improve our website, services, and copy through analytics.
• To comply with legal obligations (tax, audit, anti-fraud).
• To run B2B outreach campaigns on behalf of our clients (legitimate-interest basis).

Legal bases (GDPR)

For users in the EU/UK, we rely on these legal bases under GDPR:

Data sharing & sub-processors

We share data with carefully vetted sub-processors who support our service delivery. All hold SOC 2 Type II or ISO 27001 certifications and have signed Data Processing Agreements with us:

• Sending platforms — Saleshandy, Smartlead (email automation)
• Email infrastructure — Google Workspace (mailbox hosting)
• Email verification — ZeroBounce, NeverBounce
• Lead enrichment — Apollo, Clearbit, BuiltWith
• Analytics — Google Analytics 4, with anonymized IPs
• Payments — Stripe (we never store full card data)
• Internal tools — Slack, Notion, Google Workspace

We do not share data across client accounts. Every client engagement is fully siloed — separate workspaces, separate sending stacks, separate reporting.

Data retention

We retain data only as long as needed for the purposes stated above:

• Active client data — for the duration of the engagement plus 24 months for reference and audit.
• Prospect / outreach data — for the active campaign window plus 12 months, then deleted.
• Billing & tax records — 7 years (legal obligation).
• Website analytics — anonymized after 14 months.
• Unsubscribes — kept indefinitely on our suppression list to honor your preference.

Data security

We implement technical and organizational measures appropriate to the risk:

• TLS 1.2+ encryption for all data in transit.
• Encryption at rest in our SaaS infrastructure.
• Role-based access control with least-privilege defaults.
• Two-factor authentication required for all internal accounts.
• Quarterly access reviews and offboarding within 24 hours.
• Annual security training for all team members.

In the unlikely event of a data breach affecting your personal data, we will notify the relevant supervisory authority within 72 hours and affected individuals without undue delay where required by law.

International transfers

LeadFindy operates across multiple regions. Personal data may be transferred to and processed in countries outside your home country, including the United States and India.

Where we transfer EU/UK personal data outside the EEA/UK, we rely on Standard Contractual Clauses (SCCs) approved by the European Commission and the UK Information Commissioner's Office, plus supplementary measures where appropriate.

Your rights

Depending on where you live, you have one or more of the following rights:

• Access — request a copy of the personal data we hold about you.
• Correction — fix any inaccurate or incomplete data.
• Deletion — ask us to delete your data, subject to legal retention obligations.
• Restriction — limit how we process your data.
• Portability — receive your data in a machine-readable format.
• Objection — object to processing based on legitimate interest, including outreach.
• Withdraw consent — at any time, where processing is based on consent.
• Lodge a complaint — with your local data-protection authority.

To exercise any of these rights, email us at privacy@leadfindy.com. We respond within 30 days.

Cookies & tracking

We use a minimal cookie footprint:

• Strictly necessary — session cookies for site functionality (always on).
• Analytics — Google Analytics 4 with IP anonymization (consent-based in EU/UK).
• No advertising trackers — we don't run ad-retargeting or build behavioural profiles.

You can manage cookies via your browser settings. Disabling analytics cookies will not affect site functionality.

Children's privacy

LeadFindy is a B2B service. We do not knowingly collect data from children under 16 (or the equivalent minimum age in your jurisdiction). If you believe we have collected data from a child, please contact us and we will delete it promptly.

Changes to this policy

We may update this Privacy Policy as our practices, services, or legal obligations evolve. When we make material changes, we'll update the "Last updated" date at the top and, where appropriate, notify active clients via email.

Your continued use of LeadFindy after a change means you accept the revised policy.

Contact us

For privacy questions, requests, or concerns, get in touch:

• Privacy email · privacy@leadfindy.com
• General contact · hello@leadfindy.com
• Web · leadfindy.com/contact-us

We aim to acknowledge requests within 5 business days and resolve them within 30 days.