Privacy Policy

Last updated: April 8, 2026

This Privacy Policy explains how LeadSwitchboard ("we", "us", "our") collects, uses, shares, and protects personal data in connection with our website, software, and related services (the "Service"). It describes your rights under applicable data protection laws, including the UK GDPR, the EU GDPR, the Data Protection Act 2018, PECR, and the California Consumer Privacy Act (CCPA/CPRA) where those rules apply.

1. Who This Notice Covers

This notice applies to website visitors, agency customers, agency administrators, buyers and team members using the Service, and individuals whose information is submitted to us through customer-configured forms, webhooks, integrations, communications, and onboarding workflows.

2. Controller and Processor Roles

We generally act as a controller for account administration, billing, product security, fraud prevention, support, legal compliance, and our direct relationship with customers and users.

We generally act as a processor (or "service provider" under CCPA) when agencies use the Service to upload, route, review, communicate about, or otherwise manage lead and customer data on their own behalf. In those situations, the relevant agency is the controller and is responsible for its own notices, lawful bases, and instructions to us.

3. Data We Collect

Depending on how the Service is used, we may process the following categories of personal data:

Account Data

Name, email address, company name, login credentials, account settings, roles, and permissions.

Billing & Transaction Data

Billing details, payment method metadata, invoices, credits, and transaction history (payment card details are processed by our payment provider, Stripe).

Lead & Business Data

Lead records, customer contact details, routing rules, call and message logs, delivery metadata, and dispute data submitted or generated through the Service.

Voice & Communications Data

Where voice, SMS, or calling features are enabled: phone numbers, message content, call metadata, recordings, transcripts, prompts, and summaries.

Technical & Usage Data

IP address, browser type, device information, pages visited, timestamps, cookies, and log files used for security, diagnostics, and performance.

Support & Audit Data

Support communications, documents and uploads, audit logs, and other operational records needed to run the platform.

4. How We Use Data

We use personal data to:

  • Provide, operate, and secure the Service
  • Authenticate users and manage accounts and permissions
  • Deliver, route, and track leads and related communications
  • Process payments, credits, and manage billing
  • Detect fraud, abuse, and misuse of the Service
  • Maintain audit and security records
  • Provide customer support and respond to requests
  • Improve product performance and reliability
  • Meet legal, regulatory, and tax obligations

We do not sell personal data, and we do not share it with advertisers or data brokers.

5. Legal Bases for Processing

Where the UK GDPR or EU GDPR applies, we rely on lawful bases that fit the context of the processing:

  • Performance of a contract (delivering the Service you have signed up for)
  • Legitimate interests (platform security, product improvement, fraud prevention, and analytics)
  • Consent (where consent is the appropriate basis, such as marketing communications)
  • Legal obligations (tax, compliance, lawful requests from authorities)

Where we process data on behalf of an agency customer as a processor, that customer is responsible for identifying the lawful basis for the processing.

6. How We Share Data

We share personal data only with trusted subprocessors who help us operate the Service — including providers of hosting, database, authentication, payment, email, SMS and calling, voice automation, caching, and analytics services — and with customer-designated recipients and integrations.

All subprocessors are required to implement appropriate data protection and security measures. A current list is published on our Subprocessors & International Transfers page.

We may also disclose personal data where required by law, to respond to valid legal process, or where reasonably necessary to protect the rights, safety, or integrity of the Service or our users.

7. International Data Transfers

Some of our providers or infrastructure may process personal data outside the UK or EEA. Where cross-border transfer rules apply, we intend to rely on appropriate safeguards — such as the UK International Data Transfer Agreement, the UK Addendum to the EU Standard Contractual Clauses, or the EU Standard Contractual Clauses — and other contractual or technical measures made available for those transfers.

8. Data Retention

We keep personal data for no longer than necessary for the purposes for which it was collected, including providing the Service, maintaining security and audit trails, resolving disputes, enforcing agreements, and satisfying legal, tax, or financial recordkeeping obligations.

Some feature areas may use shorter, feature-specific retention settings. For example, voice-related artifacts such as recordings, transcripts, and summaries are subject to a configurable retention window, and are deleted automatically after that window expires.

9. Your Rights

Depending on where you are located and the role we play in processing your personal data, you may have the right to:

  • Access the personal data we hold about you
  • Correct inaccurate or incomplete data
  • Request deletion where a deletion right applies
  • Restrict or object to certain processing
  • Request data portability
  • Withdraw consent where consent is the basis for processing
  • Lodge a complaint with a data protection regulator

To exercise your rights, see our Privacy Requests page, or contact us using the details below.

If we process your data on behalf of an agency customer, we may direct your request to that customer so that it can make the substantive decision as controller.

10. Cookies and Similar Technologies

We use cookies and similar technologies that are needed to sign users in, maintain sessions, remember preferences, and support core product functionality.

We do not currently use third-party analytics cookies on the LeadSwitchboard product. If that changes, we will update this notice and the relevant consent experience before enabling non-essential tracking where required. On our marketing website, any non-essential cookies (for example, marketing pixels) are only loaded where you have provided consent through our cookie banner.

11. Security

We use technical and organizational measures designed to reduce the risk of unauthorized access, loss, misuse, or unlawful disclosure of personal data — including encryption in transit and at rest, access controls, audit logging, and restricted access to customer data. No system is completely secure, and we cannot guarantee absolute security.

If you believe there is a security issue, please report it to support@leadswitchboard.io.

12. Regulator Information

UK users can find more information about their rights or submit a complaint to the UK Information Commissioner's Office (ICO). EEA users may contact their local data protection supervisory authority. California residents may contact the California Privacy Protection Agency.

13. Changes to This Policy

We may update this Privacy Policy from time to time. We will update the "Last updated" date above and, where required, provide additional notice of material changes.

14. Contact

For privacy questions, data rights requests, or a Data Processing Addendum (DPA), contact:

LeadSwitchboard Privacy Team

support@leadswitchboard.io

See also our Privacy Requests, Data Processing Addendum, and Subprocessors pages.