Privacy Policy — LeadPumper

      Summary: We collect only what we need to run LeadPumper — your email, payment details, and usage data. We don't sell your personal information. Data you scrape or upload is yours. We use industry-standard security to protect everything.
    

1. Who We Are

LeadPumper is operated by The Grow Revenue Company Limited, a company registered in England and Wales (Company Number pending), with its registered office at 128 City Road, London, EC1V 2NX, United Kingdom.

For the purposes of data protection law, we are the data controller for the personal data we collect about you as a user of our Service. For any personal data you obtain through the Service (such as scraped business contacts), you are the data controller and are responsible for your own compliance.

2. Information We Collect

2.1 Information You Provide

Data	When	Purpose
Email address, password	Account registration	Authentication and account management
Company name	Registration (optional)	Account personalisation
Payment information	Credit purchase	Payment processing via Stripe/PayPal
Billing details (name, address, VAT)	Invoice generation	Legal and tax compliance
CSV files and email lists	When you upload data	To run verification, enrichment, or email finder jobs

2.2 Information Collected Automatically

Data	Purpose
IP address	Security, rate limiting, fraud prevention
Browser type and device info	Service optimisation and debugging
Usage data (jobs run, credits used, features accessed)	Service improvement and analytics
Cookies (session, authentication)	Keeping you logged in

2.3 Information We Do Not Collect

We do not collect sensitive personal data such as racial or ethnic origin, political opinions, religious beliefs, health data, or biometric data. We do not track you across other websites.

3. How We Use Your Information

We use your personal data for the following purposes:

Providing the Service: Running your scraping, enrichment, and verification jobs; managing your account and credits
Payment processing: Processing purchases and generating invoices
Security: Preventing fraud, enforcing rate limits, detecting abuse
Communication: Sending transactional emails (account confirmations, password resets, job notifications). We do not send marketing emails without your consent.
Improvement: Analysing usage patterns to improve features and performance
Legal compliance: Meeting our obligations under applicable law

4. Legal Basis for Processing (GDPR)

If you are in the European Economic Area (EEA) or United Kingdom, we process your personal data on the following legal bases:

Contract performance: Processing necessary to provide the Service you have signed up for (account management, job execution, credit deduction)
Legitimate interests: Security, fraud prevention, service improvement, and analytics — where these interests are not overridden by your rights
Legal obligation: Tax and financial record-keeping, responding to lawful requests
Consent: Where we send optional marketing communications (you may withdraw consent at any time)

5. Data Sharing

We do not sell your personal information. We share data only with the following categories of recipients:

Recipient	Purpose	Data shared
Stripe, PayPal	Payment processing	Billing details, transaction amounts
Infrastructure providers (Contabo, Cloudflare)	Hosting and CDN	Data in transit and at rest on our servers
Google (OAuth)	Authentication	Your Google account email (only if you choose Google sign-in)

We do not share your data with advertising networks, data brokers, or analytics companies that would use it for their own purposes.

6. Data You Obtain Through the Service

When you use LeadPumper to scrape business listings, find email addresses, or enrich company data, you become the data controller for that information. You are responsible for:

Ensuring you have a lawful basis to process this data (e.g., legitimate interest for B2B outreach)
Complying with applicable data protection laws in your jurisdiction
Honouring opt-out and unsubscribe requests from data subjects
Not using data for purposes that would violate the rights of data subjects

We provide the tools; you are responsible for how you use the output.

7. Data Retention

Account data: Retained for the lifetime of your account plus 12 months after deletion
Job and lead data: Retained while your account is active. Deleted within 90 days of account closure
Payment records: Retained for 7 years as required by UK tax law
Server logs: Retained for up to 90 days for security and debugging purposes
Uploaded files (CSVs): Processed in memory and not stored after job completion

8. Data Security

We implement appropriate technical and organisational measures to protect your data, including:

Encryption in transit (TLS/HTTPS on all connections)
Encrypted database connections
Bcrypt password hashing (we never store plaintext passwords)
JWT-based authentication with token expiry
Rate limiting on authentication endpoints
Regular security updates and dependency patching

While we take reasonable precautions, no system is 100% secure. We encourage you to use a strong, unique password for your account.

9. Cookies

We use only essential cookies required for the Service to function:

Authentication token: Stored in your browser to keep you logged in. Expires after 72 hours.
Session cookies: Temporary cookies that are deleted when you close your browser.

We do not use advertising cookies, tracking pixels, or third-party analytics cookies.

10. Your Rights

Depending on your location, you may have the following rights regarding your personal data:

Access: Request a copy of the personal data we hold about you
Rectification: Request correction of inaccurate data
Erasure: Request deletion of your data (subject to legal retention obligations)
Restriction: Request that we limit processing of your data
Portability: Request your data in a structured, machine-readable format
Objection: Object to processing based on legitimate interests
Withdraw consent: Where processing is based on consent, withdraw it at any time

To exercise any of these rights, contact us at privacy@lead-pumper.com. We will respond within 30 days.

10.1 California Residents (CCPA)

If you are a California resident, you have the right to know what personal information we collect, request its deletion, and opt out of its sale. We do not sell personal information. To make a request, email privacy@lead-pumper.com.

11. International Transfers

Our servers are located in Germany (Contabo, Nuremberg). If you access the Service from outside the European Economic Area, your data will be transferred to and processed in the EU. For transfers outside the EEA, we rely on adequacy decisions or Standard Contractual Clauses as appropriate.

12. Children's Privacy

The Service is not intended for anyone under the age of 18. We do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us immediately.

13. Changes to This Policy

We may update this Privacy Policy from time to time. Material changes will be communicated via email or in-platform notification. The "Last updated" date at the top of this page indicates when the policy was last revised.

14. Contact Us

For questions, concerns, or requests related to this Privacy Policy or your personal data, contact us at:

The Grow Revenue Company Limited
128 City Road, London, EC1V 2NX, United Kingdom
Email: privacy@lead-pumper.com

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO) at ico.org.uk or your local data protection authority.