Privacy Policy

Trust Leads ("we", "us", "our") is operated by Trust Leads Ltd. We provide an AI-powered B2B lead validation and enrichment platform accessible at trustleads.ai. This Privacy Policy applies to all personal data processed through our website and services.

We are the data controller for account and user data. For lead data that you upload for validation, we act as a data processor on your behalf — you remain the controller of that data.

If you have questions about this policy, contact us at privacy@trustleads.ai.

Account data: When you sign up, we collect your email address, name, company name, and job role. This is required to create and manage your account.

Billing data: Payment is processed exclusively by Stripe. We store your Stripe customer ID, subscription status, plan details, and billing history. We never receive, transmit, or store raw card numbers, CVVs, or bank details.

Usage data: We log enrichment job submissions, file uploads, API requests, quota consumption, and feature interactions to operate and improve the service.

Lead data (uploaded by you): When you upload CSV files for validation, those files may contain business contact data (email addresses, names, phone numbers, job titles, company names). We process this data solely to fulfil your enrichment request.

Technical data: IP addresses, browser type, operating system, and session identifiers collected automatically when you use our platform.

Communications: If you contact support, we retain correspondence to resolve your issue and improve our service.

We process personal data under the following legal bases:

• Contract performance (Art. 6(1)(b)): Account data, billing data, and usage data are necessary to provide the service you signed up for.
• Legitimate interests (Art. 6(1)(f)): Technical data and aggregated analytics to improve platform reliability and security.
• Legal obligation (Art. 6(1)(c)): Retention of billing records for tax and accounting compliance.
• Consent (Art. 6(1)(a)): Optional analytics cookies and marketing communications where you have opted in.

For lead data you upload, we process it under Art. 28 GDPR as a data processor acting on your documented instructions.

We use the data we collect to:

• Create and manage your account and organisation
• Process payments and manage subscriptions via Stripe
• Run enrichment and validation on lead data you upload
• Enforce quota limits and billing entitlements
• Send transactional emails (receipts, password resets, quota alerts)
• Investigate abuse and enforce our Terms of Service
• Comply with legal obligations

We do not sell your data. We do not use your lead data for any purpose other than fulfilling your enrichment request.

We share data with the following sub-processors, each bound by appropriate data protection agreements:

• Supabase (EU region): Database, authentication, and file storage. User accounts and job records are stored here.
• Stripe (USA / EU): Payment processing, invoicing, and subscription management. Covered by Stripe's PCI-DSS Level 1 certification.
• Vercel / hosting provider: Frontend hosting and edge delivery.

We do not share personal data with any third party beyond operational necessity. A full sub-processor list is available on request.

Some of our sub-processors operate in the United States. Where personal data is transferred outside the UK or EEA, we ensure appropriate safeguards are in place — including Standard Contractual Clauses (SCCs) approved by the European Commission and the UK ICO.

Supabase can be configured to store data in EU regions. Our default configuration uses EU-based infrastructure. For enterprise customers with specific data residency requirements, please contact privacy@trustleads.ai.

Lead files (uploads and enriched outputs): Retained for 30 days after job completion, then automatically deleted. You can download your results at any time within this window.

Account data: Retained for the lifetime of your account plus 90 days to allow account recovery. After deletion, your data is permanently removed within 30 days.

Billing records: Retained for 7 years to meet UK financial record-keeping requirements.

Audit logs: Security and billing audit logs are retained for a minimum of 12 months.

Under GDPR and UK GDPR, you have the right to:

• Access: Request a copy of personal data we hold about you
• Rectification: Correct inaccurate or incomplete data
• Erasure: Request deletion of your personal data (subject to legal retention obligations)
• Portability: Receive your data in a structured, machine-readable format
• Restriction: Restrict processing in certain circumstances
• Objection: Object to processing based on legitimate interests
• Withdraw consent: Withdraw previously given consent at any time

To exercise any of these rights, email privacy@trustleads.ai. We will respond within 30 days.

If you are not satisfied with how we handle your request, you have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk.

We implement technical and organisational measures to protect your data, including:

• AES-256 encryption at rest; TLS 1.2+ in transit
• Bcrypt password hashing with a work factor of 10
• Short-lived JWTs (1 hour) with rotating refresh tokens
• Role-based access control enforced server-side on every request
• Immutable audit logs for all security-relevant events

In the event of a personal data breach affecting your data, we will notify you within 72 hours of discovery, as required by GDPR Article 33.

We use essential cookies required for authentication and session management. We use optional analytics cookies only with your consent. For full details, see our Cookie Policy.

Our service is directed at businesses and professionals. We do not knowingly collect personal data from anyone under the age of 16. If you believe a minor has provided us with personal data, contact privacy@trustleads.ai and we will promptly delete it.

We may update this Privacy Policy from time to time. We will notify you of material changes by email or via an in-app notice at least 14 days before they take effect. Continued use of the service after the effective date constitutes acceptance of the revised policy.

Data Controller: Trust Leads Ltd
Email: privacy@trustleads.ai
Support: support@trustleads.ai
Website: trustleads.ai