GCC Lead

Privacy

What we collect, what we don't, and where the line is.

GCC Lead is an enterprise intelligence platform. We touch personal data in two places: the agent records our pipeline produces, and the minimal account information your team supplies when you engage with us.

Last updated · May 2026

1. Operator

GCC Lead is operated as an independent intelligence-platform vendor ("we", "us"). We act as data controller for the small amount of customer data described below; for the agent records produced by the platform, we are a processor on your behalf — you remain the controller for those records once they leave our perimeter.

2. What we collect about customers

  • Account details supplied during engagement (company, role, contact email, billing entity).
  • Run metadata: queries you launched, segments you exported, scope of each engagement.
  • Communications you send to hi@, support@, billing@, privacy@ or security@.
  • Aggregate usage metrics — number of runs, lead counts, error rates — used for capacity planning and SLA reporting.

Card details, where applicable, are processed by the contracted payment processor — we never store them. Banking details for invoiced engagements are handled under the master service agreement.

3. What the platform collects about agents

The platform ingests publicly listed agent profiles (name, email, phone, agency, listing counts, locale) from public regional real-estate portals. We do not collect anything that wasn't already public. We deduplicate, normalise phone numbers to E.164, and verify emails via SMTP RCPT TO probes from a dedicated verification environment.

Once a run finishes, the dataset is delivered into your environment under the engagement's data-handling terms. We retain a hash of the request fingerprint for 30 days for billing reconciliation and abuse detection — never the lead bodies themselves.

4. SMTP verification, in plain English

We connect to the recipient mail server and ask, via an RCPT TO probe, whether the inbox accepts mail. We never deliver a message; the connection is closed before DATA. Free providers (Gmail, Yahoo) accept everything at this stage and are skipped to avoid false positives. The probe is HELO-identified as our domain, never spoofed.

5. Subject rights (GDPR · UAE PDPL · Saudi PDPL)

If you are an agent whose details appeared in a customer's dataset, email privacy@gcclead.com and we will:

  • Confirm whether your record is in our 30-day fingerprint cache.
  • Add your domain or phone to a permanent suppression list so future runs skip you.
  • Forward the request to active customers when statutory law requires it.

We're not in a position to retrieve copies already exported by customers — the dataset has left our perimeter — but we'll reach out to them on your behalf when the law mandates it.

6. Cookies + analytics

The marketing site (this domain) uses no third-party advertising cookies, no fingerprinting, no behavioural tracking. Anonymous analytics may be used to measure aggregate page reach.

7. Contact

Privacy questions: privacy@gcclead.com. Security questions: security@gcclead.com.