OffMarketLeadsPricing

Privacy Policy

Last updated: 8 May 2026

1. Who we are

OffMarketLeads is a service provided by Mike Bells Ltd, registered in England and Wales. We are the "data controller" of any personal information collected through this site.

Contact: support@offmarketleads.co.uk

2. Information we collect

  • Account data — email, name, and any profile information you add (phone, role, voice tone). Stored via Clerk and our database.
  • Payment data — billing details collected by Stripe. We never see your full card number; we receive only a tokenised reference.
  • Usage data — searches you run, properties you save, calculator inputs, pipeline entries, approaches you log, notes you write, reminders you set.
  • Technical data — IP address, user agent, and session metadata for fraud prevention and audit.
  • Communications — emails you send to us and messages you generate via our outreach tools.

3. Lawful basis

We process your personal data under three lawful bases:

  • Contract — to provide the service you signed up for (UK GDPR Art. 6(1)(b)).
  • Legitimate interest — to keep the service secure, prevent fraud, and improve the product (Art. 6(1)(f)).
  • Consent — for marketing emails and analytics cookies (Art. 6(1)(a)). You can withdraw consent at any time.

4. How we use your data

  • To deliver the OffMarketLeads service.
  • To process billing and tax obligations.
  • To send transactional emails (login, billing, security).
  • To send onboarding and lifecycle emails (you can opt out at any time using the link in any email or in /settings/notifications).
  • To respond to support requests and feedback.
  • To detect, prevent, and investigate misuse of the service.

5. Sub-processors

We share data with the following sub-processors who help us run the service. Each is bound by appropriate data-processing agreements:

  • Clerk (US) — authentication.
  • Stripe (US/Ireland) — payments.
  • Vercel (US) — application hosting.
  • Resend (US) — transactional + outreach emails.
  • Anthropic(US) — AI features (natural-language search, email personalisation). We send only the inputs needed to generate the response and don't share your account data.
  • Sentry (US) — error monitoring.
  • PostHog (EU) — privacy-respecting product analytics (only activated if you accept analytics cookies).
  • Companies House, HM Land Registry, ONS, EPC Open Data (UK) — public reference data used to populate the property database. These are sources, not sub-processors of your personal data.

6. International transfers

Some sub-processors are based outside the UK. Where data is transferred internationally, we rely on the UK's Standard Contractual Clauses (SCCs) and the UK Addendum to ensure your data receives equivalent protection.

7. Data retention

  • Active account data — kept while your account is open.
  • Deleted accounts — soft-deleted immediately; hard-deleted (irreversibly) 30 days later.
  • Backups — encrypted database backups are kept for 90 days.
  • Billing records — retained for 7 years to meet UK tax-record obligations (HMRC).
  • Audit log — retained for 12 months.

8. Your rights

Under UK GDPR you have the right to:

  • Access the personal data we hold about you.
  • Have inaccurate data corrected.
  • Have your data erased (subject to legal retention rules).
  • Receive a portable copy of your data (JSON export).
  • Object to or restrict processing.
  • Withdraw consent for marketing.
  • Complain to the Information Commissioner's Office (ico.org.uk).

You can exercise most rights directly in /settings. Otherwise, email support@offmarketleads.co.uk and we'll respond within 30 days.

9. Cookies

We use a small number of cookies. Strictly-necessary cookies (session, security) are always on. Analytics cookies (PostHog) are optional and only set after you accept in the cookie banner. Marketing cookies are off by default.

10. Changes to this policy

We may update this policy as the service evolves. Material changes will be announced via email. The "Last updated" date above always reflects the most recent change.

11. Operator access (impersonation)

For support, debugging, and abuse investigation, OffMarketLeads operators may temporarily access your account on your behalf ("impersonation"). This is processed under Article 6(1)(f) UK GDPR — our legitimate interest in providing reliable customer support and protecting the service from abuse.

Every impersonation session is short-lived (1 hour maximum), is audit-logged with the operator's identity, the time, and a reason, and is visible to you on request. We do not impersonate users for marketing, training data, or unrelated purposes. To obtain a copy of your impersonation history, email support@offmarketleads.co.uk.

12. Product feedback (NPS)

From time to time we may show a short in-product prompt asking how likely you are to recommend OffMarketLeads (a Net Promoter Score question), an optional comment box, and a link to Trustpilot. Submitting a score and any comment is voluntary; you can dismiss the prompt and we will not show it again for at least 30 days. We use this feedback to improve the product.

Responses are stored against your profile so we can follow up, and aggregated scores are visible only to OffMarketLeads operators. We do not share individual responses with third parties. Following the Trustpilot link is optional — Trustpilot is a separate service with its own privacy policy.