Back to home

Privacy Policy

This policy explains what data Consent Leads processes, why, and what rights you have. Short version: we build AI workflow systems for UK businesses and we process the minimum data needed to do that.

Who we are

Consent Leads is operated by Salam O. (sole trader), based in the United Kingdom. Contact: sal@consentleads.uk

What data we collect

From visitors and prospective clients:

• Email address (when you request a scope or reply to outreach)
• Information you choose to share about your business in those messages
• Standard server logs (IP address, browser, referrer) for 30 days, used to debug issues only

From clients during a project:

• Whatever access credentials you grant us to deliver the build (CRM, email, calendar, social inbox)
• Examples of past customer interactions where required to train an AI assistant for you
• Billing details handled by Stripe. We do not store card data.

For cold outreach:

• Publicly available business contact data (name, email, role, company) sourced from company websites and public business directories
• This data is processed under legitimate interest grounds for B2B outreach. You can opt out at any time by replying with the word "no" or emailing us, and we will suppress your address within 24 hours.

Why we process this data

Prospective clients: processed under UK GDPR Article 6(1)(b), to respond to your enquiry, and Article 6(1)(f), legitimate interest, to follow up.

Active clients: processed under UK GDPR Article 6(1)(b), necessary for performance of our contract with you. Where we process personal data of your end customers on your behalf (for example, AI booking assistant traffic), we do so as your data processor under a separate processor agreement.

Cold outreach contacts: processed under UK GDPR Article 6(1)(f), legitimate interest. Our legitimate interest is the operation of a B2B services business. We respect opt-out requests immediately.

Who we share data with

• Stripe for payment processing
• Resend for email delivery
• Cloudflare for DNS, hosting and email forwarding
• Hosting infrastructure as required to run client systems (your own accounts where possible, our infrastructure where not)

We do not sell any data. We do not share client data with anyone outside the providers above.

How long we keep data

• Prospective client emails: until you ask us to delete them, or 24 months from last contact, whichever is sooner
• Active client data: for the duration of our contract plus 6 years for HMRC and contract record purposes
• End customer data we process on your behalf: handled per our processor agreement, deleted on your instruction
• Cold outreach contacts: deleted after 6 months of no engagement, or immediately on opt-out request

Your rights

Under UK GDPR you can ask us to:

• Show you what data we have about you
• Correct inaccurate data
• Delete your data (unless we have a legal obligation to keep it)
• Object to processing based on legitimate interest
• Port your data to another service

Email sal@consentleads.uk with any request. We respond within one month.

Cookies

Our website uses no analytics cookies, no advertising cookies, and no tracking. The only cookies in our ecosystem come from Stripe during checkout, and from systems we build for clients on their own domains.

Complaints

You have the right to complain to the UK Information Commissioner's Office (ICO) at ico.org.uk. We would prefer you contact us first so we can fix whatever went wrong.

Changes to this policy

If we change this policy materially, we will update the "last updated" date above and email active clients.