Leadvar ("we", "us", "our") is operated by Daniil Shurko, an individual based in Belgium, trading as Leadvar. This Privacy Policy explains how we collect, use, store, and protect personal data when you use our Service at leadvar.com, and the choices available to you.
Short version: We collect only what's necessary to run the service. We do not store the email addresses you enrich. We do not sell your data. We do not run ads.
We do not use cookies, tracking pixels, or third-party analytics tools on this website.
Importantly: raw email addresses you send to our API are forwarded to these processors to generate the enrichment response, then immediately discarded — we do not persist them in our database.
We do NOT use your data for: unsolicited marketing emails (unless you opt in), third-party advertising, or sale to other companies.
The lead score returned via the API is informational only. It does not constitute solely automated decision-making with legal or similarly significant effects on individuals under GDPR Article 22.
| Data Type | Retention Period |
|---|---|
| Account information | Duration of service + 30 days after deletion request |
| Email addresses enriched via API | Not stored — deleted immediately after API response |
| API request logs | 30 days (for debugging and abuse detection) |
| API keys | Until account deletion |
| Invoices & payment records | 7 years (statutory tax requirement) |
| Contact form submissions | Until resolved, then deleted within 90 days |
Under GDPR Article 6, we process personal data based on the following legal grounds:
We do not process special categories of personal data (race, health, religion, biometrics, etc.) under GDPR Article 9.
| Processor | Purpose | Location |
|---|---|---|
| ZeroBounce | Email validation | United States |
| Apollo | Person & company enrichment | United States |
| Hetzner | Cloud hosting & storage | Germany (EU) |
| Stripe | Payment processing | United States |
All sub-processors are bound by their own Data Processing Agreements. Where data is transferred outside the EU (ZeroBounce, Apollo, Stripe), we rely on EU-US Data Privacy Framework (DPF) certification where applicable, and Standard Contractual Clauses (SCCs) under GDPR Art. 46(2)(c) as a fallback, supplemented by Transfer Impact Assessments where required. You can request confirmation of applicable transfer mechanisms at hello@leadvar.com.
We may disclose data if required by law, court order, or lawful government request. Where legally permitted, we will notify you of such a request before disclosing.
If Leadvar is acquired by or merges with another company, your data may be transferred as part of that transaction. We will notify you via email prior to any such transfer.
To exercise any right: email hello@leadvar.com. We will respond within 30 days. For complex or numerous requests, we may extend this by a further two months and will notify you within the first month with the reason for the delay. If you are in the EU/EEA and unsatisfied with our response, you have the right to lodge a complaint with your local data protection authority (DPA).
While we follow industry best practices, no system is 100% secure. In the event of a data breach affecting your personal data, we will notify you and the relevant supervisory authority within 72 hours, as required by GDPR Art. 33–34.
Where processing activities may trigger a Data Protection Impact Assessment (DPIA) under GDPR Art. 35, documentation of our processing activities is available upon written request to hello@leadvar.com.
This website does not use cookies, tracking pixels, fingerprinting, or third-party analytics. We do not collect any data through your browser beyond standard server logs (IP, timestamp, page path) which are retained for 30 days.
Our infrastructure is hosted in Germany (Hetzner, EU). However, some sub-processors (ZeroBounce, Apollo, Stripe) are based in the United States. For EU-to-US data transfers, we rely on one or more of the following mechanisms as applicable:
To request copies of applicable SCCs or DPF certifications, contact hello@leadvar.com.
Leadvar is not directed at individuals under 18 years of age. We do not knowingly collect personal information from minors. If we become aware that we have collected data from a child without verifiable parental consent, we will delete it promptly.
If you use Leadvar to enrich email lists for outreach, you are the data controller responsible for: ensuring recipients have consented or that a legitimate interest basis applies (GDPR); complying with CAN-SPAM (US), CASL (Canada), and other applicable laws; and maintaining records of your lawful basis for processing. Leadvar is solely the data processor providing the enrichment tool.
We may update this Privacy Policy at any time. Non-material clarifications take effect upon posting, with the "Last Updated" date revised accordingly. For material changes — including changes to what data we collect, how we use it, or who we share it with — we will notify registered users via email at least 14 days before the change takes effect. Continued use of the Service after the effective date constitutes your acceptance of the updated policy.
For privacy questions, complaints, or to exercise your rights:
For EU residents: if you are unsatisfied with our response, you have the right to file a complaint with your national data protection authority. As Leadvar is based in Belgium, the lead supervisory authority is the Belgian Data Protection Authority (APD/GBA) — dataprotectionauthority.be.