Data Compliance


The Lead Forensics Product

Lead Forensics is a B2B Sales and Marketing SaaS (Software as a Service) product that identifies the businesses visiting a customer’s website.

In this section:

  1. How does it work?
  2. How is an IP address matched to a business name?
  3. How a business name is appended with firmographic details
  4. The Lead Forensics Cookie
  5. Contact data feature
  6. Personal data
  7. Trial Period
  8. Security of Processing

1. How does it work?

Lead Forensics identifies the businesses visiting a customer’s website. The customer adds a piece of JavaScript to their website, which sends information to our UK/EU servers for processing and analysis. If we can identify a business from this data, it is displayed to our customers in their portal.

The Lead Forensics JavaScript collects non-personally identifiable attributes and the IP address, part of standard internet protocols for any website visit.

An individual cannot be identified via the IP address or any attribute; neither is that the purpose of the software.

2. How is an IP address matched to a business name?

A search is conducted within a B2B database exclusively owned by Lead Forensics.

The business is presented in the customer portal if the IP address exists. If the IP address does not exist, we attempt to identify the business, for example, from publicly available sources. We do not identify sole traders.

IP addresses that cannot be matched are held securely during the validation process and are then purged.

3. How a business name is appended with firmographic details?

Non-personally identifiable details about the matched business are primarily sourced from the Lead Forensics database. An in-house data team may verify or enrich details, and approved third-party sources may be utilised.

Examples of firmographic details include business name, business address, and phone number. This is limited to business-only information, and an individual is not identified.

4. The Lead Forensics Cookie

The Lead Forensics Cookie is optional and can enhance the match rate capabilities. Our basic code does not drop a cookie.

A cookie is a small file, typically of letters and numbers, downloaded onto a device when the user accesses certain websites. For more information, see

The Lead Forensics Cookie is called Ifuuid and consists of a random GUID code (a unique reference number used in computing).

The cookie is a persistent first-party cookie. The duration of the cookie is set to one (1) year. We have determined that this timeframe is proportionate to the intended use of the cookie.

The Lead Forensics cookie, if used, is a single line of code provided, known as the ‘advanced’ code. The ‘advanced’ Lead Forensics should be placed behind a consent banner. 

The business operating the website and setting the cookie is responsible for compliance with applicable data protection laws and regulations.

5. Contact Data Feature

An additional and optional feature of Lead Forensics is providing B2B contact information of individuals employed by the businesses matched. This may include first name, surname, LinkedIn URL, job title, phone and email address. Please note that these are not the individuals who have visited the website. 

Contact data is accessed directly via an API by approved third-party contact data providers. Lead Forensics has a reseller agreement in place with the suppliers, who are independent data controllers. Each contact record (data subject) can be traced to its source (where the data was collected), providing complete transparency.

Customers who utilise the Contact Data feature are data controllers responsible for complying with all applicable laws and regulations relevant to the processing in their capacity as data controllers.  This includes transparency obligations, defining a lawful basis, and following the appropriate data protection/electronic communications/calling regulations. 

Lead Forensics is a Data Processor. To comply with Article 28 of the EU/UK GDPR, a Data Processing Agreement, or equivalent, governs the terms when a data controller instructs a data processor to process personal data.

6. Personal Data

Different use cases unlock functionality which may process personal data, such as our Contact Data feature, a CRM integration, or uploading contact data.

Lead Forensics is the Data Processor, and the customer is the Data Controller. To comply with Article 28 of the EU/UK GDPR, or equivalent, a Data Processing Agreement governs the terms when a data controller instructs a data processor to process personal data.

7. Trial Period

During a trial period of the Lead Forensics product, our JavaScript code (no cookie) is added to a customer’s website. This aims to identify the volume of B2B website visitors and our value proposition.

  • Our servers are based in the UK/EU
  • There is no access to the Lead Forensics customer portal during a trial period
  • Personal data is not processed during the trial period
  • An individual cannot be identified (see 1. How does it work)
  • Please note: it is the responsibility of the website operator (customer) to add/remove the JavaScript code from the website

 8. Security of Processing

The development and provision of B2B sales and Marketing SaaS products by Lead Forensics, including infrastructure services, support and data management, are certified to ISO/IEC 27001:2013 standard.

The current certificate is valid until 31st of October 2025.

Documentation from our Information Security Management System and other documentation to support compliance, such as Technical and Organisational Measures, are available (an NDA may be required depending upon the document/information required) for onboarding customers. 

For questions relating to this policy, please get in touch with [email protected]

This policy was last updated in August 2023.