Privacy Policy

Last updated: 13th March 2026

This Privacy Policy explains how Lead IT Lab Ltd ("we", "us", "our") collects, uses, stores, and protects personal data in connection with the Lead IT Lab Business Hub platform.

We are committed to protecting your privacy and handling your data in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.

This policy applies to you as a platform user (our client) and explains your obligations as data controller in relation to the personal data of your own clients, leads, and contacts.

1. Who We Are

Lead IT Lab Ltd is a company registered in England and Wales, providing the Lead IT Lab Business Hub — a white-label marketing and CRM platform built on technology licensed from Go High Level LLC.

📧 [email protected]
🏢 59 Woodland Avenue, Penryn, Cornwall, TR10 8PG, United Kingdom

For the purposes of UK GDPR:

• Lead IT Lab Ltd is the data controller in respect of your account data (your name, email, billing details, and your interactions with us).
• Lead IT Lab Ltd is the data processor in respect of the personal data you collect, store, and process through the platform on behalf of your own clients. You are the data controller for that data.

2. Data We Collect

2.1 Account Data (You as Our Client)

When you register for and use the platform, we collect:

• Your name, business name, email address, phone number, and postal address.
• Billing and payment details (processed securely via Stripe).
• Login credentials and authentication data.
• Support correspondence and communication history with us.

2.2 Platform Usage Data

The platform automatically records:

• IP addresses, browser type, device information, and login activity.
• Actions taken within the platform (pages visited, features used, workflows triggered).
• Error logs and performance data for troubleshooting and security purposes.

2.3 Data You Process Through the Platform

As a platform user, you may collect and store personal data belonging to your own clients, leads, and contacts, including:

• Contact details (names, email addresses, phone numbers, addresses).
• Booking and appointment records.
• Communication records (emails, SMS messages, chat transcripts, call recordings).
• Form submissions and survey responses.
• Payment and transaction references.
• Any other data you choose to collect through the platform's tools.

You are the data controller for this data and are responsible for ensuring it is collected and processed lawfully.

3. Lawful Basis for Processing

Under UK GDPR, we must have a lawful basis for processing personal data. The bases we rely on are:

Purpose	Lawful Basis
Providing and managing your platform account	Contract performance (Article 6(1)(b)) — processing is necessary to deliver the services you've subscribed to.
Processing subscription payments and billing	Contract performance (Article 6(1)(b))
Sending service-related communications (e.g., billing alerts, platform updates, security notices)	Contract performance (Article 6(1)(b)) and Legitimate interests (Article 6(1)(f)) — keeping you informed about the service you use.
Platform analytics, performance monitoring, and improvement	Legitimate interests (Article 6(1)(f)) — improving the platform for all users.
Marketing communications (e.g., newsletters, feature announcements)	Consent (Article 6(1)(a)) — you can withdraw consent at any time.
Complying with legal and regulatory obligations	Legal obligation (Article 6(1)(c))
Processing data on your behalf as data processor	Contract performance (Article 6(1)(b)) — governed by the Data Processing Agreement in our Terms & Conditions (Section 9).

4. How We Use Your Data

We use your data solely to:

• Operate and deliver the Lead IT Lab Business Hub platform and its features.
• Process your subscription payments and manage billing.
• Provide technical support and respond to your enquiries.
• Send essential service communications (billing alerts, security notices, platform updates).
• Monitor and improve platform performance, reliability, and security.
• Comply with legal obligations and enforce our terms.

We do not sell your data or your clients' data to any third party. We do not use your data for our own marketing purposes unless you have opted in to receive marketing communications from us, and you can opt out at any time.

5. AI Features & Data Processing

5.1 How AI Features Work

AI-powered features on the platform may process conversation data, contact information, and business context (such as your FAQs, services, and pricing) to generate responses, book appointments, or qualify leads on your behalf.

5.2 Third-Party AI Providers

AI features may route data through third-party AI providers, including:

• OpenAI — for natural language processing, content generation, and conversational AI.
• Anthropic — where enabled for AI agent capabilities.

These providers process data as sub-processors under Go High Level LLC's infrastructure. Data sent to AI providers is used solely to generate responses and is subject to their respective data processing agreements with Go High Level.

5.3 AI Training

Your data is not used to train third-party AI models. OpenAI's API and Anthropic's API operate under enterprise data processing terms that exclude customer data from model training.

5.4 Your Responsibility

If you deploy AI features that interact with your clients, you are responsible for:

• Informing your clients that they may be communicating with an AI agent.
• Ensuring the AI is trained on accurate, up-to-date information about your services.
• Reviewing AI-generated communications for accuracy and compliance with your professional obligations.

6. Special Category Data

Lead IT Lab Ltd does not determine what data you collect through the platform. If you collect or process special category data (as defined in Article 9 of UK GDPR), you must:

• Identify both a lawful basis under Article 6 and a separate condition under Article 9 — most commonly explicit consent from the data subject.
• Ensure consent is freely given, specific, informed, and recorded.
• Conduct a Data Protection Impact Assessment (DPIA) where appropriate.
• Store only the minimum data necessary for your services.
• Never use special category data for marketing without separate explicit consent.

As data processor, Lead IT Lab Ltd does not access, review, or use your clients' special category data for any purpose beyond providing the platform. We strongly recommend seeking independent legal or compliance advice if you process health or sensitive data, particularly if you are subject to professional body codes of conduct (e.g., BACP, UKCP, NMC).

7. Third-Party Sub-Processors

To deliver the platform's full suite of features, we rely on the following trusted sub-processors:

Sub-Processor	Purpose	Location
Go High Level LLC	Core platform infrastructure, CRM, automations	United States
Twilio Inc.	SMS and voice communications	United States
Mailgun Technologies Inc.	Email delivery	United States
Stripe Inc.	Payment processing	United States
LeadConnector	Usage billing, telephony, and email services	United States
OpenAI	AI-powered features (where enabled)	United States
Anthropic	AI agent capabilities (where enabled)	United States
Google Cloud Platform	Data hosting and infrastructure	United States
Amazon Web Services (AWS)	Data hosting and infrastructure	United States

These providers process data under strict confidentiality and data protection agreements. We only share the minimum data necessary for them to perform their functions. We will notify you of any material changes to our sub-processor list.

8. Data Location & International Transfers

Because the platform infrastructure is provided by Go High Level LLC, a US-based company, personal data may be stored or processed on servers in the United States.

To ensure lawful transfers of personal data from the UK, the following safeguards are in place:

• EU-US Data Privacy Framework (with UK extension) — Go High Level is certified under this framework.
• Standard Contractual Clauses (SCCs) — included in Go High Level's Data Processing Agreement.
• UK International Data Transfer Agreement (IDTA) and/or the UK Addendum to the EU SCCs — providing UK-specific transfer protections.

Together, these mechanisms ensure your data remains protected to UK GDPR standards even when stored or processed outside the United Kingdom.

9. Sharing & Disclosure

We do not share your personal information with third parties for their own marketing purposes. We only disclose personal data in the following circumstances:

• Sub-processors: To the sub-processors listed in Section 7, solely to deliver platform services.
• Legal requirements: When required by law, regulation, court order, or lawful request from a public authority.
• Your authorisation: When you explicitly authorise us to share data with a third party — for example, if you connect a third-party integration.
• Business transfer: In the event of a merger, acquisition, or sale of assets, your data may be transferred as part of that transaction. We would notify you in advance.

Within Lead IT Lab Ltd and Go High Level LLC, data is accessed only by authorised personnel who require it for support, troubleshooting, or billing purposes.

10. Data Retention

10.1 During Your Subscription

All data you store on the platform is retained for the duration of your active subscription and remains accessible through your account.

10.2 After Cancellation or Termination

Timeframe	What Happens
0–14 days	Account is suspended. Data is preserved but inaccessible. You may reactivate by settling any outstanding balance.
14–28 days	Live assets (funnels, websites, automations) may be paused. Data is still preserved.
After 28 days	Account is permanently cancelled. All data is queued for deletion and permanently removed within 30 days of cancellation.

10.3 Legal Retention

Lead IT Lab Ltd may retain limited records beyond the above periods where required to comply with legal obligations, resolve disputes, or enforce agreements. This may include billing history, correspondence logs, and audit records. Such records are held securely with restricted access.

11. Data Security

We implement appropriate technical and organisational measures to protect personal data, including:

• Secure, password-protected access to all accounts with support for two-factor authentication.
• Role-based access controls within the platform.
• All data transmitted via encrypted connections (HTTPS/TLS).
• Encryption at rest for stored data within Go High Level's infrastructure.
• Regular security audits and monitoring by Go High Level LLC (SOC 2 compliant).
• Restricted internal access — only authorised Lead IT Lab personnel can access account data, and only when necessary for support or billing.

While we take all reasonable precautions, no method of data transmission or storage is completely secure. We cannot guarantee absolute security but will notify you promptly in the event of a breach (see Section 12).

12. Data Breach Procedures

In the event of a personal data breach affecting your account or data, Lead IT Lab Ltd will:

• Notify you without undue delay and in any event within 48 hours of becoming aware of the breach.
• Provide sufficient detail about the nature of the breach, the data affected, and the likely consequences to enable you to meet your own notification obligations to the ICO (within 72 hours) and to affected data subjects where required.
• Take immediate steps to contain and mitigate the breach.
• Cooperate with you in investigating the breach and implementing measures to prevent recurrence.

As data controller of your clients' data, you are responsible for reporting breaches to the Information Commissioner's Office (ICO) where required and for notifying affected individuals.

13. Your Rights

Under UK GDPR, you have the following rights in relation to the personal data we hold about you as our client:

• Right of access — request a copy of the personal data we hold about you.
• Right to rectification — request correction of inaccurate or incomplete data.
• Right to erasure — request deletion of your personal data where there is no compelling reason for continued processing.
• Right to restriction — request that we limit how we process your data in certain circumstances.
• Right to data portability — request your data in a structured, commonly used, machine-readable format (see Section 14).
• Right to object — object to processing based on legitimate interests or for direct marketing purposes.
• Right to withdraw consent — where we rely on consent, you can withdraw it at any time without affecting the lawfulness of prior processing.

To exercise any of these rights, contact us at [email protected]. We will respond within one calendar month.

14. Data Portability & Export

You may export your data at any time during your active subscription using the platform's built-in tools, including:

• Contact CSV export.
• Conversation and communication downloads.
• Reporting and analytics exports.

We recommend exporting any data you wish to keep before your subscription ends.

If you need assistance with data export during the post-cancellation retention window (0–28 days), contact us at [email protected]. A reasonable administration fee may apply for manual export assistance.

15. Cookies & Tracking

15.1 What Are Cookies?

Cookies are small text files placed on your device when you visit a website. They help the site recognise your device and remember certain information about your visit.

15.2 Cookies We Use

Cookie Type	Purpose	Duration
Strictly necessary	Essential for the platform to function — login sessions, security tokens, and preferences.	Session or up to 12 months
Analytics	Help us understand how the platform is used so we can improve performance and features. No personally identifiable data is collected.	Up to 24 months
Functional	Remember your settings, preferences, and choices to provide a more personalised experience.	Up to 12 months

15.3 Third-Party Cookies

Some features may set cookies from third-party services (e.g., Stripe for payment, embedded videos, or social media widgets). These are governed by the respective third party's cookie and privacy policies.

15.4 Managing Cookies

You can manage or disable cookies through your browser settings. Note that disabling strictly necessary cookies may affect the platform's functionality. Where required by law, we display a cookie consent banner on our website.

15.5 Your Client-Facing Pages

If you build websites, funnels, or landing pages using the platform, those pages may set cookies on your visitors' devices. You are responsible for providing a cookie notice and obtaining consent on your own pages where required by PECR and UK GDPR. The platform provides tools to help you add cookie consent banners.

16. Children's Data

The Lead IT Lab Business Hub is a business-to-business platform and is not directed at individuals under the age of 18. We do not knowingly collect personal data from children. If you become aware that a child has provided us with personal data, please contact us immediately and we will take steps to delete it.

17. Changes to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, the platform's features, or legal requirements. When we make material changes, we will:

• Update the "Last updated" date at the top of this page.
• Notify you via email or an in-platform announcement where the changes are significant.

We encourage you to review this page periodically. Your continued use of the platform after changes are posted constitutes acceptance of the updated policy.

18. Contact & Complaints

If you have any questions about this Privacy Policy, your data, or how we handle it, contact us:

📧 [email protected]
🏢 Lead IT Lab Ltd, 59 Woodland Avenue, Penryn, Cornwall, TR10 8PG, United Kingdom

If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner's Office (ICO):

🌐 ico.org.uk/make-a-complaint
📞 0303 123 1113