Privacy Policy

Last updated: 1 April 2026

1. Who We Are

LeadLayer is operated by ICONS Digital B.V., registered in the Netherlands. We are the data controller for personal data processed through the LeadLayer platform. Contact us at info@leadlayer.ai.

2. Data We Collect

We collect data in two contexts:

Platform users (our customers)

  • Account information: name, email address, company name
  • Billing information: processed via our payment provider (we do not store card details)
  • Usage data: pages created, keywords tracked, AutoPilot runs, login activity
  • WordPress connection credentials (app passwords or plugin keys, stored encrypted)

End-users (visitors on our customers' websites)

  • Chat conversation content collected via the LeadLayer widget
  • Contact details voluntarily provided: name, phone number, city
  • Page URL and approximate visit time (for lead context)
  • Anonymous page view counts (via ping tracking — no cookies set)

3. Legal Basis (GDPR)

We process personal data under the following bases:

  • Contract — to provide the Service to our customers
  • Legitimate interest — to improve the platform and prevent abuse
  • Consent — for marketing communications (you can withdraw at any time)
  • Legal obligation — where required by applicable law

End-user data collected via the chat widget is processed on behalf of our customers (the website operators), who act as independent data controllers for that data. Customers are responsible for obtaining the necessary consents from their website visitors and for providing their own privacy notice.

4. How We Use Your Data

  • Providing, operating, and improving the LeadLayer platform
  • Sending service notifications (e.g. new leads, AutoPilot results)
  • Billing and account management
  • Fraud prevention and security monitoring
  • Compliance with legal obligations

5. Data Sharing

We do not sell personal data. We share data only with:

  • Sub-processors necessary to run the Service (cloud hosting, AI inference, email delivery, payment processing). All sub-processors are GDPR-compliant and bound by data processing agreements.
  • Law enforcement where required by applicable law.

Key sub-processors include: Anthropic (AI), Hetzner / Contabo (hosting, EU), Resend (transactional email), Stripe (payments).

6. Data Retention

We retain account data for as long as your account is active, plus 90 days after termination to allow data export. Lead and conversation data collected via the widget is retained for 24 months or until deleted by the customer. Anonymised analytics data may be retained indefinitely.

7. Your Rights

Under the GDPR, you have the right to:

  • Access the personal data we hold about you
  • Rectify inaccurate data
  • Request erasure ("right to be forgotten")
  • Restrict or object to processing
  • Data portability
  • Withdraw consent at any time (without affecting prior processing)

To exercise your rights, contact info@leadlayer.ai. We will respond within 30 days. You also have the right to lodge a complaint with the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) at autoriteitpersoonsgegevens.nl.

8. Cookies

The LeadLayer marketing site uses Google Analytics 4 (GA4) for aggregate usage statistics. GA4 uses cookies. No other tracking cookies are set. The LeadLayer widget on customer sites does not set cookies — it uses anonymous pixel pings for page view counting only.

9. Security

We use industry-standard measures to protect your data: TLS encryption in transit, encrypted storage for credentials, role-based access controls, and regular security reviews. In the event of a data breach that poses a risk to you, we will notify you and the relevant authorities within 72 hours where required by law.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes via email or an in-app notice at least 14 days before they take effect.