Privacy Policy

1. Introduction

LeadToCall.io is operated by Evidenss Consulting LTD, registered in the United Kingdom (registration number: 12542339). This Privacy Policy explains how we collect, use, store, and protect personal data when you use our speed-to-lead SaaS platform.

We are committed to protecting your privacy and complying with applicable data protection regulations, including the EU General Data Protection Regulation (GDPR) where applicable.

Contact: privacy@leadtocall.io

Data Protection Officer: Moez Yahiaoui — privacy@leadtocall.io

2. Data We Collect

Account Data

When you sign up, we collect: full name, email address, company name, hashed password, phone number (optional), payment information (via Stripe), platform credentials (Meta/TikTok OAuth tokens), WhatsApp recipient numbers, and preferred language.

Lead Data

When a prospect submits a lead form on your Meta or TikTok ad, the following data is transmitted to our Service: name, phone number, email (if provided), lead source, submission timestamp, and form responses. LeadToCall.io acts as a data processor on behalf of our client (the advertiser), who is the data controller.

Usage Data

We automatically collect: IP address, browser type, pages visited, feature usage, and device type for security, rate limiting, and product improvement.

Cookies and Tracking

We use essential cookies (session, language preference, Stripe.js) and analytics tools (Microsoft Clarity for UX heatmaps and session recordings, with your consent via cookie banner).

3. How We Use Your Data

• Processing and delivering lead notifications via WhatsApp
• Displaying lead data in your dashboard and calculating analytics
• Managing your subscription and billing
• Transactional emails (welcome, trial reminders, payment confirmations)

We do not send marketing emails unless you explicitly opt in.

4. Data Sharing & Sub-Processors

We share data with: Twilio (WhatsApp delivery), Meta and TikTok (lead data sources), Stripe (payment processing), Sentry (error tracking), and Microsoft Clarity (UX analytics). Each sub-processor has been evaluated for data protection compliance.

We do not sell personal data to any third party.

5. Data Retention

• Account data: duration of account + 90 days
• Lead data: 12 months from creation
• Webhook and notification logs: 90 days
• Invoices and billing records: 7 years (legal requirement)

6. Your Rights

Under GDPR and similar regulations, you have the following rights:

• Access: Request a copy of all data we hold about you
• Rectification: Update your account information in Settings
• Erasure: Request deletion of your account and all associated data
• Data Portability: Export your data as JSON or CSV
• Withdraw Consent: Withdraw consent for analytics cookies via cookie settings

To exercise any right, email privacy@leadtocall.io. We will respond within 30 days.

7. Data Security

We implement encryption in transit (TLS/HTTPS), encryption at rest (AES-256 for sensitive data), JWT-based authentication, bcrypt password hashing, HMAC SHA-256 webhook verification, and security headers via Helmet.js.

8. International Data Transfers

Your data may be processed outside your jurisdiction, including the USA and EU. We ensure appropriate safeguards via Standard Contractual Clauses (SCCs), EU-US Data Privacy Framework certifications, and Data Processing Agreements with all sub-processors.

9. Children's Privacy

LeadToCall.io is a business-to-business service. We do not knowingly collect personal data from children under 16. If we become aware that we have collected data from a child, we will delete it promptly.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email and/or dashboard banner. Continued use of the Service after changes constitutes acceptance.

11. Contact Us

Contact: privacy@leadtocall.io

Data Protection Officer: Moez Yahiaoui — privacy@leadtocall.io

Address: 57 Dalbury Road, B28 0NE Birmingham, United Kingdom