Privacy Policy.

TechLeadFlow (“TechLeadFlow,” “we,” “us,” or “our”) operates this website and provides B2B lead-generation services to IT, BI, and software companies.

Legal entity

TODO(owner): registered company name, e.g. TechLeadFlow s.r.o.

Registered address

TODO(owner): full street, city, postal code, Slovakia

Company ID (IČO)

TODO(owner): IČO

Tax ID (DIČ)

TODO(owner): DIČ

VAT ID (IČ DPH)

TODO(owner): IČ DPH or 'not VAT registered'

Registry

TODO(owner): registry court + insertion number

Privacy contact

hello@techleadflow.io

We are not required to appoint a Data Protection Officer (DPO) under GDPR Art. 37, but the privacy contact above handles all data-subject requests.

We collect personal data in three contexts visiting the site, contacting us, and operating outbound campaigns on behalf of clients.

2.1 · Site visitors

• Technical data: IP address, browser, device, OS, referrer, pages viewed, timestamps.
• Cookie identifiers (see Cookie Policy) including analytics and advertising trackers, only after you consent where consent is required.
• Conversion events sent server-side via the Meta Conversions API (CAPI) and equivalent APIs when applicable.

2.2 · People who contact us

• Name, work email, company, role, message content, and anything you choose to share.
• Call-booking metadata if you schedule via Cal.com or a similar tool.
• WhatsApp / messaging-channel identifiers if you reach out through those channels.

2.3 · B2B prospects (outbound)

• Business contact data (work email, name, role, employer, public LinkedIn or company website data) sourced from public registries and enrichment providers including FinStat, Apollo.io, and similar.
• Engagement signals (opens, clicks, replies) needed to run, measure, and improve campaigns.

Run the website

Serve content, secure the site, prevent abuse. Legal basis: legitimate interests (GDPR Art. 6(1)(f)).

Analytics

Understand which pages perform. Legal basis (EU/EEA): consent (Art. 6(1)(a)) + ePrivacy. US: legitimate interests / opt-out.

Advertising & retargeting

Show ads on Meta and other platforms; build Custom Audiences and Lookalike Audiences. Legal basis (EU): consent. US: opt-out as required by CCPA/CPRA.

Respond to contact

Reply to your enquiry, schedule calls. Legal basis: pre-contract steps (Art. 6(1)(b)) or legitimate interests.

Provide services to clients

Operate cold-email, calling, and ads campaigns on behalf of paying clients. Legal basis: contract performance + legitimate interests (B2B prospecting, Recital 47).

Comply with the law

Tax records, accounting, responding to authorities. Legal basis: legal obligation (Art. 6(1)(c)).

We share data only with vetted processors and partners, under contract, to deliver the services above. Categories of recipients:

• Advertising platforms: Meta Platforms Ireland Ltd. (EU users) and Meta Platforms Inc. (US users) for Meta Pixel, Conversions API, and Custom Audiences. Google LLC for Google Ads / GA4 where applicable.
• Outreach & CRM infrastructure: SmartLead, Apollo.io, FinStat, Pipedrive (or equivalent CRM), Make / Power Automate for workflow automation.
• Hosting & analytics: Vercel (or similar) for hosting; a privacy-respecting analytics provider where deployed.
• Communication: Google Workspace / Microsoft 365 for email; Cal.com for scheduling; WhatsApp for messaging.
• Professional advisors: accountants, lawyers, and auditors under confidentiality obligations.

For Meta Custom Audiences uploaded from client lists, you (the uploader) act as controller and instruct Meta Platforms, Inc. to process the data as processor under Meta’s Customer List Custom Audiences Terms and Data Processing Terms.

Some recipients (Meta Inc., Google LLC, Apollo.io, SmartLead) are based in the United States. Where we transfer personal data outside the EU/EEA we rely on:

• The EU-US Data Privacy Framework certification of the recipient where available, or
• Standard Contractual Clauses (Commission Decision 2021/914) plus supplementary technical measures as required by Schrems II.

A copy of the safeguards in place can be requested at hello@techleadflow.io.

We use the Meta Pixel and Conversions API to measure ad performance, build audiences, and retarget visitors. The Pixel sets cookies and sends events (page views, button clicks, form submissions) to Meta Platforms Ireland Ltd. (for EU/EEA users) and Meta Platforms Inc. (for users outside the EU/EEA).

For users in the EU/EEA and the UK the Pixel is blocked until you opt in via the cookie banner. For users in California and other US states that recognise opt-out signals, we honour the Global Privacy Control (GPC) browser signal and the “Do Not Sell or Share My Personal Information” link in the footer.

Where Meta and we jointly determine the means of processing for Pixel data, we act as joint controllers under GDPR Art. 26 under Meta’s Controller Addendum. Meta’s portion of that processing is governed by Meta’s Business Tools Terms and Meta’s Privacy Policy.

We send B2B outreach emails to professional addresses on the basis of legitimate interests (GDPR Art. 6(1)(f) and Recital 47) and applicable ePrivacy rules for B2B context. Every email contains:

• A clear identification of the sender on behalf of the client.
• The business reason for contacting that recipient (relevance to their role).
• A one-click opt-out / unsubscribe mechanism honoured immediately.

For US recipients we additionally comply with CAN-SPAM (15 U.S.C. § 7701 et seq.): physical postal address in every commercial email, accurate “From” and subject lines, and opt-out honoured within 10 business days.

Site analytics

Up to 14 months.

Contact form / call enquiries

Up to 36 months after last interaction; then archived or deleted.

Prospect database (no engagement)

Up to 12 months from last touch, then deleted.

Customers (active engagement)

Duration of contract + 10 years for accounting / tax obligations.

Marketing consents

Until withdrawn.

Under GDPR and UK GDPR you have the right to:

• Access the personal data we hold about you.
• Rectification of inaccurate data.
• Erasure (“right to be forgotten”) where one of the GDPR conditions applies.
• Restriction of processing.
• Data portability for data you provided to us.
• Object to processing based on legitimate interests, including direct marketing absolute right.
• Withdraw consent at any time, without affecting prior lawful processing.
• Lodge a complaint with a supervisory authority. The Slovak DPA: Úrad na ochranu osobných údajov SR, dataprotection.gov.sk.

Submit a request to hello@techleadflow.io. We respond within 30 days.

If you are a California resident, you have the right to know, delete, correct, and limit the use of your personal information, and to opt out of “sale” or “sharing” as those terms are defined under the CCPA/CPRA.

We do not sell personal information for money. However, our use of the Meta Pixel and similar advertising trackers may qualify as “sharing” for cross-context behavioural advertising. To opt out:

• Use the “Do Not Sell or Share My Personal Information” link in our footer, or
• Enable Global Privacy Control (GPC) in your browser we automatically honour the signal.

Categories of personal information collected in the past 12 months, consistent with Cal. Civ. Code § 1798.140:

• Identifiers (name, email, IP).
• Commercial information (services enquired about).
• Internet activity (browsing on our site, ad interactions).
• Professional information (employer, role, B2B context).
• Inferences from the above for audience modelling.

Categories of recipients: advertising platforms (Meta, Google), analytics providers, CRM and outreach tooling. We retain each category for the period set out in Section 8.

You may also designate an authorised agent to submit requests. We will not discriminate against you for exercising any CCPA/CPRA right.

Residents of Virginia (VCDPA), Colorado (CPA), Connecticut (CTDPA), Utah (UCPA), Texas (TDPSA), and other US states with comprehensive privacy laws have analogous rights to access, delete, correct, and opt out of targeted advertising or profiling. Submit a request to hello@techleadflow.io or via the universal opt-out link in our footer.

We implement administrative, technical, and physical safeguards appropriate to the risk: access controls, encryption in transit (TLS 1.2+), encryption at rest where supported, principle of least privilege, vendor security reviews, and incident response procedures. In the event of a personal-data breach we notify the competent supervisory authority within 72 hours and affected individuals where required.

The service is intended for business users aged 18 and over. We do not knowingly collect personal data from anyone under 16 (EU) or 13 (US, COPPA). If you believe we have, contact us and we will delete it.

We update this policy when our processing changes or the law requires. The “Last updated” date at the top reflects the current version. For material changes we will provide reasonable notice on the site.

Questions, complaints, or data-subject requests: hello@techleadflow.io.