GDPR Compliance

Last updated: December 23, 2024

1. Our Commitment to GDPR

Salead is committed to compliance with the General Data Protection Regulation (GDPR) and respects the privacy rights of individuals in the European Union (EU) and European Economic Area (EEA).

This page explains how we comply with GDPR and how you can exercise your rights.

2. Legal Basis for Processing

We process your personal data under the following legal bases:

2.1 Contract Performance

Processing necessary to provide the Service you've subscribed to, including:

  • Account management
  • Lead monitoring and analysis
  • Campaign execution
  • Payment processing

2.2 Legitimate Interest

Processing necessary for our legitimate business interests:

  • Service improvement and optimization
  • Fraud prevention and security
  • Customer support
  • Analytics and research

2.3 Consent

For marketing communications and non-essential cookies, we obtain your explicit consent.

2.4 Legal Obligation

To comply with applicable laws, such as tax and accounting requirements.

3. Your GDPR Rights

Under GDPR, you have the following rights:

3.1 Right to Access (Article 15)

You can request a copy of all personal data we hold about you. We will provide this within 30 days.

How to exercise: Email privacy@salead.com or use the "Export Data" feature in your account settings.

3.2 Right to Rectification (Article 16)

You can correct inaccurate or incomplete personal data.

How to exercise: Update your information in account settings or contact us.

3.3 Right to Erasure / "Right to be Forgotten" (Article 17)

You can request deletion of your personal data when:

  • It's no longer necessary for the purposes collected
  • You withdraw consent
  • You object to processing
  • It was unlawfully processed

How to exercise: Use the "Delete Account" button in settings or contact us.

Note: We may retain certain data if required by law (e.g., financial records for 7 years).

3.4 Right to Restriction of Processing (Article 18)

You can request we limit how we use your data while we investigate a concern.

3.5 Right to Data Portability (Article 20)

You can receive your data in a structured, machine-readable format (JSON/CSV) and transfer it to another service.

How to exercise: Use the "Export Data" feature to download your campaigns, keywords, and leads.

3.6 Right to Object (Article 21)

You can object to processing based on legitimate interests or for direct marketing.

How to exercise: Unsubscribe from marketing emails or contact us to object to specific processing.

3.7 Right to Withdraw Consent (Article 7)

Where processing is based on consent, you can withdraw it at any time.

3.8 Right to Lodge a Complaint

You have the right to file a complaint with your local supervisory authority:

Find your data protection authority: EDPB Member List

4. Data Processing Details

4.1 Data Controller

Salead is the data controller for your personal information.

4.2 Data Protection Officer

Contact our DPO: dpo@salead.com

4.3 Data Processors

We use the following processors who have appropriate GDPR safeguards:

  • Vercel (USA): Standard Contractual Clauses (SCCs)
  • Neon (USA): GDPR-compliant data processing agreement
  • OpenAI (USA): Data Processing Addendum with SCCs
  • Google (USA): Model Contract Clauses for data transfers
  • Polar.sh: PCI-DSS compliant payment processor

5. International Data Transfers

Your data may be transferred outside the EU/EEA to countries that may not offer the same level of data protection.

We ensure adequate protection through:

  • Standard Contractual Clauses (SCCs): EU-approved data transfer contracts
  • Adequacy Decisions: Transfers only to countries approved by the EU Commission
  • Additional Safeguards: Encryption, access controls, security audits

6. Data Retention

We retain personal data for different periods:

  • Account Data: Until account deletion + 30 days grace period
  • Campaign Data: Until deletion or account closure
  • Billing Records: 7 years (legal requirement)
  • Support Tickets: 2 years
  • Analytics Data: 2 years (anonymized)
  • Logs: 90 days

7. Security Measures

We implement technical and organizational measures to protect your data:

Technical Measures:

  • End-to-end encryption (TLS 1.3)
  • Encrypted database storage
  • Password hashing (bcrypt)
  • Regular security updates
  • Intrusion detection systems
  • Access logging and monitoring

Organizational Measures:

  • Staff training on data protection
  • Access controls and least privilege principle
  • Data processing agreements with vendors
  • Regular security audits
  • Incident response procedures
  • Data protection impact assessments

8. Data Breach Notification

In the event of a data breach affecting your personal data:

  • We will notify the relevant supervisory authority within 72 hours
  • We will inform affected users without undue delay
  • We will describe the nature of the breach and steps being taken
  • We will provide recommendations to minimize potential harm

9. Cookies and Tracking

We use cookies in compliance with the ePrivacy Directive:

  • Essential Cookies: No consent required (necessary for service)
  • Analytics Cookies: Consent obtained via cookie banner
  • Marketing Cookies: We don't use these currently

You can withdraw cookie consent at any time in your browser settings.

10. Automated Decision-Making and Profiling

We use AI to analyze posts and score lead relevance. This is NOT automated decision-making that significantly affects you under GDPR Article 22 because:

  • It doesn't produce legal effects
  • It doesn't significantly affect you
  • You retain full control over how to use the information
  • It's based on publicly available data

11. Children's Data

We do not knowingly process data of individuals under 16 (or the applicable age in your country). If you're under 16, please do not use our Service.

12. How to Exercise Your Rights

To exercise any of your GDPR rights:

  1. Email us: gdpr@salead.com
  2. Use account settings: Many rights can be exercised directly in your dashboard
  3. Include in your request:
    • Your name and email address
    • The specific right you're exercising
    • Any relevant details

Response time: We will respond within 30 days (may extend to 60 days for complex requests).

Free of charge: We do not charge fees unless requests are manifestly unfounded or excessive.

13. Updates to GDPR Policy

We may update this GDPR compliance statement. Material changes will be communicated via email and on this page with an updated "Last updated" date.

14. Contact Information

GDPR Inquiries: gdpr@salead.com
Data Protection Officer: dpo@salead.com
General Privacy: privacy@salead.com

Terms of ServicePrivacy PolicyFair Usage Policy