Using Leadsourcing in Compliance with GDPR

Leadsourcing can be used legally under the General Data Protection Regulation (GDPR) based on "legitimate interest."

We recommend that you include a note about your use of Leadsourcing in the same section of your privacy policy where you disclose other tracking tools, such as Google Analytics.


Data Collection and Processing

Leadsourcing’s tracker collects behavioral data from your website visitors, including:

Additionally, we process visitors' IP addresses, matching them against our proprietary database to identify the companies behind visits and their geographic locations. All visitor data is aggregated at the company level, ensuring it is not tied to individuals.


Security and Data Protection

All collected data is transmitted and stored securely using AES-256-bit encryption. Our infrastructure is hosted on Google Cloud Platform (GCP) in secure, compliant data centers located in us-central region.

To learn more, visit our Security page.


Legitimate Interest as a Legal Basis

Leadsourcing’s data processing is justified under GDPR Article 6(f), which states:

"Processing is necessary for the purposes of the legitimate interests pursued by the controller or by a third party, except where such interests are overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data."

For B2B marketing and analytics, legitimate interest is the most appropriate and widely used legal basis. It aligns with the notion that individuals may have a legitimate interest in the products or services being offered by businesses they engage with online.