Compliance & Data Protection
We take data privacy and regulatory compliance seriously.
GDPR & DPDP Compliance
Purpose Limitation
All leads are collected for specific, explicit, and legitimate purposes. We ensure data is not further processed in a manner incompatible with those purposes.
Data Retention
Leads are automatically deleted after 12 months unless a shorter retention period is specified by the seller. Buyers must also comply with data retention policies.
Right to Erasure
Individuals may request deletion of their personal data by contacting our Data Protection Officer at dpo@leadflowexchange.com.
Know Your Customer (KYC)
Seller Requirements
All sellers must complete identity verification including company registration details, GST/PAN, and bank account information before listing leads.
Buyer Tiers
| Tier | Requirements | Monthly Limit |
|---|---|---|
| Basic | Email & Phone Verification | ₹10,000 |
| Verified | PAN + Address Proof | ₹50,000 |
| Enterprise | Company Documents + GST | Unlimited |
Consent Management
SMS Communication
For SMS communications, we maintain DLT registration and store consent source/timestamp for audit purposes. Opt-out is always available via STOP messages.
Lead Collection
All leads must be collected with explicit consent for the specified use case. Sellers must provide evidence of consent collection methods if requested.
Data Processing
We process personal data only as necessary for the performance of our services or with explicit user consent. No secondary processing without authorization.