Privacy Policy
Beta Programme — Effective date: 1 July 2026
1. Who We Are
LeadsByYou is a B2B prospecting platform. This Privacy Policy explains how we collect, use, and protect information when you use LeadsByYou. References to "we", "us", or "LeadsByYou" refer to the LeadsByYou service and its operators.
For questions about this policy or to exercise your rights, contact us at: hello@leadsbyyou.com
2. Data We Collect
We collect and process the following categories of data:
- Account data: Your name, email address, and company name provided at signup. Used to authenticate you and personalise your experience.
- ICP profile data: The ideal customer profile criteria you define (offer description, target buyer persona, target industries, geography). Used to generate search results and pre-fill your search forms.
- Search queries: The structured search parameters you submit (what you're selling, who you're targeting, where). Used to run AI-powered company and contact discovery, and to personalise future searches.
- Company selections: Which companies you select from search results. Used to personalise future searches (after 5 or more selections) and to improve result relevance.
- Contact outcome feedback (optional): Whether you mark a contact as "responded", "pending", or "no response" using the Yes / Pending / No buttons in Step 2. Stored per contact per session. Used to improve ICP scoring.
- BCC outreach signals (optional opt-in only): If you enable outreach tracking, we record when an email was sent to a contact (via BCC to your unique tracking address) and whether a reply signal was received. We store only: the contact's email address, a timestamp, and a response status (replied / no reply). No email content, subject lines, or message bodies are stored under any circumstances.
- Usage data: Standard server logs (IP address, request timestamps, browser type). Retained for 90 days for security and debugging purposes.
3. How We Use Your Data
We use the data we collect for the following purposes:
- Service delivery: Running searches, generating company and contact results, producing AI-written outreach messages.
- Personalisation: Using your past company selections to improve the relevance of future search results (active after 5+ selections).
- ICP scoring improvement: Aggregating anonymised interaction signals to improve the accuracy of ICP scoring models. No individual user's data is disclosed to other users. Vertical cohort isolation is enforced — your signals remain within your industry vertical.
- Account management: Authenticating you, sending transactional emails (password reset, account notices).
- Security and compliance: Preventing fraud and enforcing our Terms of Service.
4. Third-Party Data Sources
Contact and company information presented in search results is sourced from:
- Google Gemini / Google Search: Used to identify and describe target companies matching your ICP criteria. Queries are sent to Google's API; no personal data about you is sent beyond the search parameters you define.
- Lusha: Provides professional contact records (name, job title, business email, phone). Lusha processes professional data under its own Privacy Policy and applicable data protection law. Data sourced via Lusha covers individuals acting in a professional capacity.
- Hunter.io: Provides domain-level email discovery. Hunter.io operates under its own Privacy Policy. Data covers business email patterns associated with company domains.
All contact data sourced from third parties relates to individuals in professional roles and is processed on the legal basis of legitimate interest for B2B prospecting purposes (Article 6(1)(f) GDPR). LeadsByYou does not source or process consumer personal data.
5. Data Retention
- Account data: Retained for the duration of your account. Deleted within 30 days of account closure on request.
- Search history and sessions: Retained indefinitely to support your Dashboard history and personalisation. You can delete individual sessions from the Dashboard.
- Company search cache: Shared search results are cached for up to 7 days and then refreshed. Your personal cache has no automatic expiry.
- Contact outcome feedback: Retained indefinitely to support ICP scoring improvement. Deleted with your account on closure.
- BCC outreach signals: Retained for up to 24 months. Can be disabled and data deleted by contacting us.
- Server logs: Retained for 90 days.
6. Your Rights (GDPR)
If you are located in the European Economic Area (EEA) or the United Kingdom, you have the following rights under the General Data Protection Regulation (GDPR) and UK GDPR:
- Access: Request a copy of the personal data we hold about you.
- Rectification: Request correction of inaccurate personal data.
- Erasure: Request deletion of your account and associated personal data.
- Portability: Request your data in a machine-readable format.
- Objection: Object to processing based on legitimate interest.
- Restriction: Request that we restrict processing of your data in certain circumstances.
To exercise any of these rights, email us at hello@leadsbyyou.com. We will respond within 30 days. You also have the right to lodge a complaint with your national data protection authority (in the UK: the ICO at ico.org.uk).
7. Data Security
We use industry-standard security measures including encrypted connections (TLS), hashed password storage, and JWT-based authentication. Access to production data is restricted to authorised personnel only. We do not sell your personal data to third parties.
8. Cookies
LeadsByYou uses only essential session-management tokens (stored in your browser's local storage) required for authentication. We do not use advertising cookies or third-party tracking pixels during the beta period.
9. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify beta users of material changes by email. The date at the top of this page reflects the most recent revision.
10. Contact
Data protection enquiries: hello@leadsbyyou.com