Privacy Policy
Last updated: 10 April 2026 · Version 2026-04-10
1. Who We Are
This website is operated by TLC Marketing Limited (trading as “The Lead Cloud”), registered in England and Wales (company number 14846968). Our registered office is at 242 Bournemouth Road, Chandler’s Ford, Eastleigh, England, SO53 3HB.
We are registered with the Information Commissioner’s Office (ICO) under registration number ZB553148.
For data protection enquiries, contact us at privacy@theleadcloud.com.
2. What This Policy Covers
This Privacy Policy explains how we collect, use, store, and share personal data when you visit this website or register as a lead buyer on our platform. It applies to mortgage brokers, financial advisers, and other business users who interact with this site (“you”).
If you are a consumer who has submitted a mortgage enquiry through one of our consumer-facing websites, please refer to the privacy policy on that specific website.
3. Data We Collect
We collect the following categories of personal data:
3.1 Registration Data
When you register as a lead buyer, you provide:
- Full name and job title
- Email address and phone number
- Company name
- Lead delivery preferences (delivery email, CRM system)
- Brand information (company name, phone, email, and website displayed to consumers)
- Lead type and volume preferences
3.2 Payment Data
We use Stripe to process payments. When you save a payment method during registration, your card details are collected and stored directly by Stripe. We do not have access to your full card number. We receive only a token, card type, last four digits, and expiry date from Stripe for invoicing display purposes.
3.3 Technical & Usage Data
When you use this website, we automatically collect:
- IP address
- Browser type and version (user agent)
- Pages visited and time spent on pages
- Referring URL and search terms
- Device type and screen size
3.4 Chat Data
If you use the chat feature on this website, the messages you send and the responses you receive are processed to answer your questions. Chat conversations are not stored long-term or linked to your registration.
3.5 Consent Records
When you accept our Terms of Service and Replacement Policy during registration, we record the version accepted, your IP address, browser user agent, and the date and time of acceptance. This is retained as evidence of your consent.
4. How We Use Your Data
We use your personal data for the following purposes:
| Purpose | Lawful Basis (UK GDPR) |
|---|---|
| Processing your registration and setting up your buyer account | Contract (Art. 6(1)(b)) |
| Delivering Leads and managing your account preferences | Contract (Art. 6(1)(b)) |
| Issuing invoices and processing payments | Contract (Art. 6(1)(b)) |
| Sending registration confirmations and service emails | Contract (Art. 6(1)(b)) |
| Website analytics and improving our service | Legitimate interest (Art. 6(1)(f)) |
| Measuring advertising effectiveness (Meta Pixel) | Consent (Art. 6(1)(a)) |
| Fraud prevention and bot protection (Cloudflare Turnstile) | Legitimate interest (Art. 6(1)(f)) |
| Keeping records of consent and legal compliance | Legal obligation (Art. 6(1)(c)) |
5. Cookies & Tracking Technologies
When you first visit this website, a cookie consent banner allows you to accept or reject optional cookies. Your choice is saved in a first-party cookie (tlc_cookie_consent) and recorded in our database for audit purposes. You can change your preference at any time by clearing your cookies and revisiting the site.
5.1 Essential (always active)
- Session storage — stores your wizard form progress locally in your browser so you don’t lose your work if you navigate away. This is not a cookie and is cleared when you close the tab.
- Cookie consent preference (
tlc_cookie_consent) — a first-party cookie that records your analytics and marketing cookie choices so you are not asked again on each visit.
5.2 Analytics (requires consent)
- PostHog — we use PostHog for product analytics to understand how visitors use the site. PostHog may set cookies to distinguish unique visitors and track pageviews. Data is processed in the EU. No data is collected unless you consent via the cookie banner.
5.3 Advertising (requires consent)
- Meta (Facebook) Pixel — we use the Meta Pixel and Conversions API to measure the effectiveness of our advertising on Meta platforms. This sets the
_fbp(browser identification) and_fbc(click identification) cookies. No data is transmitted to Meta unless you consent via the cookie banner. When you complete registration, we send a server-side event to Meta containing your hashed email and phone number to attribute the conversion. You can also opt out of Meta tracking via your Facebook Ad Preferences.
6. Who We Share Data With
We share your personal data with the following categories of recipients:
- Stripe (payment processor) — to create your customer record, store your payment method, and process invoice payments. Stripe acts as an independent data controller for payment data. See Stripe’s Privacy Policy.
- Supabase (database hosting) — to securely store your registration and account data. Supabase acts as a data processor on our behalf.
- Mailgun (email delivery) — to send you registration confirmations and service communications. Mailgun acts as a data processor. Data is processed via their EU infrastructure.
- PostHog (analytics) — to process website usage data. PostHog acts as a data processor. See PostHog’s Privacy Policy.
- Meta Platforms (advertising) — to measure and optimise ad performance. Meta acts as a joint controller for conversion data. See Meta’s Privacy Policy.
- Cloudflare (security) — Turnstile CAPTCHA verification to prevent abuse. See Cloudflare’s Privacy Policy.
We do not sell your personal data. We will not share your data with any other third parties except where required by law or with your explicit consent.
7. International Transfers
Some of our third-party service providers (Stripe, Cloudflare, Meta) process data in the United States. Where personal data is transferred outside the UK, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses (SCCs) approved by the ICO, or reliance on the provider’s participation in an adequacy framework.
8. Data Retention
- Registration & account data — retained for the duration of your active account and for 6 years after your last invoice, in line with HMRC record-keeping requirements.
- Payment records — retained by Stripe in accordance with their own retention policies and applicable financial regulations.
- Consent records — retained for 6 years after collection as evidence of lawful processing.
- Analytics data — PostHog data is retained for up to 12 months.
- Advertising cookies — Meta cookies expire after 90 days unless renewed by a subsequent visit.
9. Your Rights
Under the UK GDPR, you have the following rights in relation to your personal data:
- Access — request a copy of the personal data we hold about you.
- Rectification — ask us to correct inaccurate or incomplete data.
- Erasure — ask us to delete your data where there is no compelling reason to continue processing it.
- Restriction — ask us to restrict processing in certain circumstances.
- Portability — receive your data in a structured, machine-readable format.
- Objection — object to processing based on legitimate interests or for direct marketing.
- Withdraw consent — where we rely on consent (e.g. advertising cookies), you may withdraw it at any time.
To exercise any of these rights, email us at privacy@theleadcloud.com. We will respond within one month.
If you are not satisfied with our response, you have the right to lodge a complaint with the Information Commissioner’s Office (ICO) at ico.org.uk/make-a-complaint.
10. Security
We take appropriate technical and organisational measures to protect your personal data, including encryption in transit (TLS), secure database access controls, rate limiting, CAPTCHA verification, and regular security reviews. Payment data is handled entirely by Stripe, which is PCI DSS Level 1 certified.
11. Changes to This Policy
We may update this Privacy Policy from time to time. We will notify you of material changes by email or through the platform. The “last updated” date at the top of this page indicates when the policy was last revised.
12. Contact
If you have any questions about this Privacy Policy or your personal data, please contact us:
- Email: privacy@theleadcloud.com
- Post: TLC Marketing Limited, 242 Bournemouth Road, Chandler’s Ford, Eastleigh, SO53 3HB
- ICO registration: ZB553148