Privacy Policy
Last updated: June 15, 2026
This Privacy Policy describes how IBLead ("we", "our", "us") collects, uses, stores, and protects the personal data of users of our platform available at iblead.com (the "Service"). We are committed to complying with the General Data Protection Regulation (GDPR) and applicable data protection legislation.
1. Data Controller
The data controller is:
- Company: IBLead
- Website: iblead.com
- Contact email: [email protected]
2. Data We Collect
2.1. Account Data
When you sign up, we collect:
- Your email address
- Your name (optional)
- Your password (stored as a bcrypt hash)
2.2. Usage Data
We automatically collect:
- Pages viewed and actions taken on the platform
- Searches and filters used
- Exports performed
- Technical data: IP address, browser type, operating system, timestamps
2.3. Payment Data
Payments are processed by our payment provider. We never store your credit card numbers. We only retain billing information (amount, date, transaction status).
2.4. Saved Search Data
When you create a saved search (watch), we store:
- The search filters you defined (country, category, city, etc.)
- The geographic zone you selected if applicable (map rectangle coordinates)
- Your notification preferences (email, webhook)
- A tracking cursor to identify new businesses since your last check
You can delete a saved search at any time from your dashboard.
3. Purposes of Processing
We use your data to:
- Provide the Service: create and manage your account, process your searches and exports
- Billing: process payments and issue invoices
- Service improvement: analyze usage to improve features and user experience
- Communication: send you service-related notifications (updates, incidents, changes to terms)
- Security: detect and prevent fraud and abuse
4. Legal Basis for Processing
- Contract performance (Art. 6(1)(b) GDPR): processing necessary to provide the Service
- Legitimate interest (Art. 6(1)(f) GDPR): service improvement, security, fraud prevention
- Consent (Art. 6(1)(a) GDPR): for analytical cookies and optional marketing communications
5. Regarding Business Data in Our Database
Our database contains information about businesses extracted from Google Maps. This data is publicly available on Google Maps to any internet user. Its processing is based on our legitimate interest (Art. 6(1)(f) GDPR) to provide a B2B prospecting service.
The business data concerned includes: business name, address, phone number, website, business category, reviews and ratings, opening hours. No sensitive personal data is collected.
Any business wishing to exercise their right to object may contact us at [email protected].
6. Data Sharing
We never sell your personal data. We may share it with:
- Payment provider: for transaction processing
- Hosting provider: for secure platform storage
- Analytics (PostHog): for anonymized usage analysis of the Service
- Authorities: if required by law or court order
7. Data Retention
- Account data: retained as long as your account is active. Deleted within 30 days of a deletion request.
- Usage data: retained for 24 months, then anonymized.
- Billing data: retained for 10 years in accordance with French accounting obligations.
- Saved search data: retained until deleted by the user.
8. Your Rights
Under the GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: request deletion of your data
- Right to data portability: receive your data in a structured format
- Right to object: object to certain processing activities
- Right to restriction: restrict processing in certain cases
To exercise these rights, contact us at [email protected]. We will respond within 30 days.
You may also lodge a complaint with your local data protection authority.
9. Security
We implement appropriate technical and organizational measures to protect your data: encryption in transit (TLS), password hashing (bcrypt), strict access controls, regular backups.
10. Cookies
We use essential cookies for the operation of the Service (authentication, session). Detailed analytics cookies (session recording, heatmaps, fine-grained behavioral tracking) are only placed with your consent.
Regardless of that consent, we assign each visitor a pseudonymous audience-measurement identifier (stored in a first-party cookie or local storage). This identifier contains no direct personal data (no name, no email) and is used solely to measure audience and to connect a visit to a possible signup (attribution), so we can understand how well our pages perform. This processing relies on our legitimate interest (Art. 6(1)(f) GDPR) in measuring and improving our Service. You can object at any time by refusing non-essential cookies or by contacting us at [email protected].
11. Changes
We may update this policy at any time. In case of significant changes, we will notify you by email or through a notification on the platform. The last update date is indicated at the top of this page.
12. Contact
For any questions regarding this Privacy Policy, contact us at [email protected].