Legal
Privacy Policy
Last updated: 27 June 2026
This policy explains how LeakIQ (we, us, our) collects, uses and protects personal data when you use our website at leakiq.io and our revenue recovery platform. We are committed to protecting your privacy in accordance with the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
1. Who we are
The data controller is LeakIQ Ltd (company number 17311148), registered at 195 Wood Street, London E17 3NU, United Kingdom.
We are registered with the Information Commissioner's Office (ICO) under registration number ZC187738.
For questions about this policy contact support@leakiq.io.
2. Data we collect
Account data. When you create a LeakIQ account we collect your name, business email address, company name and a hashed password. Personal email domains are rejected at registration.
Integration credentials. When you connect a third-party system (Stripe, Xero, Salesforce, etc.) we store the credentials needed to make read-only API calls. All credentials are encrypted at rest using AES-256-GCM.
Workspace and operational data. We store the revenue issues, recovery cases, audit log entries, approval decisions and evidence records generated by your use of the platform. This data belongs to your workspace and is processed on your behalf.
Usage data. We collect standard server logs including IP addresses, browser type, pages visited and timestamps, and may collect anonymised analytics data to improve the product.
Communications. If you contact us via email or our contact form, we retain the content of that communication.
Cookies. We use essential cookies to maintain your session and limited analytics cookies. See our Cookie Policy for details.
3. How we use your data
We use the data we collect to:
- Create and manage your workspace account
- Provide the LeakIQ platform — detecting revenue issues and managing recovery workflows
- Process payments and manage your subscription
- Send transactional emails (account creation, password reset, billing receipts)
- Respond to your support enquiries
- Improve and develop the platform through anonymised usage analytics
- Meet our legal and compliance obligations
- Detect and prevent fraud, abuse or security incidents
We do not sell your personal data. We do not use your data for profiling or automated decision-making that produces legal effects.
4. Legal basis for processing
- Contract performance (Article 6(1)(b)). Processing your account and workspace data is necessary to provide the service you have signed up for.
- Legitimate interests (Article 6(1)(f)). We process usage and analytics data to improve the platform and detect abuse. Our legitimate interests do not override your rights.
- Legal obligation (Article 6(1)(c)). We may process data to comply with applicable law, including tax, accounting and fraud prevention obligations.
- Consent (Article 6(1)(a)). Where you have accepted analytics cookies, we process the associated data on the basis of your consent. You may withdraw consent at any time via your cookie preferences.
6. Data retention
We retain your personal data for as long as your workspace subscription is active. On cancellation or trial expiry:
- Workspace data (issues, audit log, recovery cases) is retained for 30 days from termination, then permanently deleted.
- Account data (name, email) is retained for up to 12 months after workspace deletion for fraud prevention and legal compliance, then deleted.
- Server logs and anonymised analytics data may be retained for up to 24 months.
You may request earlier deletion by contacting support@leakiq.io.
7. Your rights
Under UK GDPR you have the right to:
- Access — request a copy of the personal data we hold about you
- Rectification — ask us to correct inaccurate or incomplete data
- Erasure — request deletion where there is no legitimate reason to continue processing
- Restriction — ask us to restrict processing in certain circumstances
- Portability — receive your data in a structured, machine-readable format
- Objection — object to processing based on legitimate interests
- Withdraw consent — where processing is based on consent, withdraw it at any time without affecting prior processing
Email support@leakiq.io to exercise any of these rights. We will respond within one calendar month.
If you are not satisfied with how we handle your request, you may lodge a complaint with the Information Commissioner's Office at ico.org.uk or on 0303 123 1113.
8. Security
We implement appropriate technical and organisational measures, including:
- AES-256-GCM encryption of all integration credentials at rest
- TLS encryption for all data in transit
- Read-only, scoped API connections to your connected systems
- Workspace-level data isolation — no data crosses workspace boundaries
- Immutable, hash-chained audit logs for all platform actions
- Role-based access controls within each workspace
In the event of a personal data breach likely to result in a risk to your rights and freedoms, we will notify you and the ICO in accordance with UK GDPR Article 33.
10. Changes to this policy
We may update this policy from time to time. When we make material changes we will update the "Last updated" date at the top of this page and, where appropriate, notify you by email. Continued use of LeakIQ after changes take effect constitutes acceptance of the updated policy.
11. Contact us
- Email: support@leakiq.io
- Post: LeakIQ Ltd, 195 Wood Street, London E17 3NU, United Kingdom
To lodge a complaint: Information Commissioner's Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF. ico.org.uk