Your Privacy, Protected

Account Information

When you register for an account, we collect your name, email address, username, and password (stored as a secure hash). We never store your password in plain text.

Usage Data

We collect information about how you use the platform, including search queries, features accessed, pages visited, and timestamps. This helps us improve the product and diagnose issues.

Payment Information

Payments are processed by third-party providers (Stripe). We do not store your full card number, CVV, or banking details. We only retain a tokenised reference and your billing address for invoicing.

API Keys

If you provide a Google Maps API key, it is stored encrypted at rest and used solely to fulfil your search requests. We do not share, sell, or analyse your API key.

Technical Data

We may collect your IP address, browser type, operating system, and referral URLs to help detect fraud, enforce rate limits, and diagnose technical problems.

Service Delivery

We use your data to provide, operate, and maintain the platform — including processing your searches, storing your lead exports, and managing your subscription.

Communications

We send transactional emails (account confirmation, password reset, billing receipts). With your consent, we may also send product updates and tips. You can unsubscribe from marketing emails at any time.

Security & Fraud Prevention

We use technical and account data to detect abuse, enforce our Terms of Service, and protect the platform from fraudulent activity or misuse.

Product Improvement

Aggregated, anonymised usage statistics help us understand which features are most valuable and where we should focus development effort. This data cannot be traced back to individual users.

Legal Compliance

We may process your data as required to comply with applicable laws, respond to lawful requests from public authorities, or protect the rights and safety of our users.

We Do Not Sell Your Data

We never sell, rent, or trade your personal information to third parties for their marketing or commercial purposes. Full stop.

Service Providers

We share data with trusted vendors who help us operate the platform — including cloud hosting providers, payment processors, and email delivery services. These partners are contractually bound to use your data only for the purposes we specify.

Google Maps API

Search queries are transmitted to the Google Maps Places API on your behalf. Your use of data returned from Google Maps is also subject to Google's Terms of Service and applicable law.

Business Transfers

If Project Lead is acquired or merges with another company, your data may be transferred as part of that transaction. We will notify you before your data becomes subject to a different privacy policy.

Legal Disclosures

We may disclose your data if required by law, court order, or governmental authority, or to prevent imminent harm to persons or property.

Where We Store Data

Data is stored on servers located in the European Union and/or the United States. If you are located outside these regions, your data may be transferred internationally. We ensure appropriate safeguards are in place for all cross-border transfers.

Security Measures

We use industry-standard security practices: HTTPS encryption in transit, AES-256 encryption at rest for sensitive fields, bcrypt password hashing, and regular security reviews. However, no system is 100% secure — please use a strong, unique password.

Retention

We retain account data for as long as your account is active. If you delete your account, we delete or anonymise your personal data within 30 days, except where we are required by law to retain it longer (e.g., billing records for tax purposes — typically 7 years).

Lead Data You Generate

Lead data you scrape and store in the platform belongs to you. We do not analyse, sell, or use your lead data for any purpose other than displaying it back to you.

Access & Portability

You have the right to request a copy of the personal data we hold about you, in a machine-readable format. Submit a request to privacy@mgdev.io.

Correction

You can update most of your account information directly in the dashboard. For other corrections, contact us and we will update your records promptly.

Deletion

You can delete your account at any time from Settings → Account → Delete Account. This permanently removes your profile, stored leads, and search history.

Objection & Restriction

Under GDPR and similar regulations, you may object to certain types of processing or request we restrict how we use your data. Contact us at privacy@mgdev.io to exercise these rights.

Complaints

If you believe we have mishandled your data, you have the right to lodge a complaint with your local data protection authority (e.g., the ICO in the UK, or your national DPA in the EU).

Essential Cookies

We use a single session cookie to keep you logged in. This cookie is strictly necessary and cannot be disabled without breaking the service.

Analytics

We may use privacy-respecting analytics tools to understand aggregate usage patterns. These tools are configured to anonymise IP addresses and do not build cross-site advertising profiles.

No Ad Tracking

We do not use Facebook Pixel, Google Ad tags, or any third-party advertising trackers on the logged-in dashboard. The marketing website may use basic analytics only.

Managing Cookies

You can control cookies through your browser settings. Blocking the session cookie will prevent you from staying logged in. No other cookies are required for the platform to function.

Data Controller

Project Lead is the data controller for personal data processed through this platform. Our registered address and contact details are available on request.

Privacy Enquiries

For any privacy-related questions, data access requests, or complaints, email privacy@mgdev.io. We aim to respond within 5 business days.

Policy Updates

We may update this Privacy Policy from time to time. We will notify you of material changes by email or a prominent notice on the dashboard. The 'Last Updated' date at the top of this page always reflects the current version.

Governing Law

This Privacy Policy is governed by the laws of the United Arab Emirates, without regard to conflict-of-law principles. For users in the EU or UK, we also comply with GDPR and the UK GDPR respectively.