Privacy, Compliance & Security Policy

Introduction

At Xlr8Leads Pty Ltd, your privacy is our priority. We are committed to handling your personal data with the highest level of integrity and transparency, in line with international data protection and electronic communication laws. This policy explains how we collect, use, store, share, and protect your information across jurisdictions, including Australia, the European Union, the United Kingdom, and the United States.

By using this website or our services, you consent to the practices described in this policy.

1. Compliance Overview

We adhere to the following data protection and communication regulations:

- Australia: Privacy Act 1988, Spam Act 2003

- European Union: General Data Protection Regulation (GDPR)

- United Kingdom: UK GDPR and Data Protection Act 2018

- United States: California Consumer Privacy Act (CCPA), Telephone Consumer Protection Act (TCPA), and relevant A2P (Application-to-Person) messaging standards

2. International Data Rights and Compliance

2.1 GDPR and UK GDPR (EU/UK Residents)

For users located in the EU or UK, the following rights apply:

- Right to Access – You can request copies of your personal data.

- Right to Rectification – You can request correction of inaccurate or incomplete data.

- Right to Erasure ("Right to be Forgotten")

- Right to Restrict Processing

- Right to Data Portability

- Right to Object to Processing

- Right Not to Be Subject to Automated Decision-Making (including profiling)

To exercise any of these rights, please contact us at [email protected].

2.2 CCPA (California Residents)

For California residents, you have the following rights under the California Consumer Privacy Act:

- The right to know what personal information is collected, used, shared, or sold

- The right to delete personal information held by us

- The right to opt-out of the sale of personal information

- The right to non-discrimination for exercising your privacy rights

2.3 TCPA & A2P Messaging Compliance (USA)

We strictly comply with the Telephone Consumer Protection Act (TCPA) and A2P messaging guidelines, including:

- Prior express written consent before sending any marketing SMS messages

- Providing clear opt-out/unsubscribe mechanisms

- Time-of-day restrictions for A2P outreach

- Usage of registered messaging routes to ensure deliverability and legitimacy

3. Consent and Communication (A2P Messaging)

Whether communicating via SMS, WhatsApp, email, or other platforms, we only contact individuals who have provided express or implied consent. All messages contain opt-out options, and we retain proof of consent for auditing and legal purposes.

For A2P messaging:

- All outbound communications comply with telecom regulations relevant to the recipient's location.

- We use verified messaging platforms (e.g., Twilio, GoHighLevel) to ensure compliance with industry best practices.

4. Data Collection and Use

4.1 Personal Data

We may collect:

- Name, phone number, email address, business information

- IP address, browser type, and device identifiers

- Communication preferences and interactions with our AI agents or website

4.2 Non-Personal Data

We collect aggregated or anonymized data, such as web traffic, that cannot be used to identify you directly.

5. Data Security

We work with GoHighLevel, AWS, OpenAI, Cloudflare, and Zapier to secure data through:

- Data encryption (in transit and at rest)

- Multi-Factor Authentication (MFA)

- Access control via Role-Based Access Control (RBAC)

- Monitoring and alerts using Security Information and Event Management (SIEM)

- Secure coding practices aligned with OWASP

- Employee training on cybersecurity and phishing awareness

6. Data Sharing and Transfers

We do not sell your data. Your personal information is:

- Shared only with trusted vendors necessary to deliver our services

- Never transferred internationally without appropriate safeguards (e.g., Standard Contractual Clauses for EU transfers)

- Retained only as long as necessary, then deleted or anonymized

7. Cookies and Tracking Technologies

Our website uses cookies and related tracking tools to:

- Enhance site navigation and user experience

- Analyze performance and marketing campaigns

You may control cookie preferences through your browser settings or our consent banner.

8. Database Reactivation Services

We perform Database Reactivation campaigns under the strictest privacy standards:

- All records used have prior consent on file

- We employ data minimization by only collecting information necessary to re-engage the contact

- Every communication contains opt-out mechanisms

- All outreach complies with relevant Spam, GDPR, CCPA, and TCPA laws

9. Children’s Privacy

Our services are not directed at children under 13, and we do not knowingly collect their personal data.

10. User Access and Deletion

You have the right to access, correct, or delete your personal data.

Please email [email protected] to submit your request. We will respond in accordance with the applicable legal timeframes (e.g., 30 days under GDPR).

11. External Links and Public Forums

We are not responsible for the privacy practices of other websites linked to from our site. Posts in public forums become public, and we cannot control how third parties use such information.

12. Updates to This Policy

We may modify this Privacy Policy at any time. Changes will be posted on this page, with the effective date updated. We encourage you to review this page periodically.

13. Terms of Use

- Use of this site implies agreement to this Privacy Policy and our Terms of Service

- Content is the property of Xlr8Leads Pty Ltd or its licensors

- Linking is permitted; framing is not without consent

- Refunds are governed per service or product

- Governed by the laws of Australia, without conflict of law principles

Contact Us

Xlr8Leads Pty Ltd

Email: [email protected]

If you have any questions or wish to exercise your data rights, we’re here to help.

International Enquiries

[email protected]

© 2025 XLR8leads Pty Ltd - All Rights Reserved