Leadrealizer Solutions GmbH – Website and Application
Effective: March 2026
The following information provides a simple overview of what happens to your personal data when you visit our website or use our application. Personal data is any data that can be used to personally identify you. For detailed information on data protection, please refer to the sections below.
Data processing on this website and in the application is carried out by Leadrealizer Solutions GmbH. Contact details can be found in Section 2 and in our legal notice (Imprint).
Your data is collected when you provide it to us (e.g., during registration, in contact forms). Other data is collected automatically or with your consent by our IT systems (e.g., technical data such as browser, operating system, or access time). As part of B2B lead generation, business contact data is also collected from publicly available sources.
You have the right to access, rectify, delete, and restrict the processing of your data at any time. You can revoke consent and object to processing based on legitimate interests. Details can be found in Section 14.
The data controller within the meaning of the General Data Protection Regulation (GDPR) and other applicable data protection laws is:
Leadrealizer Solutions GmbHIndustriestraße 17050999 CologneGermany
Commercial Register: HRB 120020, Cologne District CourtVAT ID: DE400181258
Represented by Managing Directors:Thorsten Rolf Orendi, Moussa Bdeir, Christian Wilhelm Roth(Each managing director has sole power of representation.)
Phone: +49 (0) 221 7726660Email: office@leadrealizer.com
Digital Services Act (DSA) Contact Point:Email: office@leadrealizer.comCommunication may be conducted in German and English.
A Data Protection Officer has not currently been appointed. Should an appointment become necessary under Art. 37 GDPR or § 38 BDSG (German Federal Data Protection Act), we will promptly appoint one and publish the contact details here.
For data protection inquiries, please contact: privacy@leadrealizer.com or write to the postal address above with the note "Data Protection."
This privacy policy applies to the processing of personal data in connection with:
Our website and application use tools from companies based in the USA. When these tools are active, your personal data may be transferred to US servers. Where the respective company is certified under the EU-US Data Privacy Framework (DPF), this provides an adequate level of data protection. For companies not certified under the DPF, we use Standard Contractual Clauses (SCCs) pursuant to Art. 46(2)(c) GDPR and additional technical and organizational measures.
This website and application use SSL/TLS encryption for security purposes. An encrypted connection is indicated by "https://" in the browser address bar and the lock icon.
Many data processing operations require your explicit consent. You may withdraw your consent at any time with effect for the future. The lawfulness of data processing carried out before the withdrawal remains unaffected.
IF DATA PROCESSING IS BASED ON ART. 6(1)(E) OR (F) GDPR, YOU HAVE THE RIGHT TO OBJECT TO THE PROCESSING OF YOUR PERSONAL DATA AT ANY TIME FOR REASONS ARISING FROM YOUR PARTICULAR SITUATION; THIS ALSO APPLIES TO PROFILING BASED ON THESE PROVISIONS.
IF YOUR PERSONAL DATA IS PROCESSED FOR DIRECT MARKETING PURPOSES, YOU HAVE THE RIGHT TO OBJECT AT ANY TIME TO THE PROCESSING FOR SUCH MARKETING PURPOSES; THIS ALSO APPLIES TO PROFILING INSOFAR AS IT IS RELATED TO SUCH DIRECT MARKETING.
Our website is hosted by Webflow, Inc. (USA). When you visit the website, personal data (IP address, access data, meta and communication data) is processed on Webflow's servers.
Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest in secure, efficient delivery).
We have concluded a Data Processing Agreement with Webflow.
Privacy Policy: https://webflow.com/legal/privacy
Our application backend is hosted on Bubble Group, Inc. (USA). All data processed in the app is stored on Bubble.io servers in the USA.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
We have concluded a Data Processing Agreement with Bubble.io. Data transfers to the USA are based on the EU-US Data Privacy Framework and/or Standard Contractual Clauses.
We use Cloudflare, Inc. (101 Townsend St, San Francisco, CA 94107, USA) as a Content Delivery Network (CDN) and for DDoS protection. Cloudflare routes traffic between your browser and our website through its global network and may use cookies or similar technologies.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in secure and reliable delivery).
We have concluded a Data Processing Agreement with Cloudflare.
Privacy Policy: https://www.cloudflare.com/privacypolicy/
The hosting provider automatically collects and stores information in server log files:
This data is not combined with other data sources and is deleted after 30 days.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in technically error-free delivery and security).
When you submit inquiries via our contact form, your form data and contact details are stored for the purpose of processing the inquiry and for follow-up questions.
Legal basis: Art. 6(1)(b) GDPR (pre-contractual measures / performance of contract) or Art. 6(1)(f) GDPR (legitimate interest in effective processing).
Retention: Until you request deletion, withdraw consent, or the storage purpose ceases. Statutory retention periods remain unaffected.
When you contact us by email or phone, your inquiry and all associated personal data are stored for processing purposes.
Legal basis: Art. 6(1)(b) GDPR or Art. 6(1)(f) GDPR.
We use Google reCAPTCHA (Google Ireland Limited) to check whether data input is made by a human or an automated program. IP address, time spent, and mouse movements are analyzed and transmitted to Google.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in protection against spam and abuse). Where consent has been obtained, Art. 6(1)(a) GDPR.
We use Google Maps (Google Ireland Limited). Your IP address is transmitted to Google servers (potentially in the USA) to use this service.
Legal basis: Art. 6(1)(a) GDPR (consent) or Art. 6(1)(f) GDPR (legitimate interest).
YouTube (Enhanced Privacy Mode)We embed videos from YouTube (Google Ireland Limited) in enhanced privacy mode. YouTube does not store information about visitors before the video is started.
LoomWe embed videos from Loom, Inc. (USA). Loading a Loom video establishes a connection to Loom servers and transmits your IP address.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest) or Art. 6(1)(a) GDPR (consent).
We use Google Web Fonts for consistent font display. When other Google services are used, a connection to Google servers may be established, potentially capturing your IP address.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
We use Brevo (Sendinblue GmbH, Germany / Sendinblue SAS, France) for newsletter distribution.
When you subscribe, your email address and optionally your name are stored. We use the double opt-in procedure. Brevo enables analysis of newsletter campaigns (open rates, click rates).
Legal basis: Art. 6(1)(a) GDPR (consent). You may unsubscribe at any time.
We have concluded a Data Processing Agreement with Brevo.
During registration we collect:
Registration is also possible via Google Sign-In (Google Ireland Limited) or Microsoft Sign-In (Microsoft Ireland Operations Limited) using OAuth 2.0. In this case, we receive your name, email address, and optionally your profile picture from the respective provider. Your password is not transmitted to us.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
Retention: Duration of the user relationship + 12 months after account deletion.
The core function of the application is generating B2B leads. The following business contact data is processed:
Sources:
Legal basis: Art. 6(1)(f) GDPR (legitimate interest in B2B business initiation).
The legitimate interest lies in facilitating business contact initiation between companies. We process exclusively business contact data and ensure that:
Note: The legality of automated B2B lead generation should be reviewed by legal counsel on a case-by-case basis, particularly regarding national implementations of the GDPR and applicable unfair competition laws.
Users may import their own contact data (e.g., via CSV upload or CRM integration). For this data, Leadrealizer acts as a data processor within the meaning of Art. 28 GDPR. The user, as the data controller, is responsible for the lawfulness of data collection.
The App integrates with Google Gmail (Google Ireland Limited / Google LLC) and Microsoft Outlook (Microsoft Ireland Operations Limited / Microsoft Corporation) via OAuth authorization. The following data is processed:
Access to the email account is limited to the scope approved by the user and can be revoked at any time in the respective account settings.
For WhatsApp integration, we use the service WasenderAPI. Through this integration, WhatsApp messages are received and sent. The following data is processed:
The application enables automated contact with leads via the channels mentioned above. Additional data processed includes: delivery data, open/click rates (for email), replies, and interactions.
Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR in conjunction with applicable electronic direct marketing regulations (EU ePrivacy Directive, CAN-SPAM Act in the USA).
Important: Automated email contact for advertising purposes is subject to strict regulations (EU ePrivacy Directive Art. 13, CAN-SPAM Act in the USA, § 7 UWG in Germany). Users are solely responsible for ensuring their outreach activities comply with applicable laws.
We use the Claude API (Anthropic, PBC, USA) and the OpenAI API (OpenAI, L.L.C., USA) for AI-powered features:
Business contact data and user inputs are transmitted to the respective API during AI processing. Processing is governed by our Data Processing Agreements with Anthropic and OpenAI.
Legal basis: Art. 6(1)(b) GDPR (performance of contract) and Art. 6(1)(f) GDPR (legitimate interest).
We use N8N for automated backend processes and workflow automation. Personal data may be processed within the purposes described in this privacy policy.
We use Featurebase for support, feedback, and feature requests. Name, email address, inquiry content, and interaction data are processed.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
Payment processing for subscriptions is handled by:
We do not store credit card or bank details. Payment processing occurs directly through the respective payment service providers. We only receive information about payment status and billing data.
Legal basis: Art. 6(1)(b) GDPR (performance of contract).
We use Google Meet (Google Ireland Limited) for customer communication. Email address, IP address, device/browser information, and conference data (duration, number of participants, metadata) are processed.
Legal basis: Art. 6(1)(b) GDPR and Art. 6(1)(f) GDPR.
We have concluded a Data Processing Agreement with Google.
Our website uses cookies. Cookies are small text files stored on your device. They do not cause harm. Session cookies are automatically deleted after your visit; persistent cookies remain until you delete them or they expire.
Technically necessary cookies are stored on the basis of Art. 6(1)(f) GDPR. For all other cookies, we require your consent (Art. 6(1)(a) GDPR).
We use Cookiebot (Cybot A/S, Denmark) as our Consent Management Platform (CMP). On your first visit, you will be asked to set your cookie preferences. Cookiebot stores a cookie to assign your consent(s) or their withdrawal.
Data transmitted to Cookiebot: your consent(s), IP address (anonymized), browser/device information, time of visit.
Legal basis: Art. 6(1)(c) GDPR (legal obligation to obtain and document consent).
You can adjust your preferences at any time via the cookie banner or under [Cookie Settings].
We use Google Analytics 4 (Google Ireland Limited) for web analytics. GA4 uses technologies for user recognition (cookies, device fingerprinting). Information collected is generally transmitted to Google servers in the USA.
Data processed: pseudonymized usage data, page views, time on site, device/browser information, interaction data, IP address (anonymized).
Retention: Up to 14 months.
You can prevent data collection by Google Analytics by downloading the browser add-on: https://tools.google.com/dlpage/gaoptout
Legal basis: Art. 6(1)(a) GDPR (consent).
We have concluded a Data Processing Agreement with Google.
We use Google Tag Manager (Google Ireland Limited) for website tag management. Google Tag Manager itself does not collect personal data but enables the integration of other tags that may collect data.
Legal basis: Art. 6(1)(f) GDPR (legitimate interest).
We use the Meta Pixel (Meta Platforms Ireland Ltd.) for conversion measurement and retargeting for Facebook/Instagram advertising.
Data processed: page views, interaction data, device information.
Data is processed by Meta and may be transferred to the USA. Meta may link data to your Facebook/Instagram profile.
You can deactivate remarketing in Facebook ad settings: https://www.facebook.com/ads/preferences/
Legal basis: Art. 6(1)(a) GDPR (consent).
Privacy Policy: https://www.facebook.com/privacy/policy/
We use the LinkedIn Insight Tag (LinkedIn Ireland Unlimited Company) for conversion tracking and retargeting for LinkedIn advertising.
Data processed: page views, professional profile information (aggregated), device information.
Legal basis: Art. 6(1)(a) GDPR (consent).
Privacy Policy: https://www.linkedin.com/legal/privacy-policy
We use Google Ads Conversion Tracking (Google Ireland Limited) to measure the effectiveness of Google Ads campaigns. A cookie is set when you click on a Google ad.
Data processed: IP address, user behavior, browser information, conversion data.
Legal basis: Art. 6(1)(a) GDPR (consent).
We use Hotjar (Hotjar Ltd, Malta) and/or Microsoft Clarity for UX analysis (heatmaps, session recordings, conversion funnels).
Data processed: anonymized click, scroll, and interaction data, device information, time spent.
You can deactivate Hotjar at: https://www.hotjar.com/opt-out
Legal basis: Art. 6(1)(a) GDPR (consent).
We have concluded a Data Processing Agreement with Hotjar.
Leadrealizer is the data controller for:
Leadrealizer acts as data processor for:
For these processing activities, we conclude a Data Processing Agreement (DPA) with our customers pursuant to Art. 28 GDPR. The customer remains responsible as the data controller for the lawfulness of data collection.
Service ProviderLocationPurposeTransfer MechanismBubble.ioUSAApp backendDPF / SCCsCloudflareUSACDN, securityDPF / SCCsGoogle (Analytics, Ads, GTM, Maps, Meet, reCAPTCHA)USA (via Ireland)Analytics, marketing, communicationDPFMeta PlatformsUSA (via Ireland)Marketing, retargetingDPFLinkedInUSA (via Ireland)Marketing, retargetingDPFAnthropic (Claude API)USAAI processingSCCsOpenAI (GPT API)USAAI processingDPF / SCCsWasenderAPIVariesWhatsApp integrationSCCsMicrosoft (Outlook, Sign-In)USA (via Ireland)Email, authenticationDPFGoogle (Gmail, Sign-In, Cloud)USA (via Ireland)Email, authentication, cloud servicesDPFApple Inc.USAApp Store, paymentsDPFHotjarMalta/EUUX analysisEU internalMicrosoft (Clarity)USAUX analysisDPF / SCCsLoomUSAVideo embedsDPF / SCCsCookiebot (Cybot)Denmark/EUConsent managementEU internalBrevoGermany/FranceNewsletterEU internalFeaturebaseVariesSupport, feedbackSCCs
DPF = EU-US Data Privacy Framework; SCCs = Standard Contractual Clauses (Art. 46(2)(c) GDPR)
We have concluded Data Processing Agreements with all processors pursuant to Art. 28 GDPR.
Data Category
Retention Period
User account data
Duration of user relationship + 12 months after account deletion
Automatically generated lead data
Until objection by the data subject or deletion by the user
Imported lead data
As instructed by the customer (as processor)
Payment and billing data
10 years (German statutory retention: § 147 AO, § 257 HGB)
Server log files
30 days
Cookie consent data
12 months
Support/feedback data
Duration of user relationship + 12 months
Newsletter data
Until unsubscription
Applicant data
6 months after conclusion of the process (unless otherwise agreed)
Right of Access (Art. 15 GDPR): Information about stored data, processing purposes, recipients, and retention periods.
Right to Rectification (Art. 16 GDPR): Correction of inaccurate or completion of incomplete data.
Right to Erasure (Art. 17 GDPR): Deletion of your data, provided no statutory retention obligations apply.
Right to Restriction (Art. 18 GDPR): Restriction of processing, e.g., when contesting accuracy.
Right to Data Portability (Art. 20 GDPR): Provision of your data in a structured, machine-readable format.
Right to Object (Art. 21 GDPR): Objection to processing based on legitimate interests. This specifically includes the right to object to B2B lead generation.
Right to Withdraw Consent (Art. 7(3) GDPR): Withdrawal of consent with effect for the future.
Right to Lodge a Complaint (Art. 77 GDPR): Complaint with a supervisory authority. The authority responsible for us is:
Landesbeauftragte für Datenschutz und Informationsfreiheit Nordrhein-Westfalen (LDI NRW)Postfach 20 04 44, 40102 Düsseldorf, Germanyhttps://www.ldi.nrw.de
We will respond within 30 days (extendable to 90 days for complex requests).
If your business contact data is processed through our lead generation, you additionally have the right to:
Contact: privacy@leadrealizer.com or use the opt-out link in automated messages.
Residents of California have additional rights under the California Consumer Privacy Act (CCPA) and the California Privacy Rights Act (CPRA):
We may collect the following categories of personal information:
Right to Know: You have the right to request that we disclose what personal information we collect, use, disclose, and sell about you.
Right to Delete: You can request the deletion of your personal information, subject to certain exceptions.
Right to Correct: You can request the correction of inaccurate personal information.
Right to Opt-Out of Sale/Sharing: We do not "sell" your personal information in the traditional sense. To the extent that sharing data for cross-context behavioral advertising (e.g., via tracking pixels) constitutes a "sale" or "sharing" under the CCPA, you have the right to opt out. You can exercise this right via our cookie consent banner.
Right to Limit Use of Sensitive Personal Information: We do not use sensitive personal information beyond what is necessary to provide our services.
Non-Discrimination: We will not discriminate against you for exercising your CCPA rights.
Submit a verifiable consumer request by emailing us at: privacy@leadrealizer.com
We will verify your identity before processing your request. We will respond within 45 days (extendable to 90 days with notice).
You may designate an authorized agent to submit requests on your behalf. We may require proof of written authorization and identity verification.
We do not offer financial incentives related to the collection of personal information.
For residents of the United Kingdom, the provisions of the UK GDPR and the Data Protection Act 2018 apply. Your rights are substantially the same as those described in Section 14 under the GDPR.
Supervisory authority: Information Commissioner's Office (ICO), https://ico.org.uk
For residents of Switzerland, the provisions of the revised Swiss Federal Act on Data Protection (revFADP/revDSG) apply. Your rights are substantially the same as those described in Section 14, supplemented by specific provisions of the revFADP.
Supervisory authority: Federal Data Protection and Information Commissioner (FDPIC), https://www.edoeb.admin.ch
We implement appropriate technical and organizational measures:
We note that data transmission over the internet may have security gaps. Complete protection against third-party access is not possible.
Our services are intended for businesses and business customers (B2B) and are not intended for use by persons under 16 years of age. We do not knowingly collect personal data from minors.
The use of contact data published as part of the legal notice obligation for sending unsolicited advertising and information materials is hereby objected to. We expressly reserve the right to take legal action in the event of unsolicited sending of advertising information, such as spam emails.
We reserve the right to update this privacy policy to reflect changes in legal requirements, technical developments, or changes to our services. The current version is always available on our website and in the application. Registered users will be notified by email of material changes.
Last updated: March 2026
Leadrealizer Solutions GmbH – Industriestraße 170, 50999 Cologne, Germany
%2001.svg)