FinderLeadAMZ
  • Home
  • How It Works
  • Pricing
  • FAQ
LoginRegister

Privacy policy

Last updated: October 10, 2025

This Privacy Policy describes how AMZSTRATEGY LTD ("Finderlead", "we", "us", "our") collects, uses, discloses, and protects your personal data when you use the website https://finderlead.com and the related services (collectively, the "Service"). This document also explains your rights and how the law protects you. By using the Service, you agree to the practices described in this Privacy Policy.

1. Interpretation and definitions

Interpretation — Capitalized terms have the meanings set out below and apply to both singular and plural.

Definitions
TermDefinition
AccountThe unique profile created to access the Service.
AffiliateAn entity that controls, is controlled by, or is under common control with us (control = >50% of voting rights).
CompanyAMZSTRATEGY LTD, company no. 16210674, 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom.
CookiesText files stored on your device, as described in our Cookie Policy.
CountryUnited Kingdom (UK); for GDPR purposes we are also established within the European Economic Area (EEA).
DeviceAny device that can access the Service (PC, smartphone, tablet).
Personal DataAny information relating to an identified or identifiable natural person.
ServiceThe finderlead.com website and its lead-extraction features (API, dashboard, integrations).
ProcessorA party that processes data on our behalf (hosting, analytics, payments, etc.).
Usage DataData collected automatically (e.g., IP address, browser type, time spent, device ID).
User / YouThe natural person who uses the Service, or the legal entity they represent.
EU RepresentativeIf applicable under Art. 27 GDPR, we will indicate our EU representative's details in the Contacts section.
DPOData Protection Officer not appointed; for privacy requests, write to privacy@finderlead.com.

2. Legal bases for processing

We process Personal Data only if at least one of the bases under Art. 6 GDPR / UK GDPR applies. Where we rely on consent, you may withdraw it at any time without affecting the lawfulness of processing before withdrawal.

Legal bases and applications
Legal basisExamples of application
Performance of a contractAccount creation, provision of lead-generation APIs.
ConsentNewsletter, marketing cookies.
Legitimate interestsIT security, fraud prevention, anonymous usage analytics.
Legal obligationInvoicing, record retention for tax purposes.

3. Data we collect

  • 3.1 Data provided directly

    Contact information: first name, last name, email, company, phone number. Billing details: address, VAT/tax ID, payment method (tokenized). Provided content: support requests, feedback, files uploaded via integrations.

  • 3.2 Data collected automatically

    Usage data: IP address (masked), user agent, pages visited, timestamps, referrer URL. Mobile device data: OS, model, advertising ID (if available). Server logs: errors, security events, API queries.

  • 3.3 Third-party data

    Integration platforms (e.g., HubSpot, Salesforce) provide data you authorize them to share with us. Google OAuth / APIs: if you choose "Sign in with Google", we receive your name, email, and profile image (data minimization principle, read-only). Google API Services compliance — The use and transfer to any other app of information received from Google APIs will adhere to the Google API Services User Data Policy (including the Limited Use requirements).

  • 3.4 Data sources

    We may process data from publicly available sources and third-party partners. Where data are not obtained directly from you, we provide information under Art. 14 GDPR within the required time limits, unless a legal exception applies.

  • 3.5 Cookies and consent

    We do not use a CMP. Where required in the EEA/UK, non-essential cookies (analytics/marketing) are not set without your consent. You can manage preferences via your browser settings and provider opt-out mechanisms (e.g., Google Analytics opt-out add-on).

4. Methods and purposes of processing

Purposes of processing
PurposeDetailsLegal basis
Provision of the ServiceCreate and manage the Account, authentication, dashboard, APIs, reporting.Contract
CommunicationsTransactional messages about API availability, invoices, security; optional push notifications.Contract / Legitimate interests
Direct marketingNewsletters about similar products or upgrades; always with an easy opt-out.Legitimate interests / Consent
Analytics and improvementMeasurements of platform usage without direct identifiers (e.g., Google Analytics 4, Microsoft Clarity, Datadog APM).Consent (EEA/UK, where required) / Legitimate interests
Security and anti-fraudLogs, rate limiting, CAPTCHA, suspicious transactions.Legitimate interests / Legal obligation
Corporate transactionsDue diligence in corporate operations.Legitimate interests
Profiling/lead scoring (non-decisional)Segmentation and prioritization of leads for organizational/commercial purposes, without legal or similarly significant effects.Legitimate interests / Consent

5. Data sharing

Data sharing
RecipientsReason for sharingSafeguards / location
Cloud providers (AWS EU-West-1, Vercel EU, Cloudflare, Contabo)Hosting, CDN, logging.Standard Contractual Clauses (SCC) / Data Processing Addendum (DPA)
Payment processors (Stripe, PayPal)Order processing and invoicing.PCI-DSS; tokenization
Analytics (Google Analytics 4, Microsoft Clarity)Aggregated metrics, session replay.IP anonymization; browser/provider opt-out mechanisms
Support tools (Zendesk, Intercom)Ticketing and chat management.SCC
Public authoritiesCompliance with legal obligations or binding orders.N/A

6. Data retention

We retain Personal Data for the minimum period necessary:

Data retention
CategoryTypical retention period
AccountAs long as the Account remains open + 24 months of inactivity
Billing data6 years (UK tax regulations)
Security logs12 months
Marketing (email)Until consent is withdrawn or 24 months without interaction
Session replay (Clarity)30 days

7. International transfers

Data may be processed outside the EEA/UK (e.g., the USA). In such cases:

  • SCC 2021/914 or UK IDTA executed with the provider.

  • Supplementary measures: encryption in transit (TLS 1.3) and at rest (AES-256), least privilege, logging.

8. Data security

We apply technical and organizational controls:

  • Encryption at rest and in transit

  • Mandatory 2FA for staff

  • Annual penetration test

  • Role-based data-access policy

  • 24/7 monitoring with anomaly alerts

9. Your rights

Under the GDPR / UK GDPR you can exercise your rights by contacting privacy@finderlead.com. We will respond without undue delay and in any case within 1 month (extendable by 2 months for complex cases), informing you of the reasons for any extension. We may ask for information to verify your identity. You can withdraw/modify consents and object to non-essential processing.

  • Access

    obtain confirmation and a copy of the data processed

  • Rectification

    correction of inaccurate or incomplete data

  • Erasure ("right to be forgotten")

  • Restriction

    suspension of processing in the cases provided for

  • Portability

    receive or transfer data in a structured format

  • Objection

    to direct marketing or processing based on legitimate interests

  • Withdrawal of consent

    at any time

  • Complaint

    to the supervisory authority (ICO UK or your competent local authority)

10. Children's privacy

The Service is not intended for children under 13. We do not knowingly collect data from children. If a parent believes their child has provided us with personal data, please contact help@finderlead.com so we can promptly remove it.

11. External links

The Site may contain links to third-party domains. We are not responsible for their privacy practices; please read their policies before use.

12. Specific third-party services

  • Microsoft Clarity & Advertising

    collects behavioral data (clicks, scroll) via first/third-party cookies for analytics and advertising. Details: Microsoft Privacy Statement. Activation in the EEA/UK occurs only with prior consent where required.

  • OpenAI APIs

    if you enable AI features (e.g., lead classification), data may be processed by OpenAI's servers in the EU/USA; prompts and outputs are retained for < 30 days for security and auditing. We do not send special category data.

  • Zapier / Make

    for optional automations configured by the User; data transit according to the respective DPAs.

13. Changes to this Privacy Policy

We may update this text. In case of material changes, we will notify you via:

  • on-site banner or pop-up

  • email to registered Users

  • at least 15 days before it takes effect. The "Last updated" date will be changed accordingly.

14. Contacts

Data Controller AMZSTRATEGY LTD 71-75 Shelton Street, Covent Garden, London, WC2H 9JQ, United Kingdom General email: help@finderlead.com For privacy requests: privacy@finderlead.com For security reports: security@finderlead.com You may lodge a complaint with the ICO (UK) or your competent local authority. In Italy: Garante per la protezione dei dati personali — https://www.garanteprivacy.it