Privacy Policy

Lyre Leads · Last Updated: February 20, 2026 · Contact: [email protected]

1. Introduction

This Privacy Policy explains how Lyre Leads ("we," "us," or "our") collects, uses, stores, and protects personal data when you use our platform at lyreleads.com ("Service").

We are committed to protecting your privacy and processing your personal data in accordance with the EU General Data Protection Regulation (GDPR), the Danish Data Protection Act (Databeskyttelsesloven), and other applicable data protection legislation.

2. Data Controller

The data controller responsible for your personal data is:
Lyre Leads
Website: lyreleads.com
Email: [email protected]

3. Data We Collect About You

3.1 Account Registration Data

When you create an account, we collect your name, email address, and password (stored as a one-way cryptographic hash — we cannot read it), along with your account creation date.

3.2 Usage and Activity Data

As you use the Service, we collect search queries you submit, lead data you retrieve and store, token consumption history, AI evaluation requests and results, enrichment requests and results, and filter/sort preferences saved in your session.

3.3 Payment Data

Payment is handled by Stripe, a PCI DSS-compliant payment processor. We do not store your full card number or CVV. We retain your Stripe customer ID, subscription plan and status, billing history, and the last 4 digits of your card on file (as provided by Stripe).

3.4 Technical and Log Data

We automatically collect your IP address at login and key actions, browser type and version, operating system, pages accessed and timestamps, and error logs. This data is used for security, abuse prevention, and service reliability.

3.5 Communications

If you contact us, we retain those communications to resolve your enquiry and improve the Service.

4. Data We Process on Your Behalf (Lead Data)

When you use Lyre Leads to search for and store business leads, the platform retrieves and stores data about third-party businesses, including business names, addresses, phone numbers, email addresses, social media profiles, and website intelligence data.

This data relates to businesses, not consumers. However, some data points — particularly email addresses of sole traders or named business contacts — may constitute personal data under GDPR. You, as the user, are an independent data controller for lead data you retrieve and use. You are responsible for ensuring your use complies with applicable data protection law. We process this data as your data processor solely to provide the Service.

5. Legal Basis for Processing (GDPR)

Data Type	Legal Basis
Account registration and management	Performance of contract (Art. 6(1)(b))
Providing Service features	Performance of contract (Art. 6(1)(b))
Payment processing	Performance of contract (Art. 6(1)(b))
Security and fraud prevention	Legitimate interests (Art. 6(1)(f))
Service improvement and debugging	Legitimate interests (Art. 6(1)(f))
Transactional emails (receipts, alerts)	Performance of contract (Art. 6(1)(b))
Product update or marketing emails	Legitimate interests or consent (Art. 6(1)(f)/(a)) — opt out anytime
Legal compliance	Legal obligation (Art. 6(1)(c))

6. How We Use Your Data

We use collected data to create and manage your account, deliver Service features, process payments, send transactional and product emails, detect and prevent fraud and abuse, debug and improve the platform, and comply with legal obligations. We do not sell your personal data to third parties.

7. Data Sharing with Third Parties

Third Party	Purpose
Stripe	Payment processing — stripe.com/privacy
SerpAPI	Business data retrieval — serpapi.com/privacy
OpenAI	AI lead scoring — openai.com/privacy
Render	Server hosting and infrastructure — render.com/privacy
Cloudflare	CDN and DDoS protection — cloudflare.com/privacypolicy

We do not share your data with any other third parties except where required by law.

8. International Data Transfers

Some of our third-party service providers are located outside the EEA, including in the United States. Where we transfer data outside the EEA, we ensure appropriate safeguards are in place, including Standard Contractual Clauses (SCCs) approved by the European Commission.

9. Data Retention

Data Type	Retention Period
Account and profile data	Duration of account + 30 days after deletion
Lead database (searches and enrichment)	Duration of account + 30 days after deletion
Payment and billing records	5 years (accounting and tax compliance)
Security and access logs	90 days
Support communications	2 years

10. Your Rights Under GDPR

As a data subject under the GDPR, you have the following rights:

Right of Access (Art. 15): Request a copy of the personal data we hold about you.
Right to Rectification (Art. 16): Request correction of inaccurate or incomplete data.
Right to Erasure (Art. 17): Request deletion of your personal data where it is no longer necessary for the purpose it was collected.
Right to Restriction (Art. 18): Request that we restrict processing in certain circumstances.
Right to Data Portability (Art. 20): Request your data in a structured, machine-readable format.
Right to Object (Art. 21): Object to processing based on legitimate interests, including direct marketing.
Right to Withdraw Consent: Where processing is based on consent, withdraw it at any time.

To exercise any of these rights, contact us at [email protected] with the subject line "Data Subject Request." We will respond within 30 days and may ask you to verify your identity.

You also have the right to lodge a complaint with the Danish Data Protection Authority (Datatilsynet): datatilsynet.dk / [email protected].

11. Cookies

Strictly Necessary: Session cookies required for the Service to function (login sessions, security tokens). These cannot be disabled.

Functional / Preference: Cookies that remember your settings within the platform (saved filters, column preferences).

We do not currently use third-party advertising cookies or tracking pixels on our own platform pages. You can control cookies through your browser settings, though disabling strictly necessary cookies will prevent the Service from functioning.

12. Security

We implement appropriate technical and organisational measures to protect your data, including bcrypt password hashing, HTTPS/TLS encryption for all data in transit, and access controls limiting who can access production systems. No security measures are 100% guaranteed. In the event of a data breach likely to result in high risk to your rights, we will notify you and the relevant supervisory authority as required by law.

13. Lead Data — Data Processing

Where lead data you collect constitutes personal data under GDPR:

You are the data controller — you determine the purposes and means of processing.
We are the data processor — we process lead data on your instructions (storing, displaying, enriching, and exporting as directed through the platform).
We do not use your lead data to enrich our own databases or sell to third parties.
We will assist you in responding to data subject requests relating to lead data where technically feasible.
We will delete lead data upon termination of your account.

If you require a formal Data Processing Agreement (DPA) signed by both parties, contact [email protected].

14. Children's Privacy

The Service is not intended for individuals under 18 years of age. If you believe we have inadvertently collected data from a minor, contact us at [email protected] and we will delete it promptly.

15. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by email or through a prominent notice in the platform at least 14 days before the change takes effect. Continued use after changes take effect constitutes your acceptance of the updated policy.

16. Contact

Email: [email protected]
Website: lyreleads.com
Response Time: Within 5 business days

Version 2.0 — February 2026