Last updated: 18 July 2026
1. Roles under CCPA/CPRA
For enquiries captured through our US pages, Finance Leads is the business that determines the purposes and means of processing at the point of capture. When we deliver an enquiry to a partner, the partner becomes an independent "business" from the point of receipt. Where a partner engages Finance Leads to run a campaign solely for that partner, Finance Leads acts as a service provider under Cal. Civ. Code § 1798.140 and the CPRA regulations.
2. Purposes and permitted use
Personal information is processed only for the business purposes agreed in the order form: sourcing, validating, vetting, suppressing, enriching and delivering US small-business finance enquiries to the partner. Finance Leads will not:
- Sell or share the personal information
- Retain, use or disclose it outside the direct business relationship with the partner or as permitted by CCPA/CPRA
- Combine it with personal information from another source, except as permitted for the partner's business purposes
3. Categories of personal information and consumers
- Consumers: US small-business owners, directors and decision-makers
- Categories: identifiers, commercial information, internet activity, business financial information, and (where recorded) audio
- No known sensitive personal information under CPRA is intentionally collected on this site
4. GLBA Safeguards Rule
Finance Leads maintains an information security program with administrative, technical and physical safeguards reasonably designed to meet 16 CFR Part 314. Controls include encryption in transit (TLS 1.2+) and at rest, role-based access, MFA on admin accounts, logging and monitoring, tested backups, vendor risk review, and workforce training.
5. Sub-processors
We use a limited set of sub-processors for hosting, telephony, CRM and email delivery. A current list is available on request. Material changes are notified with a reasonable opportunity to object.
6. Assistance with consumer requests
Finance Leads will provide reasonable assistance to the partner in responding to consumer requests to know, delete, correct, opt out of sale/share, and limit use of sensitive personal information received through our channels.
7. Security incidents
Finance Leads will notify the partner without undue delay and within 48 hours of confirming a security incident affecting the partner's personal information, with the information the partner reasonably needs to assess its own notification obligations under state breach-notification laws and GLBA.
8. Audit
Partners may request a written security and privacy questionnaire response once per twelve-month period. On-site or third-party audits require reasonable scope, notice and confidentiality terms.
9. Return or deletion
On termination, Finance Leads will return or securely delete personal information processed on the partner's behalf, except where retention is required by law or to evidence consent and suppression.
10. Cross-border transfers
Because Finance Leads is UK-headquartered, personal information may be transferred to and processed in the United Kingdom and European Economic Area in addition to the United States. Where required, we rely on the EU Standard Contractual Clauses and the UK Addendum, or on the EU-US Data Privacy Framework where applicable, to safeguard those transfers.
11. Contact
To request a counter-signed agreement, contact us via the US contact page. See also our US Privacy Notice and US Terms.