Platform Privacy Policy

(June 2025)

1. Introduction and Purpose

‍Lead Intelligence (“LI”, “we”, “our” or “us”) is a performance-marketing and campaign-management platform that enables businesses and agencies to manage, track and optimise campaigns across multiple channels.

This Platform Privacy Policy explains how LI processes and protects personal data handled through the Lead Intelligence Platform (the “Platform”), including data collected through integrations, forms, APIs, tracking URLs and on-site messaging tools.

It applies to all processing carried out by LI in its capacity as data processor for clients and, where applicable, as data controller for Platform-user accounts, system logs and related operational data.

This policy does not cover personal data collected on our public website or marketing communications. For those activities, please see our separate Website Privacy & Cookie Policy.

2. Who We Are

Lead Intelligence is a trading name of Magnetise Solutions Limited, a company registered in England and Wales (No. 06411581) with its registered office at 1 Lyric Square, Hammersmith, London, W6 0NB.

Magnetise Solutions Limited forms part of the Magnetise Group of companies and operates in accordance with the Magnetise Group Data Protection Policy and Information Security Management Framework. These group-level controls ensure consistent governance and compliance across all Magnetise entities.

Magnetise Solutions Limited is registered with the UK Information Commissioner’s Office (ICO) under registration number ZA059381.

‍Contact for privacy matters:
📧 privacy@leadintelligence.co.uk
📞 +44 (0)20 7078 8298

3. Scope of This Policy

This policy covers personal data processed through the Lead Intelligence Platform, including data supplied by clients or received via connected systems, integrations, or advertising platforms (for example, Facebook Lead Ads, Google Ads, or similar).
It also includes data processed through the delivery of on-site messages, overlays, pop-ups and consent banners configured by clients through the Platform.

In these cases, the client (Agency or Trade End User) remains the data controller, while Lead Intelligence acts as their data processor, ensuring that all such data is handled securely and in accordance with this policy.

4. Roles and Responsibilities

Role‍

Description

Agency

A person or organisation that uses LI to manage campaigns on behalf of itself or other Trade End Users.

Role‍

A person or organisation using LI for its own marketing or promotional purposes.

Data Subject

‍Any individual whose personal data is processed through campaigns, events or leads within LI.

LI acts as:

‍Processor – when handling campaign, click, event or lead data, including tracking identifiers, device and technical information, communication and engagement metadata, suppression and validation records, and aggregated performance or attribution data processed on behalf of clients. In some configurations, Lead Intelligence may also provide extended customer relationship management (CRM) or database-hosting services for clients. In these cases, LI continues to act as a data processor and retains data in accordance with the client’s instructions and lawful basis.
Controller – for Platform-user accounts, billing, audit logs and system monitoring data.

5. Categories of Data Processed

5.1 Platform User and Account Data (Controller Role)

‍Account registration and contact information (name, business email, company name)
Login credentials and authentication tokens
IP addresses and access logs (retained for 12 months)
Billing and invoicing records (where applicable)

5.2 Campaign and Event Data (Processor Role)

Click identifiers, timestamps, device type, browser, operating system, IP address, referral URL and campaign ID
Tracking identifiers such as cookies, pixel IDs, advertising IDs or UTM parameters used for attribution and analytics
Validation data from form submissions or API integrations
Lead data which may include personal information such as name, email address, phone number, postal address and marketing consent preferences
Marketing-event data including impressions, clicks, conversions, downloads, app installs or purchases associated with campaign tracking
On-site message and interaction data, including records of message views, dismissals, clicks, or preferences captured through overlays, sliders, pop-ups, banners (including cookie banners) and similar interface components
Communication metadata (e.g. delivery status or engagement metrics for email or SMS notifications)
Transactional metadata required for validation, enrichment and event matching

6. Purposes of Processing

Purpose

Description

Campaign management and optimisation

To deliver, measure and optimise campaign performance across multiple channels.

Data validation, enrichment and routing

To verify, enhance and assess the quality of data generated through the Platform — including leads and other marketing events such as impressions, clicks, conversions, downloads, app installs and sales. This may involve checking contact and technical data for accuracy, identifying duplicates or potential fraud, enriching records with additional information, and applying rule-based or compliance filters to determine suitability and route data to the appropriate campaign, client or destination system.

On-site messaging and user engagement

To deliver, personalise and record interactions with on-site messages (such as sliders, pop-ups, overlays, or cookie banners) served through the Platform. This includes ensuring messages display correctly, respecting user preferences (e.g. hide or consent choices), preventing repetition, and measuring engagement for reporting and optimisation.

Fraud detection and prevention

To prevent duplicate, invalid or fraudulent submissions and protect clients’ campaigns from abuse.

Reporting and analytics

To provide aggregated performance reporting and insights to clients, agencies and trade end users.

Security and platform integrity

To authenticate users, prevent abuse, maintain service reliability and protect data confidentiality.

Compliance and audit

To maintain records and logs required for contractual, regulatory or legal obligations.

Where on-site messages or campaign elements involve cookies or similar technologies, LI supports client-managed consent mechanisms in line with applicable privacy and electronic communications laws. Clients remain responsible for obtaining any required consents under the UK Privacy and Electronic Communications Regulations (PECR) or EU ePrivacy Directive.

7. Legal Bases for Processing

Performance of contract: to deliver services defined in the client agreement.
Legitimate interests: to support fraud prevention, network security, service improvement or operational analytics without overriding individual rights.
Consent: where required and obtained by the client (e.g. marketing consent or cookie preferences).

8. Data Sharing and Sub-Processing

Sub-Processor

Function

Region

GB Group plc

Phone validation

UK & EEA

Precisely Software

Postal address validation

EEA (Ireland & NL)

Amazon Web Services

Hosting & cloud compute

EEA (Ireland)

MessageBird B.V. (SparkPost)

Email delivery

EEA (Ireland)

Twilio Inc (EU instance)

SMS/MMS/WhatsApp delivery

EEA (Ireland)

9. International Data Transfers

All primary data storage and processing take place within the European Economic Area (EEA). Where data is transferred outside the EEA (e.g. for redundancy or support), LI implements appropriate safeguards such as Standard Contractual Clauses (SCCs) or equivalent legal mechanisms.

10. Data Retention

Data Category

Standard Retention

Notes

Click / Event Data

24 months

Configurable per client or legal requirement.

Lead / Customer Data

36 months

Configurable through LI PII settings (including anonymisation). In certain CRM implementations managed by LI on behalf of clients, data may be retained for longer periods — typically until the client instructs deletion or the data subject withdraws consent or opts out, in accordance with the client’s retention policy.

On-site Message and Interaction Data

24 months

Retained for performance and reporting consistency.

Suppression Lists & Consent Logs

5–10 years

Maintained for proof of consent and compliance.

Platform User & Audit Logs

12 months

Security and operational monitoring.

Back-ups

Daily encrypted back-ups retained securely within AWS and replicated to Amazon S3.

All retention periods are reviewed annually or adjusted in line with client or legal requirements.

11. Security Measures

LI applies rigorous technical and organisational measures to protect data processed within the Platform, including:

Encryption of data in transit (TLS 1.2+) and at rest (AES-256)
Network segregation and firewalling within AWS
Role-based access controls and multi-factor authentication
Continuous monitoring and intrusion detection
Regular penetration testing and vulnerability assessments
Secure software-development lifecycle and change management
Daily encrypted back-ups in restricted AWS environments

All Magnetise personnel with access to the Platform receive data-protection and security training and are bound by confidentiality agreements. Compliance with the Magnetise Group Data Protection Policy is mandatory for all staff and contractors.These measures are documented in and governed by:

12. Data Subject Rights

Individuals may access, correct, delete or restrict processing of their personal data.
Where LI acts as processor, requests are redirected to the relevant data controller (Agency or Trade End User).
Where LI acts as controller, requests can be sent to 📧 privacy@leadintelligence.co.uk or 📞 +44 (0)20 7078 8298.
We respond within the time limits set by law.

13. Incident Response and Notifications

In the event of a personal-data breach affecting the Platform, LI will investigate and, where required, notify affected clients and authorities within 48–72 hours of becoming aware. All incidents are managed under LI’s formal Incident Response Procedure.

14. Data Protection by Design and Default

LI embeds data-protection principles throughout the Platform lifecycle, including:

Default anonymisation and deletion options for expired lead data
Rule-based compliance filters for campaign data-handling
Role-based permissions and audit logging
Privacy and security reviews for new features prior to release
Secure transport protocols (HTTPS, SFTP, FTPS) for all data exchanges
Built-in consent tools supporting clients’ compliance with PECR and ePrivacy rules
Configurable retention and deletion settings enabling clients to define how long data, including CRM records, are retained

Lead Intelligence operates under the broader Magnetise Group Data Protection Policy, ensuring data-protection principles and accountability are embedded by design and by default across all group operations.

15. Business Continuity and Back-ups

Data is backed up daily within AWS and replicated to Amazon S3, accessible only to authorised administrators. These back-ups are encrypted and maintained to ensure operational resilience and disaster recovery.

16. Children’s Data

The LI Platform is not designed or intended for use in campaigns targeting or collecting data from children under 16. Clients must ensure their campaigns comply with all age and consent requirements.

17. Updates to This Policy

We may update this Platform Privacy Policy from time to time to reflect changes in law, technology or operations. The latest version is available at https://get.leadintelligence.co.uk/platform-privacy-policy. This policy is reviewed annually or upon material change.

18. Contact and Complaints

Questions or requests about this policy may be sent to:
📧 privacy@leadintelligence.co.uk
📞 +44 20 7100 0323
📞 +44 (0)20 7078 8298

‍If you are unsatisfied with our response, you may contact the Information Commissioner’s Office (ICO):
www.ico.org.uk | Tel: +44 (0)303 123 1113