LeadScraper attaches particular importance to the protection of your personal data and undertakes to respect the General Data Protection Regulation (GDPR) and French "Informatique et Libertés" law.
1. Data controller
LeadScraper (SIRET 878 003 185 00021), Domaine Labrosse, 42720 Nandax, France — [email protected]
2. Data collected
We collect the following categories of data:
- Identification data: first name, last name, email, phone, company, SIRET
- Connection data: IP address, cookies, browsing logs
- Payment data: processed directly by Stripe (no card stored on our servers)
- Usage data: searches performed, leads extracted, platform interactions
3. Purposes of processing
- Provision of the LeadScraper Service
- User account and billing management
- Service improvement and statistical analysis
- Commercial communication (with explicit consent)
- Compliance with legal obligations
4. Legal basis
Processing of your data is based on: contract execution (Service provision), your consent (newsletter, commercial communications), legitimate interest (Service improvement, security), legal obligations (billing, accounting retention).
5. Retention period
- User account: subscription duration + 3 years
- Billing data: 10 years (legal obligation)
- Connection logs: 12 months
- Cookies: 13 months maximum
6. Your rights
Under GDPR, you have the following rights:
- Right of access: obtain a copy of your data
- Right to rectification: correct inaccurate data
- Right to erasure: delete your data
- Right to restriction: restrict processing
- Right to portability: retrieve your data in a structured format
- Right to object: oppose processing
To exercise your rights: [email protected]. We respond within 30 days maximum.
7. Subprocessors
We use the following subprocessors to provide the Service:
- Contabo GmbH (Germany) — Server hosting
- Stripe, Inc. (USA) — Payment processing (PCI-DSS Level 1 certification)
- Cloudflare, Inc. (USA) — Security and CDN
- Brevo (France) — Transactional email sending
Each subprocessor is bound by a subprocessing agreement compliant with Article 28 GDPR.
8. Transfers outside EU
Some subprocessors (Stripe, Cloudflare) are located in the USA. Data transfers to these subprocessors are governed by Standard Contractual Clauses validated by the European Commission.
9. Security
We implement appropriate technical and organizational measures to protect your data: TLS/SSL encryption, hashed passwords (bcrypt), regular backups, restricted access to sensitive data, security audits.
10. Complaint
If you believe that the processing of your data is not compliant, you can lodge a complaint with the CNIL (French data protection authority): cnil.fr/fr/plaintes