Your Privacy, Protected

Account Information

When you register, we collect your name, email address, username, and password. Passwords are never stored in plain text — they are processed using PBKDF2 with SHA-512 and 100,000 iterations of key stretching, making them highly resistant to brute-force attacks.

Usage & Activity Data

We collect data about how you use the platform, including search queries, search history, CRM pipeline activity (lead statuses, tags, notes, follow-up dates), features used (email scraping, WhatsApp validation, tech stack detection, AI cold-email script generation), export history, and timestamps. This data is tied to your account and used only to provide and improve the Service.

Payment & Billing Data

Payments are processed by authorised third-party payment processors. We do not receive, store, or have access to your full card number, CVV, bank account details, or other sensitive payment credentials. We retain only your subscription status, plan tier, billing email, and transaction reference numbers for invoicing, receipts, and dispute resolution. Our payment processor(s) operate under PCI-DSS compliance standards.

Lead & CRM Data You Generate

We store the business lead data you scrape and manage, including business names, addresses, phone numbers, emails, websites, WhatsApp status, tech stack, star ratings, categories, and any CRM notes, tags, or statuses you assign. This data belongs entirely to you and is strictly isolated to your account — no other user can access it.

Technical & Device Data

We collect IP addresses, browser type, operating system, session identifiers, and error logs to enforce rate limits, detect fraud and abuse, diagnose technical issues, and maintain the security and integrity of the platform.

Communications

If you contact us for support, we retain records of that correspondence (emails, submitted forms) to resolve your issue and improve our support processes.

Performance of Contract

The primary basis for processing your account information, usage data, and subscription data is the performance of our contract with you (i.e., providing the Service you have agreed to use). Without this processing, we cannot provide the Service.

Legitimate Interests

We process technical and usage data on the basis of our legitimate interests in: operating a secure and reliable platform; detecting and preventing fraud and abuse; improving product features based on aggregated anonymised data; and enforcing our Terms of Service. We have assessed that these interests do not override your fundamental rights and freedoms.

Legal Obligation

We may process and retain certain data (e.g., billing records) where required to comply with applicable law, including tax, accounting, and financial regulations.

Consent

Where we send optional marketing communications (product updates, tips, newsletters), we do so only on the basis of your consent. You may withdraw consent at any time by clicking 'Unsubscribe' in any marketing email or contacting support@themgdev.com.

Service Delivery

We use your data to create and manage your account, process searches via the Google Maps Platform, store and display your leads and CRM data, generate AI cold-email scripts, validate WhatsApp numbers, detect tech stacks, send OTP verification codes, and manage your subscription.

Transactional Communications

We send you emails that are necessary for the Service: account registration confirmation, OTP verification codes, password reset links, subscription confirmations, payment receipts, and notices of changes to these policies. You cannot opt out of these communications while your account is active.

Security & Fraud Prevention

We use IP addresses, session data, and usage patterns to detect and prevent unauthorised access, account takeover, abuse of free trials, rate-limit circumvention, and other fraudulent or malicious activity.

Product Analytics & Improvement

We analyse aggregated, anonymised usage data to understand which features are most used, identify performance bottlenecks, and prioritise development. This analysis cannot be used to identify individual users.

Legal & Regulatory Compliance

We may process your data to comply with applicable laws, respond to lawful requests from governmental or judicial authorities, resolve disputes, enforce our agreements, or protect the rights, property, or safety of us, our users, or the public.

We Do Not Sell Your Data

We do not sell, rent, trade, or otherwise disclose your personal information to any third party for their own marketing, advertising, or commercial purposes. This applies to all personal data including your email address, usage data, and lead data.

Payment Processors

We share your billing email and subscription details with our authorised payment processor(s) as necessary to process transactions and manage subscriptions. Payment processors are selected for their compliance with PCI-DSS and applicable data protection law. We may change our payment processor at any time; any new processor will be bound by equivalent data protection obligations.

Infrastructure & Hosting

Your data is stored on a private VPS (virtual private server). Infrastructure access is restricted to authorised personnel only. We do not use multi-tenant shared cloud databases.

Email Delivery Service

We use an authorised third-party SMTP provider to deliver transactional emails (OTPs, password resets, receipts). Only your email address and the content of the message are shared, and solely for delivery purposes.

Google Maps Platform

Search queries you submit are transmitted to the Google Maps Places API via our server-side integration. Google processes these queries subject to Google's Privacy Policy and Terms of Service. We do not share your account identity with Google as part of these API calls.

Business Transfers

If Project Lead undergoes a merger, acquisition, or sale of all or substantially all of its assets, your data may be transferred to the successor entity. We will provide you with at least 30 days' advance notice by email and give you the opportunity to delete your account before the transfer takes effect.

Legal Disclosures

We may disclose your data if required by valid legal process (court order, subpoena, regulatory demand), or where we have a good-faith belief that disclosure is necessary to prevent imminent harm, fraud, or illegal activity. Where legally permissible, we will notify you of such a request.

Storage Location

Your data is stored on a private, dedicated VPS. Data is not stored in shared public cloud databases. If the server is located in a jurisdiction outside your country of residence, we ensure appropriate legal safeguards are in place for international data transfers, including standard contractual clauses where applicable.

Security Measures

We implement layered technical and organisational security measures: HTTPS/TLS encryption for all data in transit; PBKDF2-SHA512 password hashing with 100,000 iterations; per-user data isolation (your data is never accessible to other users); OTP-based email verification; per-account rate limiting; server access controls restricted to authorised personnel; and periodic security reviews.

No System Is Perfectly Secure

Despite our best efforts, no method of electronic storage or transmission is 100% secure. We cannot guarantee absolute security. In the event of a data breach that is likely to result in a high risk to your rights and freedoms, we will notify you and the relevant supervisory authority as required by applicable law (e.g., within 72 hours under GDPR).

Data Retention

We retain your account and usage data for as long as your account is active. If you delete your account, we will delete or anonymise your personal data within 30 days, except: (a) billing records, which we retain for up to 7 years as required by tax and accounting law; and (b) data subject to an active legal hold or regulatory investigation.

Lead Data Ownership

Lead data you generate and store in the platform belongs entirely to you. We do not analyse, use, monetise, or share your lead data. It exists solely to be displayed back to you and exported by you. On account deletion it is permanently removed.

Right of Access (GDPR Art. 15 / CCPA)

You have the right to request a copy of the personal data we hold about you, including information about how we use it and who we share it with. You may also request this in a structured, commonly used, machine-readable format (data portability). To submit a request, email support@themgdev.com with the subject 'Data Access Request'.

Right to Rectification (GDPR Art. 16)

You can update your name and email address directly in account Settings. If you believe other data we hold is inaccurate or incomplete, contact support@themgdev.com and we will correct it promptly.

Right to Erasure (GDPR Art. 17 / 'Right to Be Forgotten')

You can permanently delete your account at any time from Settings → Account → Delete Account. This removes your profile, all stored leads, and your search history. For additional erasure requests (e.g., where you have not logged in recently), contact support@themgdev.com.

Right to Restriction & Objection (GDPR Art. 18–21)

Under GDPR and equivalent laws, you may request that we restrict processing of your data in certain circumstances, or object to processing carried out on the basis of legitimate interests. Contact support@themgdev.com to exercise these rights. We will respond within 30 days.

Right to Withdraw Consent

Where processing is based on your consent (e.g., marketing emails), you may withdraw consent at any time without affecting the lawfulness of processing that took place before withdrawal. Unsubscribe from marketing emails using the link in any such email or contact support@themgdev.com.

California Privacy Rights (CCPA/CPRA)

California residents have the right to know what personal information we collect and how it is used, to delete personal information, to opt out of the sale of personal information (we do not sell personal information), and to non-discrimination for exercising privacy rights. To exercise these rights, contact support@themgdev.com.

Right to Lodge a Complaint

If you believe we have mishandled your personal data, you have the right to lodge a complaint with your national data protection authority — for example, the ICO (UK), your national DPA (EU), or the relevant authority in your jurisdiction. We encourage you to contact us first at support@themgdev.com so we can try to resolve your concern directly.

Session Cookie (Strictly Necessary)

We set a single, first-party session cookie (named 'lhpro_session') to authenticate you and keep you logged in. This cookie is strictly necessary for the Service to function and cannot be disabled without logging you out. It contains a signed authentication token and expires when your session ends or after a set period of inactivity.

No Advertising or Cross-Site Tracking

We do not use Facebook Pixel, Google Ads tags, TikTok Pixel, or any other third-party advertising or cross-site tracking cookies on any part of the platform. We do not build advertising profiles based on your usage.

Analytics

If we use analytics tools, they are configured to anonymise IP addresses, not set persistent identifiers, and not share data with advertising networks. Any analytics data is aggregated and cannot identify individual users.

Managing Cookies

You can control or delete cookies through your browser settings. Deleting or blocking the session cookie will log you out of the platform. No other cookies are required for the core Service to function.

No Service to Minors

The Service is not directed to, and is not intended for use by, anyone under the age of 18. We do not knowingly collect personal information from anyone under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact support@themgdev.com immediately and we will delete that data promptly.

Data Controller

Project Lead (operated at themgdev.com) is the data controller responsible for personal data processed through this platform. All data-related enquiries, access requests, and complaints should be directed to support@themgdev.com.

All Privacy Enquiries

For any question or concern about this Privacy Policy, how we handle your data, or to exercise any of your rights, email support@themgdev.com. Please include your account email address and a clear description of your request. We aim to acknowledge all requests within 5 business days and resolve them within 30 days (as required by GDPR and equivalent regulations).

Policy Updates

We may update this Privacy Policy from time to time as the Service evolves or legal requirements change. For material changes, we will notify you by email and/or a prominent in-app notice at least 14 days before the change takes effect. The 'Last Updated' date at the top of this page always reflects the current version. Continued use of the Service after the effective date constitutes acceptance of the updated policy.

Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates. For users in the European Union, the GDPR applies. For users in the United Kingdom, the UK GDPR and Data Protection Act 2018 apply. For California residents, the CCPA/CPRA applies. Nothing in this Policy limits rights you have under your applicable mandatory national law.