Privacy Policy
Last updated: 20 April 2026This Privacy Policy explains how Leadex (“we”, “us”, “our”) collects, uses, shares, and protects personal data when you visit leadex.cc (the “Site”) or use our application at app.leadex.cc (the “Service”). We comply with the EU General Data Protection Regulation (Regulation (EU) 2016/679, “GDPR”) and applicable Portuguese data protection law.
1. Data controller
The data controller responsible for your personal data is:
Leadex
Lisbon, Portugal
Email: hello@leadex.cc
2. What we collect and why
2.1 Marketing website (leadex.cc)
- Essential technical data — IP address, user-agent, referrer, requested URL. Used to serve the site, detect abuse, and maintain security. Legal basis: legitimate interest (Art. 6(1)(f) GDPR).
- Analytics — if you consent, we use Google Analytics 4 to measure aggregated usage (pages viewed, session duration, device/country). IPs are anonymised. Legal basis: consent (Art. 6(1)(a) GDPR).
- Contact email — if you email hello@leadex.cc, we process your email address and the contents of your message to reply. Legal basis: legitimate interest or, where applicable, steps prior to entering a contract (Art. 6(1)(b) & (f) GDPR).
2.2 Service (app.leadex.cc)
- Account data — name, work email, hashed password or SSO identifier. Legal basis: contract (Art. 6(1)(b) GDPR).
- Usage data — prompts, research plans, approvals, generated lists, logs. Used to deliver the Service, debug, and improve quality. Legal basis: contract and legitimate interest.
- Third-party contact data — publicly available business contact information (company name, role, work email) that the Service collects from the open web and enrichment providers on your instruction. You act as the controller of this data for your own outbound activities; we process it as processor on your behalf.
- Billing data — if applicable, processed by our payment provider; we do not store card details.
3. How we share data
We do not sell personal data. We share limited data with trusted service providers acting as processors under contracts that meet GDPR Article 28 requirements:
- Hosting & infrastructure — operators of our servers and CDN in the EU.
- Analytics — Google Ireland Ltd. / Google LLC (Google Analytics 4), only if you consent.
- Email delivery — our email provider for transactional messages.
- Enrichment & search providers — used by the Service to resolve public business data (e.g., contact look-ups, company search). These providers process business contact data on your instruction.
- CRM integrations — when you connect a CRM (e.g., HubSpot), data you direct us to export is transmitted to that CRM under its own terms and privacy policy.
4. International transfers
Some processors may be located outside the EEA (notably in the United States). Where that is the case, we rely on the European Commission’s Standard Contractual Clauses and, where available, the EU–US Data Privacy Framework, together with supplementary safeguards as needed.
5. Retention
- Server logs: up to 30 days.
- Google Analytics: 14 months (Google default).
- Email correspondence: as long as reasonably needed to handle your enquiry or maintain our relationship, then archived or deleted.
- Account data: for the life of your account and up to 24 months afterwards, then deleted or anonymised, unless a longer period is required by law (e.g., accounting: 10 years under Portuguese law).
6. Your rights under GDPR
You have the right to:
- Access the personal data we hold about you;
- Rectify inaccurate or incomplete data;
- Erase your data (“right to be forgotten”), subject to legal retention obligations;
- Restrict or object to processing based on legitimate interest;
- Withdraw consent at any time, without affecting the lawfulness of prior processing;
- Data portability — receive your data in a structured, machine-readable format;
- Lodge a complaint with the Portuguese data protection authority, CNPD, or your local supervisory authority.
To exercise any of these rights, email hello@leadex.cc. We will respond within one month as required by Art. 12(3) GDPR.
7. Cookies
We use a minimal set of cookies and similar technologies.
| Cookie | Purpose | Category | Duration |
|---|---|---|---|
leadex-consent (localStorage) | Remembers your cookie choice. | Strictly necessary | Persistent |
_ga, _ga_* | Google Analytics — measure aggregated usage. | Analytics (consent-based) | Up to 24 months |
Strictly necessary cookies are required for the site to function and do not need consent. Analytics cookies are only set after you click “Accept all”. You can change your mind at any time via the “Cookie preferences” link in the footer.
We use Google Consent Mode v2: analytics is blocked by default until you consent.
8. Security
We use TLS in transit, encrypted backups, access controls, and principle-of-least-privilege for staff. No system is perfectly secure; we will notify affected users and the competent authority of any personal data breach likely to result in a risk to rights and freedoms, in line with Art. 33–34 GDPR.
9. Children
The Service is for business users. It is not intended for children under 16, and we do not knowingly collect their data.
10. Changes to this policy
We may update this policy from time to time. Material changes will be announced on this page with a revised “Last updated” date. Where changes are significant, we will notify account holders by email.
11. Contact
Questions, requests, or complaints: hello@leadex.cc.