Privacy Policy

APLeads is operated by Alix Pardoe, a sole trader registered in England.

Contact: hello@apleads.co

APLeads provides lead capture and automation systems for UK trades businesses using Go High Level and other tools to help businesses capture, nurture, and convert leads.

APLeads (Alix Pardoe) is the Data Controller for website visitor analytics, customer contact information, and prospect outreach records.

For DFY Managed Service customers: The Customer is the Data Controller. APLeads is a Data Processor on behalf of the Customer. Customer data is processed solely to deliver the contracted service.

Data Protection Officer: APLeads is a micro-organisation (sole trader with limited employees). A Data Protection Officer is not required under UK GDPR Article 37. For all data protection queries and rights requests, contact hello@apleads.co.

3.1 Website Visitors

When you visit the APLeads website, we collect: IP address (via Google Analytics), browser type and device information, pages visited and time on site, and referrer source. No personally identifiable information is collected unless you voluntarily submit a contact form.

3.2 Customers and Prospects

When you engage with APLeads, we collect: full name, email address, phone number, business name and details, industry/trade type, location/service area, payment information (processed securely via Stripe), and communication history.

3.3 DFY Managed Service Customers

We additionally process your Go High Level account data (contacts, pipeline, automations, conversations) — this is owned by you and processed by us on your behalf.

Website Analytics (Google Analytics): Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)). We analyse website traffic to understand user behaviour and improve our service offerings. No personally identifiable information is collected unless voluntarily provided.

Customer Account Data: Legal Basis: Performance of Contract (GDPR Article 6(1)(b)). We collect name, email, phone, business details, and usage data to set up your account, deliver the contracted service, provide support, and process payments.

Prospect Outreach Data (B2B Lead Capture): Legal Basis: Legitimate Interest (GDPR Article 6(1)(f)). APLeads contacts UK trades businesses with information about relevant services. This is B2B commercial outreach where contact details are typically sourced from public business directories or LinkedIn. Prospects may opt out at any time.

Payment Information: Legal Basis: Performance of Contract (GDPR Article 6(1)(b)). Payment processing is necessary to fulfil the customer contract. Payment data is processed by Stripe (PCI DSS compliant); APLeads does not store card data directly.

Marketing Communications (if opted in): Legal Basis: Consent (GDPR Article 6(1)(a)). We send service updates and educational content only to those who have opted in or are existing customers. You may withdraw consent at any time by unsubscribing.

• Service Delivery (Lawful Basis: Contract) — Set up and manage your account, deliver contracted services, provide technical support, and manage portal access.
• Communication (Lawful Basis: Contract / Legitimate Interest) — Send service updates, security notifications, billing confirmations, and responses to support inquiries.
• Payment and Invoicing (Lawful Basis: Contract) — Process payments securely via Stripe, issue invoices, receipts, and accounting records for tax purposes.
• Business Development (Lawful Basis: Legitimate Interest) — Contact prospects with information about APLeads services and relevant case studies. You may object to this processing at any time.
• Analytics and Service Improvement (Lawful Basis: Legitimate Interest) — Analyse website and portal usage patterns to improve service design and user experience.
• Legal and Tax Compliance (Lawful Basis: Legal Obligation / Legitimate Interest) — Comply with UK tax reporting (HM Revenue & Customs), maintain records as required by law, prevent fraud, and enforce our terms of service.

Website Visitor Analytics (Google Analytics): Retained for 26 months by Google Analytics. No personally identifiable information is retained; only aggregated analytics data is kept.

Customer Account Data (Service Delivery): Active customers: Retained for the duration of the service plus 2 years after account termination to fulfil legal obligations and contractual requirements (audit trails, dispute resolution). Terminated customers: Retained for 2 years post-termination.

Payment Records and Invoices: Retained for 7 years from the date of transaction (required by UK tax law under the Income Tax Act 1998 and HM Revenue & Customs requirements).

Prospect/Lead Data (B2B Outreach): Retained for 2 years from the date of last contact. Prospects may request deletion at any time by emailing hello@apleads.co.

Cookies and Tracking Data: Persistent cookies are retained for 1 year. Session cookies are deleted when you close your browser.

DFY Managed Service Customer Data: Retained for the duration of the active service agreement. Upon service termination, the customer receives a complete data export within 30 days. Data is then deleted from APLeads' systems within 60 days of termination (excluding payment records retained per tax requirements).

Right to Deletion: Where legally permitted, you may request deletion sooner. Some data must be retained to comply with legal obligations (tax records, contractual dispute resolution).

Processors and Data Controllers: APLeads uses third-party service providers (Data Processors) under Data Processing Agreements to deliver services:

International Data Transfers:

• EU Processing (Adequacy Decision): Supabase stores customer data in the EU (Dublin, Ireland). The UK has an Adequacy Decision with the EU, enabling transfers without additional safeguards.
• US Transfers (Standard Contractual Clauses): Stripe, Resend, GoHighLevel, and Google operate in the US. Data transfers are governed by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office. SCCs ensure data protection equivalent to UK GDPR standards even in jurisdictions without formal data protection equivalence.
• Adequacy Decision Reliance: Where available, we rely on the UK Government's adequacy assessments of data protection laws in receiving countries.

Data Sharing Policy: APLeads does NOT sell, share, or disclose personal data to third parties for marketing, advertising, or commercial purposes outside of contractual service delivery.

Under UK GDPR, you have the right to:

• Right of Access: Request a copy of all personal data APLeads holds about you. Response time: 30 days.
• Right of Rectification: Request that inaccurate data be corrected.
• Right to Erasure ("Right to be Forgotten"): Request deletion of your personal data, subject to legal requirements (tax records must be retained for 7 years).
• Right to Restrict Processing: Limit how your data is used.
• Right to Object: Object to direct marketing, legitimate interest processing, or automated decision-making.
• Right to Data Portability: Request your data in a portable format (CSV).

For all requests: email hello@apleads.co with the relevant subject line. Response within 30 days.

APLeads takes data security seriously:

• All customer data is stored securely in GHL (SOC 2 compliant) or Google Drive (encrypted, access-controlled)
• Payment data is processed via Stripe (PCI DSS compliant); card data is not stored by APLeads
• Access to customer data is restricted to Alix Pardoe and any contracted service providers
• Data is encrypted in transit (HTTPS) and at rest
• Regular backups are maintained

No system is 100% secure. APLeads cannot guarantee absolute security but commits to industry-standard protections.

Transfer Mechanisms and Legal Framework: APLeads has implemented appropriate safeguards for all international data transfers:

• EU/EEA Transfers: Supabase (Ireland) — Protected by UK-EU Adequacy Decision. No additional safeguards required.
• US Transfers: Stripe, Resend, GoHighLevel, Google Analytics, Microsoft Clarity, Meta (Facebook) — All transfers are governed by Standard Contractual Clauses (SCCs) approved by the UK Information Commissioner's Office. SCCs ensure contractual guarantees of data protection standards equivalent to UK GDPR, even in the absence of a formal adequacy decision.
• Supplementary Measures: Where necessary, additional technical and organisational safeguards are implemented (encryption, access controls, sub-processor restrictions).

Your Rights: You have the right to request a copy of the safeguards in place for your data transfers. Contact hello@apleads.co for details.

The APLeads website uses:

• Google Analytics (GA4) — tracks visitor behaviour to understand website usage. Legal basis: Legitimate Interest. Consent Mode v2 is implemented — if you decline analytics cookies, GA4 operates in cookieless mode. Cookies retained for up to 26 months by Google.
• Microsoft Clarity — session recording and heatmap technology operated by Microsoft. Records anonymised replays of how visitors interact with pages (mouse movement, clicks, scroll depth). Used to identify UX friction and improve the site. No form inputs or sensitive text are recorded. Legal basis: Legitimate Interest (analytics consent required). Data is processed by Microsoft — Microsoft Privacy Statement.
• Essential Cookies — required for website functionality (session authentication, security). Legal basis: Contract/Necessary for service.
• Meta Pixel (Facebook) — conversion tracking for ad performance measurement and retargeting. Fires PageView on every page, ViewContent on service pages, InitiateCheckout on the booking page, and Lead on form submission. Legal basis: Consent (marketing cookies must be accepted). Data is processed by Meta — Meta Privacy Policy.
• No Third-Party Marketing Cookies by Default — APLeads does not use cookies to build tracking profiles or support targeted advertising unless you explicitly consent via the cookie banner.

Cookie Consent: You may disable cookies in your browser settings, though this may affect website functionality. Essential cookies cannot be disabled without breaking the website.

No Automated Decisions with Legal Effects: APLeads does NOT carry out automated decision-making or automated profiling with legal or significant effects on individuals. All decisions affecting your account (service eligibility, access, contract terms) are made by Alix Pardoe or staff with human oversight.

Analytics Processing: Website analytics (Google Analytics) is used solely to analyse aggregate traffic patterns and improve service offerings. No individual decisions are made based on automated analytics.

No Profiling: APLeads does not build profiles of individuals for the purpose of predicting behaviour, eligibility, or characteristics.

Right to Human Review: Should any significant decision be made about your account in the future, you have the right to request manual review and to express your point of view. Contact hello@apleads.co.

If you purchase APLeads services, you may receive service updates, security notifications, and educational content about lead capture. You may unsubscribe at any time by clicking "Unsubscribe" in any email or emailing hello@apleads.co. All emails will cease within 3 business days.

For any data protection requests, questions, or complaints:
hello@apleads.co — Response within 30 days.

APLeads is registered with the UK Information Commissioner's Office (ICO). Registration number: [INSERT ICO REGISTRATION NUMBER]. Verify at ico.org.uk/registration.

If you believe APLeads has violated your data protection rights, you may lodge a complaint with the ICO:

ICO · Wycliffe House · Water Lane · Wilmslow · Cheshire SK9 5AF
Phone: 0303 123 1113 · Website: www.ico.org.uk

By using APLeads' services or website, you confirm you have read and understood this Privacy Policy.