Skip to main content

GDPR and Data Privacy

Last updated: April 2026

LeadJaw is committed to operating transparently and responsibly under UK GDPR. This page explains how we handle data across our platform, what our lawful basis for processing is, and what your rights are as a data subject or as a LeadJaw client.

 

Our ICO registration

AppJaw Ltd t/a LeadJaw, is registered with the UK Information Commissioner's Office under registration number ZC149414. You can verify this registration at ico.org.uk.

 

How LeadJaw works

LeadJaw processes the IP addresses of visitors to our clients' websites. We match those IP addresses against business network data to identify the visiting company. We return the company name, domain, sector and location to the client's dashboard.

When a visitor lands on a website using the LeadJaw tracking script, their IP address is collected and we attempt to match it against business network data. IP addresses that resolve to residential, mobile or consumer connections do not produce a match and no data about those visits is returned to the client dashboard. Where an IP address cannot be matched to a business network, we classify that visitor as anonymous and they do not appear as an identified visitor on the client dashboard.

As a result, LeadJaw returns company-level records only. No personal data about individuals is returned to client dashboards through the IP identification process. Where personal data does appear in the platform, it is because an individual has submitted a form on the client's website. That data is processed separately under the form fill provisions below.

LeadJaw is a B2B tool. If your website primarily serves individual consumers, the volume of identifiable traffic will be low. See our Terms of Service for more detail on appropriate use.

 

Lawful basis for processing

LeadJaw processes business IP address data under the lawful basis of legitimate interests (Article 6(1)(f) UK GDPR). Our legitimate interests assessment concludes that:

  • Business IP addresses relate to company networks. They are processed for the purpose of identifying the visiting organisation. Any individual associated with that visit is an employee or representative of the company, acting in a professional capacity.
  • The purpose of processing is to provide B2B sales intelligence, which is a recognised and proportionate commercial purpose.
  • IP addresses that resolve to residential, mobile or consumer connections do not produce a match. No data about those visits is returned to the client dashboard, minimising any risk to individuals.
  • The processing is limited to what is necessary to identify the visiting company.
  • The rights and freedoms of data subjects are not overridden by this processing.

 

Where enrichment is active on the account (business names, job titles, business email addresses), this is also processed under legitimate interests. Clients are responsible for ensuring their own outreach activity complies with UK GDPR and the Privacy and Electronic Communications Regulations (PECR).

 

Data we process

  • Business IP addresses - used to identify visiting companies. Retained for the same period as other visitor data and deleted within 30 days of account closure.
  • Contact data - business names, job titles and business email addresses -- is sourced from third-party enrichment providers where enrichment is active on the account.
  • Form fill data - data submitted via forms on client websites, associated with the company visit record. This data may include personal data submitted by individuals. LeadJaw processes this data as a data processor on behalf of the client. The client is the data controller for form fill data.
  • Account data - name, email address and company details of LeadJaw account holders.

 

 

Data retention

  • Visitor intelligence data is retained for the duration of the client account and deleted within 30 days of account closure.
  • Visitor records for unmatched IP addresses are retained for the same period as other visitor data and deleted within 30 days of account closure.
  • Billing and account records are retained for seven years to meet statutory requirements.
  • Server and access logs are retained for 90 days.

 

 

Sub-processors

LeadJaw uses a small number of third-party services to deliver the platform. All sub-processors are subject to contractual data protection obligations no less protective than those we apply to our own processing. In line with our obligations under Article 28 of UK GDPR, a full list of sub-processors is available to clients on request. To request the list please email [email protected].

 

Your rights as a data subject

Under UK GDPR you have the following rights in relation to personal data we hold about you.

  • Right of access - you can request a copy of the data we hold about you.
  • Right to rectification - you can ask us to correct inaccurate data.
  • Right to erasure - you can ask us to delete your data where there is no overriding legitimate reason to retain it.
  • Right to restrict processing - you can ask us to pause processing of your data while a dispute is resolved.
  • Right to object - you can object to processing based on legitimate interests. We will stop unless we have compelling grounds to continue.
  • Right to data portability - you can request your account data in a portable format.

 

To exercise any of these rights please email [email protected]. We will respond within 30 days. If you are not satisfied with our response you have the right to complain to the ICO at ico.org.uk/make-a-complaint.

 

Opt-out from visitor tracking

If you believe your company is being identified by the LeadJaw platform and you wish to opt out, please email [email protected] with your company domain. We will add your domain to our suppression list within five working days.

 

Client responsibilities

When you install the LeadJaw tracking script on your website you become a data controller in your own right. You are responsible for:

  • Disclosing your use of LeadJaw in your own privacy policy (see sample text below).
  • Ensuring your use of visitor intelligence data complies with UK GDPR and PECR.
  • Conducting a legitimate interests assessment if required for your sector or use case.
  • Ensuring any outreach to identified contacts is carried out on an appropriate lawful basis.

 

Privacy statement for client websites

Copy and adapt the following text for use in your own website privacy policy. You may edit it to match your tone and legal requirements.

Copy and paste this text into your own website privacy policy

This website uses AppJaw Ltd t/a LeadJaw, a UK based B2B website visitor intelligence service operated at www.leadjaw.com (ICO registration: ZC149414).

LeadJaw processes the IP addresses of visitors to this website to identify the company associated with each visit. When a visitor lands on this website, their IP address is collected and matched against business network data. IP addresses that resolve to residential, mobile or consumer connections do not produce a match and no data about those visits is returned to our dashboard. Visitors who cannot be matched to a business network are recorded as anonymous. No personal data about individuals is returned through this process. The LeadJaw tracking script sets a first-party cookie on your device with a lifespan of 365 days. This cookie stores an anonymous visitor identifier used to recognise returning visits. It does not contain personal data, is not used for advertising and is not shared with third parties.

This processing is carried out under the lawful basis of legitimate interests. The data is used by us for B2B sales and marketing purposes, specifically to follow up with companies that have shown an interest in our products or services.

If you wish to opt out of this processing, please email [Enter your privacy contact email] or contact LeadJaw directly at [email protected]. LeadJaw will add your company domain to their suppression list within five working days.

For full details of how LeadJaw processes data please see their GDPR and Data Privacy page at www.leadjaw.com/gdpr.

 

Data Processing Agreement

All LeadJaw clients are covered by our Data Processing Agreement, which governs how we process data on your behalf as your data processor. You can read the full agreement at leadjaw.com/data-processing-agreement. By creating a LeadJaw account you accept the terms of this agreement.

 

Contact

For all data protection and privacy enquiries please contact us at [email protected] or by post at AppJaw Ltd t/a LeadJaw, 12, Melbourne Business Court, Millennium Way, Derby DE24 8LZ.

Ready to see who visits your site?

Free trial, no credit card required.

Start free trial