leadhaus
Client LoginGet Started

Privacy Policy

Last updated: June 2026

1. Who we are

Leadhaus is a trading name providing lead generation, email outreach, and reporting services through theleadhaus.io. For the purposes of UK GDPR and the Data Protection Act 2018, Leadhaus is the data controller for personal data collected through this website and in the course of providing our services.

To contact us regarding data protection matters, please use the form at theleadhaus.io/contact.

2. What data we collect and why

Account and billing data

When you sign up, we collect your name, email address, business name, phone number (if provided), and payment information. We use this to create and manage your account, process payments, and communicate with you about your subscription.

Onboarding data

During onboarding, you provide information about your business, target audience, and campaign preferences. We use this solely to build and operate your lead generation campaigns.

Contact form submissions

When you use our contact form, we collect your name, email address, business name, phone number (if provided), and the content of your message. We use this only to respond to your enquiry.

Marketing communications

If you subscribe to our weekly lead generation tip email, we collect your email address for that purpose only. You can unsubscribe at any time using the link in any email we send. We will never send you unsolicited marketing.

Usage and analytics data

We collect anonymised data about how you interact with our website using Vercel Analytics. This data does not identify you individually and is used only to understand how the site is used and to improve it.

Lead data (third party contacts)

In the course of delivering our services, we source contact information of individuals from public registries and directories on behalf of our customers. This data is processed under the legitimate interest basis for B2B outreach and is subject to our full data handling and suppression processes.

3. Legal basis for processing

Contract: we process your account, billing, and onboarding data as necessary to provide the services you have paid for.

Legitimate interest: we process lead data for B2B outreach under the legitimate interest basis permitted by UK GDPR, and under the soft opt-in rules permitted by PECR for consumer contact where applicable. We conduct and maintain legitimate interest assessments for all such processing.

Consent: we process your email address for marketing communications only with your explicit consent, which you can withdraw at any time.

Legal obligation: we may process or retain data where required by law, including financial records required by HMRC.

4. How we share your data

We do not sell personal data. We do not share your data with third parties for their own marketing purposes. We share data only with the following service providers, each under appropriate data processing agreements:

  • Stripe — payment processing and subscription management
  • Clerk — user authentication and account management
  • Resend — transactional email delivery (weekly reports, billing notifications, welcome emails)
  • Vercel — website and application hosting
  • Neon — secure database storage

We may disclose personal data where required by law, court order, or lawful authority.

5. International data transfers

Some of our service providers operate outside the UK. Where personal data is transferred to countries not deemed adequate by the UK government, we ensure appropriate safeguards are in place, including Standard Contractual Clauses approved by the ICO or equivalent mechanisms. You may request details of the safeguards applicable to any specific transfer by contacting us.

6. Data retention

We retain personal data only for as long as necessary for the purpose it was collected:

  • Account and billing data: retained for the duration of your subscription and six years thereafter for tax and legal compliance
  • Lead data generated for your account: transferred to you on cancellation; we retain suppression data for compliance purposes indefinitely
  • Audit logs of email campaigns: retained for two years
  • Contact form enquiries: retained for two years
  • Marketing email subscribers: retained until you unsubscribe, then deleted within thirty days
  • Anonymised analytics data: retained indefinitely as it cannot identify individuals

7. Security

We take the security of your personal data seriously. Our technical and organisational measures include:

  • All data transmitted between your browser and our servers is encrypted using TLS
  • Passwords are hashed and never stored in plain text
  • Access to production systems is restricted to authorised personnel and protected by multi-factor authentication
  • Database access is restricted by network-level controls
  • We conduct regular reviews of our security practices

In the event of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the ICO within 72 hours of becoming aware of it, as required by UK GDPR.

8. Your rights

Under UK GDPR, you have the following rights:

  • Right of access: to request a copy of the personal data we hold about you
  • Right to rectification: to request correction of inaccurate or incomplete data
  • Right to erasure: to request deletion of your personal data in certain circumstances
  • Right to restriction: to request that we restrict processing of your data
  • Right to portability: to receive your data in a structured, machine-readable format
  • Right to object: to object to processing based on legitimate interest, including for direct marketing
  • Right to withdraw consent: where processing is based on consent, to withdraw it at any time without affecting the lawfulness of prior processing

To exercise any of these rights, please contact us through the form at theleadhaus.io/contact. We will respond within one month. Where requests are complex or numerous, we may extend this by a further two months with notice.

We will not charge a fee for exercising your rights unless requests are manifestly unfounded or excessive, in which case we may charge a reasonable administrative fee.

9. Automated decision making

We do not make any decisions about you solely by automated means that produce legal or similarly significant effects. Lead scoring and campaign optimisation decisions made by our platform are reviewed and overseen by our team.

10. Age restriction

Our services are intended solely for businesses and individuals aged 18 and over. We do not knowingly collect personal data from anyone under 18. If you believe we have inadvertently collected data from someone under 18, please contact us immediately and we will delete it.

11. Cookies

We use only essential cookies required for the operation of the platform (authentication, security, and session management) and privacy-compliant anonymised analytics. We do not use advertising cookies, tracking pixels, or third party marketing cookies. Full details are in our Cookie Policy at theleadhaus.io/cookies.

12. Third party links

Our website may contain links to third party websites. We are not responsible for the privacy practices of those websites and recommend you read their privacy policies. This policy applies only to theleadhaus.io and the Leadhaus platform.

13. Data Processing Agreements

Where Leadhaus processes personal data on your behalf as part of delivering outreach campaigns, you act as the data controller and we act as the data processor. A Data Processing Agreement (DPA) governing that processing relationship is available on request. Please contact us through the form at theleadhaus.io/contact to request a copy.

14. Changes to this policy

We may update this policy from time to time to reflect changes in our practices or legal obligations. Where changes are material, we will notify registered users by email at least thirty days before the changes take effect. The date at the top of this page indicates when it was last updated. We encourage you to review this policy periodically.

15. Complaints

If you are unhappy with how we have handled your personal data, please contact us first using the form at theleadhaus.io/contact and we will do our best to resolve your concern.

If you are not satisfied with our response, you have the right to lodge a complaint with the UK Information Commissioner's Office (ICO):

Information Commissioner's Office
Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF
Tel: 0303 123 1113
Website: ico.org.uk