Privacy Policy

Last updated: 1 April 2026

1. Who we are

Leadzalot Ltd operates the website at leadzalot.com and the Leadzalot lead generation service. We are the data controller for personal data collected through this website.

Contact: [email protected]

2. Data we collect about you (account holders)

  • Account data: email address, hashed password, and if you use Google sign-in, your Google profile name and email.
  • Usage data: search prompts you submit, job results stored against your account, credit balance, and timestamps of searches.
  • Payment data (Phase 2): when credit purchases are enabled, payments are processed by Stripe. We receive a transaction reference and amount. We do not store your card details.
  • Technical data: IP address, browser type, Django session cookie, and CSRF token. We do not use advertising or tracking cookies.

3. Data we collect about third-party businesses (lead data)

The core function of Leadzalot is to find publicly available contact information for businesses. When you run a search, our systems automatically collect the following data about third-party businesses from public sources:

  • Business name, registered address, and phone number (sourced from public business listings)
  • Website content, including text from contact and about pages (fetched live by our crawler)
  • Email addresses found on those websites, including email addresses that may belong to named individuals (e.g. owner or director)
  • Owner or founder name where publicly stated on the business website
  • Social media profile URLs (Facebook, Instagram, LinkedIn, X/Twitter, TikTok, YouTube)
  • Google Maps rating and review count

This data is collected under the lawful basis of legitimate interests for the purpose of enabling B2B sales prospecting. The businesses and individuals whose data is collected are operating commercially and the data is limited to what is already publicly accessible on their own websites and public directories.

Lead data is stored against your account and visible only to you. It is retained for as long as your account exists. You can delete individual jobs from your dashboard at any time.

4. How we use your data

  • To create and manage your account
  • To run lead generation searches on your behalf and return results
  • To manage your credit balance and process payments
  • To send transactional emails (account confirmation, password reset)
  • To detect fraud and misuse of the service
  • To improve the accuracy and quality of our search and extraction systems

We do not sell your personal data. We do not use your data for advertising. We do not share your search history or lead data with any third party except as described in section 5.

5. Third-party processors

We use the following third-party services to operate Leadzalot. Each is a data processor acting on our behalf:

  • Google (Cloud, Maps Platform, Identity): used for live business data lookup, AI contact extraction, and optional Google sign-in. Google's privacy policy applies to data processed by these APIs.
  • Stripe: payment processing when credit top-ups are active. Stripe's privacy policy governs payment data.
  • DigitalOcean: cloud hosting provider. All data is stored on servers within the EU or UK.

6. Cookies

We use only the cookies necessary to operate the service:

  • Session cookie: keeps you logged in during your browser session.
  • CSRF token: protects form submissions from cross-site request forgery.

We do not use analytics cookies, advertising cookies, or any third-party tracking scripts.

7. Data retention

  • Account data is kept for as long as your account is active.
  • Lead job results are stored until you delete them or delete your account.
  • If you request account deletion, all associated data including lead results is permanently removed within 30 days.
  • Backup copies may persist for up to an additional 30 days before being overwritten.

8. Your rights (UK GDPR)

If you are based in the UK or EEA, you have the following rights regarding your personal data:

  • Access: request a copy of the personal data we hold about you.
  • Rectification: ask us to correct inaccurate data.
  • Erasure: request deletion of your account and associated data.
  • Portability: receive your data in a machine-readable format.
  • Objection: object to processing based on legitimate interests.
  • Restriction: ask us to restrict processing in certain circumstances.

To exercise any of these rights, email [email protected]. We will respond within 30 days. If you are not satisfied with our response, you may lodge a complaint with the UK Information Commissioner's Office (ICO) at ico.org.uk.

9. Security

We use HTTPS for all data in transit. Passwords are stored using a one-way hash. Database access is restricted to application servers and is not publicly accessible. We conduct periodic reviews of our security practices.

10. Changes to this policy

We may update this policy as our service evolves. Material changes will be notified by email or by a notice on the dashboard. The date at the top of this page reflects when the policy was last updated.