Legal

Privacy Policy

Last updated: May 22, 2026

TrendyyLeads (“TrendyyLeads”, “we”, “us”, or “our”) provides a B2B leads search and outreach platform. This Privacy Policy explains what personal data we collect, why we collect it, how we use and share it, and the rights you have over it. It applies to our website, application, and related services (collectively, the “Service”).

We act as a data controller for the account and billing data described below. By creating an account or using the Service, you acknowledge the practices described in this policy.

1. Data We Collect

We collect the following categories of personal data:

Account information

Your name and email address, a hashed password, and (where you choose Google sign-in) your Google account identifier and profile email. We never store your password in plain text.

Payment information

When you purchase tokens, payment is processed by our payment provider, Paystack. We receive a transaction reference, amount, currency, and status. We do not store your full card number, CVV, or bank credentials — these are handled directly by Paystack.

Search queries and usage data

We store the search queries you run (such as industry, location, and company size), the results returned, your token balance and history, and basic technical data such as IP address, browser type, and timestamps for security and abuse prevention.

Communications

If you contact our support team, we keep a record of that correspondence so we can respond and improve our Service.

2. How We Use Your Data

We process your personal data for the following purposes:

  • To create and administer your account and authenticate you.
  • To deliver the core Service — running searches and returning leads.
  • To process token purchases and maintain accurate billing records.
  • To provide customer support and respond to your enquiries.
  • To detect, prevent, and investigate fraud, abuse, and security incidents.
  • To comply with our legal, accounting, and tax obligations.
  • To send essential service notices about your account or changes to terms.

3. Legal Bases for Processing

Under the EU and UK General Data Protection Regulation (GDPR), we rely on the following legal bases: performance of a contract to provide the Service you sign up for; legitimate interests to secure our platform, prevent abuse, and improve our product; legal obligation for tax and accounting records; and consent where required, such as for non-essential cookies, which you may withdraw at any time.

4. Cookies and Similar Technologies

We use strictly necessary cookies to keep you signed in (a JWT authentication cookie) and to protect against cross-site request forgery (a CSRF token). These cookies are essential for the Service to function and cannot be disabled. We do not currently use third-party advertising or analytics cookies. For full details, see our Cookie Policy.

5. Third-Party Services

We share data with the following processors, only as needed to run the Service:

  • Paystack— payment processing for token purchases. Paystack receives the data necessary to complete your transaction.
  • Resend— transactional and outreach email delivery. Resend processes the recipient address and message content for emails sent through the Service.
  • Google— if you choose Google sign-in, Google authenticates you and shares your basic profile with us.
  • Hosting and infrastructure providers who store data on our behalf under appropriate data processing agreements.

We do not sell your personal data. Where data is transferred outside the EEA or UK, we rely on appropriate safeguards such as Standard Contractual Clauses.

6. Data Retention

We retain account and search data for as long as your account is active. After you close your account, we delete or anonymise personal data within 90 days, except where we are required to retain billing and tax records for longer under applicable law (typically up to 7 years).

7. Data Security

We protect your data with encryption in transit (HTTPS), hashed passwords, access controls, and CSRF protection on state-changing requests. No system is perfectly secure, but we work to safeguard your information and will notify you and the relevant authorities of a breach where legally required.

8. Your Rights Under the GDPR

If you are in the EEA or UK, you have the following rights regarding your personal data:

  • Right of access— request a copy of the personal data we hold about you.
  • Right to rectification— correct inaccurate or incomplete data.
  • Right to erasure— request deletion of your data (“the right to be forgotten”).
  • Right to data portability— receive your data in a structured, machine-readable format.
  • Right to restrict or object— limit or object to certain processing, including processing based on legitimate interests.
  • Right to withdraw consent— where processing is based on consent, withdraw it at any time.
  • Right to lodge a complaint— with your local data protection supervisory authority.

To exercise any of these rights, email us at the address below. We will respond within one month, as required by the GDPR.

9. Children’s Privacy

The Service is intended for business use and is not directed at individuals under 18. We do not knowingly collect personal data from children.

10. Changes to This Policy

We may update this Privacy Policy from time to time. When we make material changes, we will update the “Last updated” date above and, where appropriate, notify you by email.

11. Contact Us

For any privacy questions or to exercise your data rights, contact our Data Protection team at privacy@trendyyleads.com.

Terms of ServiceCookie PolicyContact