Masterlead Ltd ("Masterlead", "we", "us", or "our") is committed to safeguarding your privacy.This Privacy Policy explains how we collect, use, share, and protect your personal data when you interact with us, including through our website, services, and software solutions. Masterlead complies with the General Data Protection Regulation (EU 2016/679, "GDPR"), the UK Data Protection Act 2018, and applicable Dutch privacy laws.
Masterlead Ltd is a UK-based provider of sustainability-focused software solutions. We act as a Data Processor for our Clients, offering advanced software functionality and proprietary AI-powered agents such as Alex AI, Emma, Tom, and others.
If you have any questions or concerns about this Privacy Policy or how we handle your personal data, please contact us at privacy@masterlead.ai.
We may collect and process the following categories of personal data:
2.1.1 Contact Information: Name, email address, phone number, and postal address.
2.1.2 Account Details: Username, password (encrypted), and preferences.
2.1.3 Marketing Preferences: Information about your marketing consent choices.
2.2.1 Communication Data: Calls, emails, texts, and WhatsApp messages transcribed or recorded via our AI-powered systems.
2.2.2 Sustainability-Specific Data: Property details, energy consumption figures, and geographical information for sustainability assessments.
2.2.3 Transactional Data: Quotes generated, invoices issued, and payment statuses.
2.3.1 Usage Data: IP addresses, device information, and activity logs.
2.3.2 Cookies and Analytics: Information collected via cookies and tracking technologies (see our Cookie Policy).
If you connect your Gmail account to the Masterlead software, we may process the following data:
2.4.1 Email Content: Subject lines, email bodies, attachments, and metadata (e.g., sender, recipient, timestamps) to facilitate email communication and lead management.
2.4.2 Email Metadata: Information about emails such as sender and recipient details, timestamps, and folder locations.
2.4.3 Google OAuth 2.0 Credentials: Secure authentication tokens provided by Google to facilitate integration with your Gmail account.
2.4.4 User Consent: We will only access Gmail data after obtaining explicit consent from the Client and their authorised users. Users can revoke access at any time via Google Account Security Settings.
We do not access your Gmail account for purposes unrelated to providing our services, nor do we use your emails for advertising or resell your data to third parties.
Our website features interactive AI Agents, such as Alex, that allow users to engage in personalised chats. When interacting with our AI Agents, we may collect and process the following Personal Data:
Email Address and Telephone Number: As provided by the user during the interaction.
Interaction Logs: Messages exchanged during the chat to ensure service quality and performance improvements.
3.1.1 To personalise and enhance your experience with our AI Agents.
3.1.2 To provide accurate responses to your queries.
3.1.3 For troubleshooting, customer support, and service improvement purposes
3.2.1 Consent: By initiating a chat, you consent to the processing of your data as described in this policy.
3.2.2 Legitimate Interests: To improve the functionality and performance of our AI Agents and ensure quality service.
Interaction logs are retained for up to 12 months, unless otherwise required by law or agreed upon with the user.
Data collected during AI Agent interactions will not be shared with third parties except for system maintenance, troubleshooting, or as legally required.
When you enable Gmail integration, our AI-powered agents (e.g., Alex AI, Emma, Tom) may process your emails to:
3.5.1 Automate responses and schedule follow-ups.
3.5.2 Categorise emails for lead prioritisation and management.
3.5.3 Extract key insights to enhance business operations.
Masterlead's AI Agents do not autonomously send emails without user action or explicit configuration.
We process personal data for the following purposes:
4.1 To provide and improve our software solutions and AI functionality.
4.2 To facilitate communications between our Clients and their Leads, Prospects, and Customers.
4.3 To comply with legal and regulatory obligations, including GDPR and Dutch data protection laws.
4.4 To conduct research, analytics, and reporting for business improvement.
4.5 To send marketing communications, only where consent has been explicitly provided.
4.6 Gmail Data Usage: Masterlead processes Gmail data for the following purposes:
4.6.1 Enabling Clients to send and receive emails directly from within the Masterlead platform.
4.6.2 Synchronising email conversations between the Client's Gmail account and Masterlead's CRM functionalities.
4.6.3 Analysing communication patterns for business insights (e.g., lead engagement tracking, response rates).
4.6.4 Masterlead adheres to Google's Limited Use Policy, ensuring that Gmail data is processed only for the direct benefit of the user and not used for ad targeting, analytics unrelated to service provision, or data transfer outside the agreed scope.
We strictly adhere to Google's Limited Use Policy, ensuring that Gmail data is not used for advertising, profiling, or transferred to third parties beyond the scope of the agreed services.
We process personal data based on the following legal grounds:
5.1 Contractual Necessity: To fulfil our obligations under the MSA and related agreements.
5.2 Consent: For marketing communications or other non-essential processing activities.
5.3 Legitimate Interests: To improve our services and ensure data security.
5.4 Legal Obligation: To comply with applicable laws and regulations.
We may share personal data with:
6.1 Sub-Processors: Including ElevenLabs (for AI-powered call transcription) and AWS (for secure data hosting).
6.2 Regulators and Authorities: Where legally required to comply with investigations or reporting obligations.
6.3 Third-Party Service Providers: For payment processing, IT support, and other essential business functions.
6.4 Third-Party Access to Gmail Data: Masterlead does not share Gmail data with external third parties except:
6.4.1 Google: For OAuth 2.0 authentication and security verification.
6.4.2 AWS (USA): For secure data hosting with encryption in transit and at rest.
6.4.3 BTI Ltd (Pakistan): For software development and maintenance, operating under SCCs and GDPR compliance agreements.
All third-party service providers are contractually bound to process Gmail data only for the purposes outlined in this Privacy Policy
We ensure that all third parties adhere to data protection laws and our contractual obligations.
Personal data may be transferred to countries outside the EEA, including the USA and Pakistan. We have implemented the following safeguards:
7.1 Standard Contractual Clauses (SCCs): For transfers to AWS (USA) and BTI Ltd (Pakistan).
7.2 Transfer Impact Assessments (TIAs): To evaluate risks and ensure adequate protection.
7.3 Gmail Data Transfer and Security: To ensure compliance with GDPR and Google's security policies:
7.3.1 All Gmail data is encrypted in transit and at rest using industry-standard protocols.
7.3.2 OAuth 2.0 authentication is used to provide secure access, and Masterlead does not store Gmail passwords.
7.3.3 Users can revoke Masterlead's access to their Gmail account at any time through Google Account Security Settings.
We retain personal data only as long as necessary for the purposes outlined in this Privacy Policy or as required by law.
8.1 Communication Data: Retained for 12 months.
8.2 Transactional Data: Retained for 24 months.
8.3 Sustainability-Specific Data: Retained for 6 months after processing.
You have the following rights under GDPR:
9.1 Access: Request a copy of the personal data we hold about you.
9.2 Rectification: Correct inaccuracies in your personal data.
9.3 Erasure: Request deletion of your personal data.
9.4 Restriction: Request limited processing of your data
9.5 Portability: Request a copy of your data in a machine-readable format.
9.6 Objection: Object to processing based on legitimate interests.
9.7 Revoking Gmail Integration: You may revoke Masterlead's access to your Gmail account at any time by:
9.7.1 Visiting Google Account Security Settings at: https://myaccount.google.com/permissions.
9.7.2 Removing Masterlead's permissions under "Third-Party Apps with Account Access".
9.7.3 Contacting privacy@masterlead.ai if you need assistance with disabling Gmail integration.
We use industry-standard measures to protect personal data, including:
10.1 Encryption in transit and at rest.
10.2 Regular security assessments and penetration testing.
10.3 Access controls and employee training.
10.4 Gmail Data Protection Measures: To protect your Gmail data, we implement:
10.4.1 Secure OAuth 2.0 authentication with token-based access instead of storing passwords.
10.4.2 Granular permissions, ensuring access is limited to email processing functionalities within the Masterlead platform.
10.4.3 Regular security audits and compliance reviews to maintain GDPR and Google security compliance.
10.4.4 Masterlead uses Google OAuth 2.0 solely for authentication and secure access to Gmail accounts. We do not store user Gmail passwords or login credentials.
Our website uses cookies to enhance user experience and collect analytics data. For more information, see our Cookie Policy.
We will only send marketing communications if you have provided explicit consent. You can withdraw your consent at any time by:
12.1 Clicking the "unsubscribe" link in our emails.
12.2 Contacting us at privacy@masterlead.ai.
In the event of a data breach:
13.1 We will notify affected individuals and relevant authorities (e.g., ICO or AP) within 72 hours of becoming aware of the breach.
13.2 We will provide details of the breach, containment measures, and remedial actions.
13.3 Gmail Data Breaches: In the event of an unauthorised access or data breach affecting Gmail integration, we will:
13.3.1 Notify affected users within 72 hours of becoming aware of the breach.
13.3.2 Provide details on affected Gmail data, impact assessment, and containment measures.
13.3.3 Offer guidance on revoking OAuth 2.0 access and securing accounts.
If you have questions or concerns about this Privacy Policy or how we process your personal data, please contact us:
Email: privacy@masterlead.ai
Address: Bayham Abbey East, Tunbridge Wells, TN3 8BG, UK
Website: https://ico.org.uk/
Telephone: +44 303 123 1113
Address: Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, UK
Website: https://autoriteitpersoonsgegevens.nl/
Telephone: +31 88 1805 250
Address: Bezuidenhoutseweg 30, 2594 AV The Hague, Netherlands
We may update this Privacy Policy from time to time. Changes will be posted on our website with the effective date clearly indicated.
This Privacy Policy is effective as of 13th November 2024.