California Privacy Guidance for Lead Forensics Customers
California Privacy Guidance for Lead Forensics Customers
Last reviewed: 05/06/26
This guidance is intended to help Lead Forensics customers understand how use of the Lead Forensics product may interact with California privacy requirements, including the California Consumer Privacy Act, as amended by the California Privacy Rights Act, together referred to in this guidance as the “CCPA.”
This guidance is provided for general information only, is not legal advice, and is not intended to describe every obligation that may apply under California privacy law. Lead Forensics customers remain responsible for assessing how California privacy law applies to their own organisation, website, data practices, marketing activities, and use of the Lead Forensics product.
For questions about this guidance, please contact:
Email: [email protected]
Post: Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, United Kingdom
The Lead Forensics Product
Lead Forensics provides B2B sales and marketing enablement software that helps customers understand which businesses have visited their websites.
The Lead Forensics product uses reverse business IP tracking. A small tracking code is placed on a customer’s website, enabling Lead Forensics to identify business IP addresses associated with organisations visiting that website and match those business IP addresses to business information held in the Lead Forensics database.
The core Lead Forensics service is focused on business-level website visitor identification. Lead Forensics does not seek to identify private household IP addresses or individual consumers browsing from non-business environments through this website visitor identification service.
Some customers may also implement cookies or similar technologies alongside the Lead Forensics tracking code to support product functionality and enhance website insight. Where cookies or similar technologies are used on a customer website, customers should consider how those technologies are addressed within their own privacy, cookie, consent, and opt-out arrangements.
Customer Responsibility
Lead Forensics customers are responsible for determining whether and how California privacy law applies to their own use of the Lead Forensics product.
Depending on how a customer uses Lead Forensics, California privacy considerations may include notice, transparency, sale or sharing analysis, opt-out rights, opt-out preference signals, privacy rights handling, service provider or contractor terms, data retention, security, and marketing compliance.
Lead Forensics customers should take their own legal advice before using Lead Forensics data for marketing, sales outreach, profiling, advertising, or other business purposes.
B2B Contact Data Available Through Lead Forensics
In addition to business-level website visitor identification, Lead Forensics may provide customers with access to B2B contact information for relevant decision-makers at organisations that have visited the customer’s website.
This B2B contact data may include:
- First name
- Last name
- Business email address
- Job title or job function
- Business telephone number
- Employer or business name
- LinkedIn profile URL or other professional profile information, where available
- Other business contact details linked to a professional role
Lead Forensics customers can use the product without using B2B contact data. Customers may also request configuration options that restrict or disable contact data relating to California businesses or California residents, where available.
Where a customer chooses to use B2B contact data made available through Lead Forensics, the customer is responsible for ensuring that its onward use of that data complies with applicable law, including California privacy law and any laws relevant to the customer’s sales and marketing activities.
Sale, Sharing, and Disclosure Considerations
Under the CCPA, “sale” and “sharing” have specific meanings. “Sale” can include disclosing personal information to a third party for monetary or other valuable consideration. “Sharing” can include disclosing personal information to a third party for cross-context behavioural advertising, whether or not money is exchanged.
Lead Forensics customers are responsible for determining how these concepts apply to their own use of the Lead Forensics product, including whether their use involves a sale, sharing, disclosure to a service provider or contractor, or disclosure to a third party under the CCPA.
Where applicable, customers should also consider whether their use of Lead Forensics affects their approach to “Do Not Sell or Share My Personal Information” mechanisms, opt-out preference signals, and confirmation of opt-out choices.
Opt-Out Preference Signals and Opt-Out Confirmation
California privacy law includes requirements relating to opt-out preference signals in certain circumstances. Opt-out preference signals may include browser-based or device-based mechanisms, such as Global Privacy Control, that communicate a person’s choice to opt out of sale or sharing.
Customers should consider how any applicable opt-out preference signal requirements apply to their own websites, technologies, consent-management tools, and use of Lead Forensics.
Customers should also consider whether they are required to provide a method for individuals to confirm that an opt-out request has been honoured.
Customer Privacy Notices and Cookie Notices
Customers using Lead Forensics should ensure their privacy notices, cookie notices, and other external disclosures accurately reflect their own implementation of the Lead Forensics product and any other tracking, analytics, marketing, or advertising technologies used on their websites.
This may include explaining, where relevant, the use of business visitor identification technologies, B2B contact data, cookies or similar technologies, sale or sharing practices, opt-out mechanisms, and California privacy rights.
California Privacy Rights
California residents may have rights under the CCPA, subject to applicable conditions and exceptions. These rights may include:
- The right to know what personal information has been collected
- The right to access personal information
- The right to delete personal information
- The right to correct inaccurate personal information
- The right to opt out of sale or sharing
- The right to limit certain uses and disclosures of sensitive personal information, where applicable
- The right not to be discriminated against for exercising CCPA rights
- The ability to use an authorised agent, where applicable
Customers are responsible for handling privacy rights requests they receive regarding their own use of Lead Forensics data.
Where a request relates to data held or made available by Lead Forensics, customers may contact:
Lead Forensics will support customers in accordance with applicable contractual obligations and data protection terms.
Opt-Out and Suppression
Customers should manage objections, opt-outs, unsubscribes, and other communication preferences relating to their own sales and marketing activity.
If an individual wishes to opt out of Lead Forensics processing their professional contact data for use in the Lead Forensics product, they may contact:
or write to:
Data Compliance, Lead Forensics, Building 3000, Lakeside, North Harbour, Portsmouth, PO6 3EN, United Kingdom
Lead Forensics may maintain limited suppression information to ensure that the individual’s professional contact details are not made available through the Lead Forensics product in future.
Risk Assessments, Cybersecurity Audits, and Automated Decision-Making Technology
California privacy requirements include provisions relating to risk assessments, cybersecurity audits, and automated decision-making technology in certain circumstances.
Customers should consider whether these requirements are relevant to their organisation and their use of Lead Forensics, particularly when Lead Forensics data is combined with other systems, datasets, analytics tools, profiling activities, advertising technologies, or automated decision-making processes.
Lead Forensics customers are responsible for determining whether these obligations apply to their own business and for maintaining any required records, assessments, notices, or governance processes.
Data Broker and DROP Considerations
California law includes specific requirements for organisations that qualify as data brokers. California also operates the Delete Request and Opt-Out Platform, commonly known as DROP, for applicable data broker deletion requests.
Using Lead Forensics does not automatically mean a customer is a data broker. However, customers should consider whether their own business model, data sources, onward disclosures, licensing activities, sale or sharing practices, and use of third-party data create separate data broker obligations under California law.
Data Accuracy and Currency
Lead Forensics maintains processes to support the accuracy and currency of business and professional contact data within its product.
These processes may include internal data verification, use of publicly available business sources, supplier due diligence, automated validation tools, manual review, periodic cleansing and refresh cycles, and suppression or deletion processes.
Customers are responsible for determining whether Lead Forensics data is appropriate, relevant, and sufficiently current for their own intended use.
Security
Lead Forensics maintains administrative, technical, and organisational safeguards designed to protect the Lead Forensics platform and the data processed within it.
Customers are responsible for the security of their own systems, user access, exported data, CRM integrations, sales and marketing systems, internal data sharing, retention, deletion, access controls, and staff training.
Changes to This Guidance
Lead Forensics may update this guidance from time to time to reflect changes in law, regulatory guidance, product functionality, or business practices. Customers should review this guidance periodically and take their own legal advice on their compliance obligations.