Legal

Privacy Policy

Last updated: April 16, 2026

This Privacy Policy explains how SeizeLead (“SeizeLead”, “we”) collects, uses, discloses, and protects your information when you use our website, dashboard, widget, and related services (the “Service”). It applies to account holders (“you”) and, where relevant, to end-users of websites that have SeizeLead installed.

1. Who is the data controller

For account data (your SeizeLead account), SeizeLead is the data controller. For lead data collected by popups you publish, you are the controller and SeizeLead is a processor acting on your instructions under these terms.

2. Information we collect

From account holders

  • Account details: name, email, hashed password.
  • Billing information: plan, billing address, Stripe customer ID (we never store full card numbers).
  • Popup content you create: HTML/CSS, configuration, templates, uploaded images.
  • Usage data: pages visited, features used, API calls, approximate IP-derived location.

From end-users (via your popups)

  • Information entered into your popup forms (typically email, optionally name, phone, other custom fields you define).
  • Anonymous visitor identifiers, page URL, referrer, device type, browser, country.
  • Popup interaction events (impressions, clicks, submissions) for analytics.

3. How we use information

  • To provide, operate, and improve the Service.
  • To process payments and manage subscriptions.
  • To send transactional email (verification, password reset, billing notices, service alerts).
  • To generate analytics and aggregated reports for you about your popups.
  • To detect fraud, enforce our Terms, and meet legal obligations.
  • With your consent, to send product updates and marketing communications (you can opt out anytime).

4. Legal bases (GDPR / DPDP)

We process personal data under one or more of these legal bases:

  • Contract: to provide the Service you signed up for.
  • Legitimate interests: operating, securing, and improving the Service.
  • Consent: for optional cookies and marketing.
  • Legal obligation: tax, accounting, regulatory compliance.

5. Sharing with third parties

We share data only with vetted sub-processors that help us run the Service, under contracts that require them to protect it:

  • Stripe — payment processing.
  • Resend — transactional email delivery.
  • Amazon Web Services (AWS / Lightsail) — hosting and storage.
  • Anthropic / OpenAI — AI text generation for popup content (only prompts you submit).
  • Sentry — error monitoring (errors are sanitised of PII before sending).
  • Google — OAuth sign-in, if you use it.

We never sell your personal data or your visitors’ personal data. We may disclose data if required by law, to protect our rights, or as part of a merger or acquisition (with notice to you).

6. Cookies & tracking

We use strictly necessary cookies for authentication and session management. We may also use analytics cookies with your consent. The SeizeLead widget installed on customer websites uses a first-party localStorage key (not a cookie) to remember per-visitor popup display frequency; it does not track users across sites.

7. Data retention

  • Account data: for the lifetime of your account, plus up to 90 days after deletion for backup recovery.
  • Billing records: up to 7 years, as required by tax law.
  • Lead data captured by your popups: stored until you delete it or close your account.
  • Popup analytics events: aggregated after 13 months; raw events purged after 24 months.

8. International transfers

SeizeLead is operated from India. When you use the Service, your data may be transferred to and processed in India, the EU, the US, and other countries where our sub-processors operate. We rely on Standard Contractual Clauses and equivalent safeguards for cross-border transfers of EU/UK personal data.

9. Your rights

Subject to applicable law (GDPR, UK GDPR, India’s DPDP Act, CCPA, etc.), you have the right to:

  • Access the personal data we hold about you.
  • Correct inaccurate data.
  • Request deletion (“right to be forgotten”).
  • Export your data in a portable format.
  • Object to or restrict certain processing.
  • Withdraw consent where processing is consent-based.
  • Lodge a complaint with your local data protection authority.

To exercise these rights, email privacy@seizelead.com. We respond within 30 days.

10. Security

We use industry-standard security measures: TLS in transit, encryption at rest, bcrypt for passwords, role-based access control, audit logging, and regular backups. No system is 100% secure — if we become aware of a breach affecting your data, we will notify you within 72 hours where required by law.

11. Children

The Service is not directed to children under 16, and we do not knowingly collect personal data from them. If you believe a child has provided us data, contact privacy@seizelead.com and we will delete it.

12. Changes to this policy

We may update this Policy from time to time. Material changes will be notified by email or prominent in-app notice at least 14 days before they take effect.

13. Contact

Privacy questions or requests: privacy@seizelead.com. General support: support@seizelead.com.

← Back to home|Terms of Service