Privacy Policy

Policy Version 3.0. Last updated: 27 September 2025

1. Introduction

XLR8Leads Pty Ltd (“XLR8Leads”, “we”, “us”, or “our”) is committed to protecting the privacy and security of personal information and complying with applicable data protection, telecommunications, and consumer laws in all jurisdictions in which we operate.

This Privacy Policy explains how we collect, use, disclose, store, and protect personal information, and outlines the rights of individuals whose data we process.

By accessing our website, submitting a form, engaging with our communications, or using our services, you acknowledge and agree to the practices described in this Privacy Policy.

2. Scope

This Privacy Policy applies to:

Visitors to our websites and landing pages

Clients and business partners

Individuals who interact with our communications (SMS, email, messaging, voice)

Users of our automation, communications, and engagement services

This policy is designed to comply with global privacy and communications laws, including but not limited to:

Privacy Act 1988 (Australia)

GDPR & UK GDPR

CCPA (California)

TCPA (United States)

CASL (Canada)

Spam Act 2003 (Australia)

Digital Personal Data Protection Act 2023 (India)

3. Personal Information We Collect

We collect only the minimum personal information required to lawfully deliver our services.

3.1 Client Information

For business clients, we may collect:

Business name and registered address

Company identification details

Authorised representative details (name, email, phone)

Billing and payment information

3.2 Communication & Engagement Data

For individuals contacted via our platform, we may process:

First and last name

Phone number

Email address

Communication preferences

Message delivery and response data

3.3 Website Information

When visiting our website, we may collect:

Contact form submissions

Enquiry details

Cookie and analytics data

We do not collect unnecessary technical identifiers for outreach contacts and do not engage in unauthorised tracking through messaging channels.

4. How We Use Personal Information

We use personal information only for lawful and legitimate purposes, including:

Delivering our services

Managing client relationships

Providing communications and engagement services

Processing transactions and invoicing

Meeting regulatory and compliance obligations

Maintaining platform security and integrity

We do not sell personal information.

5. Consent & Communications

5.1 Lawful Basis

We process personal information only where a lawful basis exists, including:

Consent

Contractual necessity

Legitimate interest

Legal obligation

5.2 SMS Communications (A2P / Carrier Compliance)

If you opt in to receive SMS from XLR8Leads Pty Ltd, we may send messages related to your enquiry, appointment scheduling, confirmations, reminders, and requested follow-up information.

Message frequency: varies. Message & data rates: may apply.

Opt-out: Reply STOP to unsubscribe. Help: Reply HELP or contact [your support email].

Mobile information sharing: No mobile information will be shared with third parties/affiliates for marketing or promotional purposes. Text messaging originator opt-in data and consent will not be shared with any third parties.

5.3 SMS Messaging & Consent

XLR8Leads only sends SMS messages to individuals who have explicitly opted in via our website contact/booking form.

By submitting your details and checking the required consent checkbox, you agree to receive SMS messages related to your enquiry, appointment confirmation, and requested follow-up information.

Message frequency may vary. Message & data rates may apply.

You may opt out of receiving SMS messages at any time by replying STOP. After opting out, you will no longer receive SMS messages from us unless required to confirm your opt-out request.

We do not send marketing or promotional SMS messages without separate, explicit consent.

No mobile information will be shared with third parties or affiliates for marketing or promotional purposes. All SMS opt-in data and consent records are kept strictly confidential.

5.4 Messaging & Communications

Individuals may receive SMS, email, WhatsApp, voice, or other electronic communications where valid consent has been provided in accordance with applicable laws.

Communications may include:

Transactional messages (e.g., appointment reminders, service updates)

Customer support communications

Promotional or marketing messages (where permitted)

Message frequency may vary. Standard message and data rates may apply.

Consent to receive messages is not a condition of purchase.

5.5 Opt-Out & Support

All communications include clear and accessible opt-out mechanisms.

You may unsubscribe at any time by replying with a recognised keyword such as STOP, CANCEL, or UNSUBSCRIBE.

For help, you may reply HELP or contact us at [email protected].

Opt-out requests are processed immediately and recorded for compliance purposes. A confirmation message is sent once opt-out is complete.

5.6 SMS Data Protection (Carrier Requirement)

No mobile information will be shared with third parties/affiliates for marketing/promotional purposes. All the above categories exclude text messaging originator opt-in data and consent; this information will not be shared with any third parties.

6. Client Campaigns & Data Roles

Where XLR8Leads provides services on behalf of clients:

The client is the data controller

XLR8Leads acts as a data processor

Clients are responsible for ensuring that contact data has been lawfully collected with valid consent

XLR8Leads processes data solely in accordance with client instructions and applicable law

Where XLR8Leads communicates directly regarding its own products or services, XLR8Leads acts as the data controller.

Consent Records

Opt-in records are maintained with timestamps and source references for audit and regulatory purposes.

7. Data Security

We implement appropriate technical and organisational measures to protect personal information, including:

Encryption in transit and at rest

Secure access controls

Role-based permissions

Multi-factor authentication

Continuous monitoring and threat detection

Secure development practices

Staff privacy and security training

Data Security & Governance

We maintain internal data processing, information security, and governance policies designed to protect personal information against unauthorised access, misuse, loss, or disclosure.

These policies outline the technical and organisational measures we apply when handling personal data and are reviewed periodically to support compliance with applicable privacy and data protection laws.

8. Data Storage & International Transfers

XLR8Leads operates secure, region-aware cloud infrastructure and supports data residency requirements where required by law.

Where personal information is transferred internationally, we implement appropriate safeguards in accordance with applicable regulations.

9. Data Retention

We retain personal information only for as long as necessary to:

Deliver services

Meet contractual obligations

Comply with legal and regulatory requirements

Clients retain control over their data and may request deletion in accordance with applicable laws.

10. User Rights

Depending on your jurisdiction, you may have the right to:

Access your personal information

Correct inaccurate data

Request deletion

Restrict or object to processing

Request data portability

Withdraw consent

Requests may be submitted via email or our website. We respond within legally required timeframes.

11. Children’s Privacy

Our services are not intended for individuals under the age of 18 (or the applicable local minimum age). We do not knowingly collect personal information from minors.