Privacy policy

This page explains what personal data Business Leads holds, why we hold it, and how to make us stop. It is written in plain English because you should not need a lawyer to understand what happens to your details.

Last updated 11 July 2026

This policy covers two groups of people. Part A is for customers and anyone who starts our signup form. Part B is for prospects: the people who receive the emails we send on our customers’ behalf. If one of our emails reached you and you want it to stop, go straight to Part B, or simply use the unsubscribe link in the email. It works immediately.

Who we are

Business Leads is run by Felix Clarke and operates from Eastham Hall, Eastham, Cheshire, CH62 0AF. For the purposes of UK data protection law, Business Leads is the controller of the personal data described on this page.

One address covers everything in this policy: hello@business-leads.co.uk. You can also write to Business Leads, Eastham Hall, Eastham, Cheshire, CH62 0AF.

Part A: customers and signups

This part applies if you are a customer, or if you started our signup form, whether or not you finished it.

What we collect, step by step

Our signup form asks only for what each step needs:

Why we use it, and the lawful bases

We use your details to provide the service you signed up for. The lawful basis for that is contract. We also use funnel records to run and improve the signup process, keep proper business records and prevent abuse. The lawful basis for that is legitimate interests. We do not sell your data and we do not share it with advertisers.

Sending infrastructure (the bit most people care about)

Every campaign email we send for you goes from our own email addresses. Never from yours. You add no DNS records, you connect no mailbox, and we never ask for access to your email account. If cold outreach ever upsets anyone, the sending reputation at stake is ours, not yours.

The tracking that powers your morning report is first party. Links in campaign emails pass through our own domain, and each email carries a small open pixel hosted on our own domain. No third-party tracking company ever sees that data.

Claude, and what the AI sees

We use Claude, an AI service from Anthropic, to draft your ideal customer profile and your campaign email. To do that, we send Claude your signup details and the public text of your website. Nothing else.

Anthropic processes this data under its data processing agreement with us. Anthropic is based in the United States, so transfers are covered by the safeguard UK law requires: the UK International Data Transfer Addendum incorporated into that agreement. Your campaign data is not used to train any third-party AI model.

Payments

Card payments are handled by Stripe. Your card details go straight to Stripe and never touch our servers. We never see your card number. We see that a payment succeeded or failed, nothing more.

How long we keep it

Backups

We take an encrypted backup of our database every night. Each backup is kept for 30 days and then destroyed. If we ever restore from a backup, we re-apply every erasure made since that backup was taken, so data you asked us to delete stays deleted.

Cookies and analytics

We set only strictly necessary cookies: a session cookie that keeps your place in the signup form, and a sign-in cookie for our own staff console. That is the lot. No advertising pixels, no third-party analytics, no cookie banner, because there is nothing to ask consent for. If we measure how the site is used, we do it with a first-party, cookieless tool running on our own server.

Your rights as a customer

You have the full set of rights: access, correction, erasure, restriction, portability and objection. The Your rights section below explains how to use them. The same single email address covers everything.

Part B: prospects, the people our customers’ emails reach

If an email sent by Business Leads landed in your work inbox, this part is about you.

Where your details came from

You did not fill in a form, and we did not scrape your details. Our database of UK business contacts is built from two sources: licensed business data providers, and public Companies House records. Every record is deduplicated and checked before it is used, and records that go stale or cannot be verified are removed, not hoarded.

What we hold about you

Business contact data only: your name, your business email address, your job title, your company, its city and its industry. We work with business contact details, not personal ones.

Our lawful basis, and the PECR position

Our lawful basis for holding and using your details is legitimate interests: our customers’ interest in reaching businesses that may genuinely want what they sell, balanced against your rights. We have completed a legitimate interests assessment, and you can have a copy on request.

UK email marketing law, PECR, allows unsolicited marketing email to corporate subscribers: people contacted in their work role at a company. We take that boundary seriously. Every contact is matched against Companies House records, and sole traders, who count as individual subscribers under PECR, are excluded by default.

How we measure opens and clicks

When a customer’s email reaches you, links in it pass through our own domain before reaching their destination, and the email contains a small image hosted on our domain that records when it is opened. We log the time, the browser type and the IP address, and we filter out openings caused by security scanners rather than people. All of this stays on our own systems. No third-party tracking company is involved.

Who sees your details

If you show interest in a customer’s email, by opening it or clicking a link in it, we pass your business contact details to that one customer so they can follow up. Our terms require customers to use those details lawfully, honour your objections and never resell them. We do not sell your details to anyone.

One opt-out covers everything

We keep a single permanent suppression list that applies across all our customers. Unsubscribe once, from any email, and no campaign we run for any customer will ever email you again. The list is never cleared.

Your rights

You do not need a form, a lawyer or a reason. One email to hello@business-leads.co.uk does all of this. We act promptly, and always within one calendar month:

The unsubscribe link in any of our emails handles the objection part instantly, with no email needed.

Complaints and the ICO

If you think we have got something wrong, please email hello@business-leads.co.uk first. This is a small operation and problems get looked at quickly. You also have the right to complain to the Information Commissioner’s Office, the UK data protection regulator, at ico.org.uk.

Changes to this policy

When this policy changes, we update this page and the date at the top. If a change genuinely matters, customers hear about it by email as well.