1. About this Policy
This Privacy Policy explains how Angus Lewington trading as Alien Web Design, ABN 32 385 519 280, a sole trader and the operator of LeadRadar (we, us, our), handles personal information. We are committed to protecting personal information in accordance with the Privacy Act 1988 (Cth) and the Australian Privacy Principles (APPs).
The entity responsible for the personal information described in this Policy is:
- Angus Lewington trading as Alien Web Design (ABN 32 385 519 280), sole trader
- Email: [email protected]
- Registered & postal address: Mosman, Sydney NSW, Australia
Personal information means information or an opinion about an identified individual, or an individual who is reasonably identifiable. This Policy covers two broad groups: our subscribers (the web designers and agencies who use LeadRadar), and the business leads we aggregate and make available to subscribers, which can include personal information where a business is a sole trader or where a named individual's contact details are involved.
2. What we collect
Subscriber & account information
When you sign up for, enquire about, or use LeadRadar, we may collect:
- your name, business name, email address, phone number, and (where relevant) your ABN;
- account and preference details, such as your chosen territory and plan;
- records of your activity in the Service, such as leads viewed, claimed, or tracked, and support correspondence; and
- billing information — note that card payments are processed by our third-party payment provider, and we do not store full card numbers.
Lead (business) data
The core of the Service is a database of Australian businesses that show a signal of needing a website. For each lead we may hold:
- the business name and category;
- publicly available contact details, such as a business address, phone number, or published email;
- website, domain, and certificate information — for example, whether a site is live, the domain's expiry status, or an SSL certificate's status; and
- the detection signal and lead score we derived (for example, "no website" or "domain expiring soon") and when it was detected.
Some of this business data can constitute personal information — for example, where the business is a sole trader operating under their own name, or where a contact detail identifies an individual.
3. How leads are sourced
We build lead data from publicly available sources, scanned continuously and cross-checked. These sources include:
- publicly accessible business listings, directories, and maps signals;
- publicly accessible websites and pages, and the technical status of those sites;
- public domain-registration and certificate information, such as whether a domain is registered or expiring and whether an SSL certificate is valid; and
- other openly published business information.
We collect only what is reasonably necessary to detect and describe the signal. We do not purchase private contact lists, we do not bypass logins, paywalls, or other access controls, and we do not collect sensitive information (such as health, racial, or political information) as part of lead data. Where it is lawful and practicable to collect personal information only from the individual concerned, we do so; because the Service is built on public-signal detection at scale, some business-related personal information is necessarily collected from public sources rather than directly from the individual.
4. How we use information
We use subscriber information to provide and administer the Service, process payments, provide support, communicate with you about your account, and improve LeadRadar. With your consent or as otherwise permitted, we may send you service-related and marketing communications; you can opt out of marketing at any time using the unsubscribe link or by contacting us.
We use lead data to operate the detection and matching that is the purpose of the Service — that is, to identify businesses showing a relevant signal and to make those leads available to the subscriber whose territory they fall in, so that the subscriber can decide whether to offer their web design services. We do not use lead data to send marketing on a subscriber's behalf.
5. When we disclose personal information
We may disclose personal information to:
- subscribers — lead data (including any business contact details it contains) is disclosed to the subscriber for the relevant territory, which is the core function of the Service. Subscribers are bound by our Acceptable Use Policy, which requires lawful outreach and prohibits resale;
- service providers that help us run LeadRadar — such as hosting, infrastructure, payment processing, email, and analytics providers — under obligations of confidentiality and only for the purposes of providing their services to us; and
- others where required or permitted by law — for example, to comply with a legal obligation, respond to a lawful request, or protect our rights, safety, or property.
We do not sell subscriber personal information. We do not disclose personal information for any purpose that is not consistent with this Policy without your consent, unless authorised or required by law.
6. Security-flagged leads are de-identified
Where a lead is flagged because we detected a security issue with a business's website, we de-identify or limit the technical detail associated with that lead. Subscribers are told that a genuine security-related reason to rebuild exists, without being given information that could be used to exploit the business's site. We do not publish exploit details, and security-flagged leads are handled so they cannot be used to cause harm.
7. Data retention
We keep personal information only for as long as it is needed for the purposes described in this Policy, or as required by law. Subscriber account records are retained while your subscription is active and for a reasonable period afterwards to meet legal, tax, and record-keeping obligations, after which they are deleted or de-identified.
Lead data is refreshed on our scanning cycle: because leads reflect a current signal, records are re-scanned, updated, expired, or removed as the underlying public situation changes. When lead data is no longer required for the Service, we take reasonable steps to destroy it or ensure it is de-identified.
8. Access, correction & removal
Under the Australian Privacy Principles you may request access to the personal information we hold about you and ask us to correct it if it is inaccurate, out of date, incomplete, or misleading. This applies both to subscribers and to individuals whose details appear in lead data.
If you are a business owner or individual and you would like to access or correct the information we hold about you, or ask to be removed from the LeadRadar lead database, contact us using the details below. We will respond within a reasonable period (generally within 30 days), verify your identity, and action reasonable requests. If we cannot give access or make a correction, we will explain why in writing.
9. Security
We take reasonable steps to protect personal information from misuse, interference, and loss, and from unauthorised access, modification, or disclosure — including access controls, encryption in transit, and restricting access to those who need it. No method of transmission or storage is completely secure, but we work to protect the information we hold and to respond appropriately to any data breach in line with our obligations, including the Notifiable Data Breaches scheme where it applies.
10. Overseas disclosure
Our primary application and databases are hosted in Australia. However, some of the third-party providers we rely on to run LeadRadar are based in, or store and process data in, the United States. These are our content-delivery and security network (which processes site visitors' IP addresses), our transactional email provider (which sends account and notification emails and therefore handles your email address), and — for paid subscriptions — our payment processor (which handles billing information). Where we disclose personal information to an overseas recipient, we take reasonable steps under Australian Privacy Principle 8 to ensure it is handled consistently with the Australian Privacy Principles.
Countries in which your personal information may be stored or processed: Australia (primary application hosting and databases) and the United States (content-delivery/security, transactional email, and payment-processing providers).
11. Cookies & analytics
Our public website may use cookies and analytics tools (such as Google Analytics) to understand how visitors use the site and to improve it. This information is generally aggregated and does not identify you personally. You can control cookies through your browser settings; disabling them may affect how parts of the site work. These legal pages themselves load no third-party trackers.
12. Complaints
If you believe we have mishandled your personal information or breached the Australian Privacy Principles, please contact us first using the details below so we can investigate and respond. If you are not satisfied with our response, you may lodge a complaint with the Office of the Australian Information Commissioner (OAIC) at oaic.gov.au.
13. Contact us
For any privacy question, or to make an access, correction, or removal request, contact the LeadRadar privacy team at Angus Lewington trading as Alien Web Design (ABN 32 385 519 280):
- Email: [email protected]
- Postal address: Mosman, Sydney NSW, Australia
We may update this Privacy Policy from time to time. The current version is always the one published here, and the "last updated" date at the top of this page shows when it was most recently changed.