Privacy, Compliance & Security Policy

Last updated: 01 July 2025

Introduction

At XLR8Leads Pty Ltd, your privacy, data security, and compliance are integral to the way we operate. We are committed to managing your personal data responsibly, transparently, and in full accordance with applicable data protection and electronic communication laws across the jurisdictions in which we operate or serve clients—including Australia, the United States, Canada, the United Kingdom, and others as required.

This policy outlines how we collect, use, store, share, and protect your information, and how we meet our compliance obligations globally. By using this website or any of our services, you consent to the practices described in this policy.

1. Regulatory Compliance Overview

We follow all relevant privacy and communication laws based on the user’s location and the jurisdiction of data processing. These include, but are not limited to:

• Australia: Privacy Act 1988, Spam Act 2003

• United States: California Consumer Privacy Act (CCPA), Telephone Consumer Protection Act (TCPA), and A2P (Application-to-Person) SMS standards

• Canada: Personal Information Protection and Electronic Documents Act (PIPEDA), Canada’s Anti-Spam Legislation (CASL)

• United Kingdom: UK GDPR, Data Protection Act 2018

• European Union: General Data Protection Regulation (GDPR) (applicable where EU data subjects are involved)

2. International Data Subject Rights

2.1 European Union / United Kingdom (GDPR / UK GDPR)

Individuals based in the EU or UK have the following rights under GDPR/UK GDPR:

• Right to access personal data

• Right to rectify inaccurate or incomplete information

• Right to erasure ("right to be forgotten")

• Right to restrict processing

• Right to data portability

• Right to object to processing

• Right not to be subject to automated decision-making, including profiling

2.2 United States (CCPA / TCPA)

For U.S. residents, particularly California:

• Right to know what personal data is collected, shared, or sold

• Right to request deletion of personal data

• Right to opt out of the sale of personal data

• Right to non-discrimination for exercising privacy rights

• For SMS communication, we adhere to TCPA requirements including prior express written consent and opt-out mechanisms

2.3 Canada (PIPEDA / CASL)

For Canadian residents:

• Right to access and correct personal data

• Obligation of meaningful consent for collection, use, or disclosure

• All electronic messages adhere to Canada’s Anti-Spam Legislation (CASL), including opt-in requirements and unsubscribe mechanisms

To exercise any of these rights, please contact us at [email protected].

3. Consent and Communication

We only communicate with individuals who have provided express or implied consent in accordance with the laws of their jurisdiction. All electronic communications (SMS, WhatsApp, email, etc.) include clear opt-out instructions and are traceable to consent records.

• Outbound messages comply with regional telecom and privacy regulations.

• Messaging platforms used (e.g., Twilio, Go High Level) are vetted for compliance with A2P, CASL, TCPA, and GDPR best practices.

3.1 SMS Texting Procedure

Our AI sales agents may send appointment reminders and confirmations via SMS:

• To unsubscribe, text "STOP" to our short code. You’ll receive confirmation of your opt-out.

• To re-subscribe, follow the original opt-in process.

• Text "HELP" for assistance or email us at [email protected].

• Carrier charges may apply. We are not liable for delayed or undelivered messages.

4. Data Collection and Use

4.1 Personal Information Collected

We may collect:

• Name, phone number, email address, business information

• Device/browser identifiers, IP address, geolocation

• User preferences, consent records, and interaction data

4.2 Non-Personal or Aggregated Data

We collect anonymized and aggregated analytics data to improve user experience and service delivery. This information cannot be used to identify an individual.

5. Data Security

We partner with reputable platforms such as Go High Level, AWS, OpenAI, Cloudflare, and Zapier. Our security measures include:

• Data encryption (in transit and at rest)

• Multi-Factor Authentication (MFA)

• Role-Based Access Control (RBAC)

• Real-time threat detection (SIEM)

• Secure software development (aligned with OWASP)

• Ongoing staff training in cybersecurity best practices

6. Data Sharing and International Transfers

We do not sell your personal data. Your information may be:

• Shared only with third-party service providers necessary to deliver our services

• Transferred across borders only with appropriate legal safeguards in place (e.g., SCCs, PIPEDA-compliant contracts, UK Transfer Risk Assessments)

• Stored no longer than is necessary for business, legal, or regulatory purposes

7. Cookies and Tracking Technologies

We use cookies to:

• Enhance user experience and website functionality

• Analyse traffic and engagement

• Support marketing and remarketing initiatives

You can manage cookie preferences via your browser settings or our website’s cookie consent tool.

8. Database Reactivation Services

Our Database Reactivation services operate under stringent compliance frameworks:

• All contacts have documented consent

• Data minimization practices ensure only essential information is used

• Clear opt-out instructions are included in all communication

• Compliant with GDPR, CASL, CCPA, TCPA, Spam Act (AU), and other relevant laws

9. Children’s Privacy

Our services are not intended for children under the age of 13 (or equivalent minimum age in applicable jurisdictions). We do not knowingly collect personal data from minors.

10. Access, Correction, and Deletion Requests

You have the right to request access to, correction of, or deletion of your personal data. To submit a request, email us at [email protected]. We will respond within the timeframes required by the applicable laws (e.g., 30 days under GDPR).

11. External Links and Public Interactions

We are not responsible for the privacy policies or practices of third-party websites linked to from our site. Any information disclosed in public forums becomes public and may be collected or used by others.

12. Policy Updates

This Privacy Policy may be updated periodically to reflect changes in law or our practices. Updated versions will be posted on this page with the revision date clearly indicated. We encourage users to check this policy regularly.

13. Terms of Use Summary

• Use of our website constitutes acceptance of this Privacy Policy and our Terms of Service

• All content is owned by XLR8Leads Pty Ltd or its licensors

• Linking to our website is allowed; framing is not permitted without written consent

• Refunds are governed by the specific service terms

• Legal governance is determined by the relevant jurisdiction applicable to your contract or service

XLR8Leads Pty Ltd

Email: [email protected]

We’re here to help with any questions, privacy requests, or concerns regarding your data.