Trust & Compliance
How TheLeadSeeker handles your data: GDPR and CCPA compliance, SOC 2 Type 2-certified infrastructure, our public and proprietary sourcing, supplier due diligence, data subject rights, and the sensitive data we never collect.
Overview
TheLeadSeeker's Trust & Compliance page covers our compliance posture (GDPR, CCPA / CPRA and US-state laws, SOC 2 Type 2-certified data infrastructure with NIST SP 800-53 Rev 5 alignment), how we source data from proprietary signals, public sources, and job postings, source validation and supplier due diligence, the data subject rights every prospect and customer can exercise via privacy@theleadseeker.com, the sensitive data categories we never collect, and the documents (DPA, sub-processor list, security overview, SOC 2 Type 2 report) available under NDA on request.
Frequently Asked Questions
- Is TheLeadSeeker GDPR compliant?
- Yes. We operate as a GDPR-compliant business, document the legal basis for each processing purpose in our Privacy Policy, honour data subject rights within GDPR's timing rules, rely on Standard Contractual Clauses (and the UK IDTA / Swiss addendum) for international transfers, and make a Data Processing Addendum available on request for customers who need one.
- Are you SOC 2 certified?
- TheLeadSeeker is built on a SOC 2 Type 2-certified data infrastructure and aligns its operational controls with NIST SP 800-53 Rev 5. The SOC 2 Type 2 report covering the underlying platform that powers our prospect index can be reviewed under NDA — email privacy@theleadseeker.com.
- Do you sell my personal data?
- No. We do not sell Personal Information and we do not share it with third parties for cross-context behavioural advertising. We do not authorise our providers to use customer-identifiable workspace data to train AI or machine-learning models without your separate written permission.
- How do I exercise my data subject rights?
- Email privacy@theleadseeker.com or use our contact page with the right you wish to exercise (access, rectification, erasure, restriction, portability, objection, withdrawal of consent, opt-out of sale or sharing, correction, or limit use of sensitive information). We acknowledge within 10 business days and respond on the merits within 30 days, with a possible extension to 45 days where the request is complex.
- Can I get your Data Processing Addendum (DPA)?
- Yes. The DPA, our sub-processor list, our security overview, and the SOC 2 Type 2 report for the underlying data infrastructure are all available under NDA. Email privacy@theleadseeker.com or use the contact page with the document you need and a short note about your use case.