NewSiteLead is an outreach intelligence platform that finds 35,000+ new businesses every day and shows you exactly what’s wrong with their websites — so agencies, consultants, and freelancers can pitch specific fixes before competitors even know the site exists.

How does NewSiteLead find new websites?

NewSiteLead continuously monitors multiple internet data sources in real time. When a new website appears online, we detect it, classify the site by industry, and make it searchable within minutes of launch.

How much does NewSiteLead cost?

NewSiteLead offers a free tier with basic search. Paid plans start at $29/month (Starter) for 25 detail views and 1 CSV export per day, $79/month (Pro) for unlimited views, exports, API access, and alerts, and $199/month (Enterprise) for unlimited alert rules, webhooks, and AI domain analysis.

What can I use NewSiteLead for?

Common use cases include lead generation for web agencies and SaaS companies, competitive intelligence monitoring, market research on new entrants in your industry, and outreach to newly launched businesses that need services like hosting, SEO, or web development.

Data Processing Agreement

Last updated: April 12, 2026

This DPA supplements the Terms of Service and Privacy Policy and applies to customers on paid plans who need a data processing agreement for their own compliance requirements.

1. Parties and Definitions

This Data Processing Agreement ("DPA") is entered into between:

"Controller" — You, the customer, who determines the purposes and means of processing personal data obtained through the Service
"Processor" — NewSiteLead, which processes data on your behalf as part of delivering the Service

"Personal Data" means any information relating to an identified or identifiable natural person, as defined by applicable data protection law (including GDPR, CCPA/CPRA, and similar frameworks).

2. Scope and Purpose of Processing

NewSiteLead processes data on your behalf for the following purposes:

Providing domain intelligence data via web interface and API
Generating AI-powered Diagnostic Reports for domains you specify
Delivering transactional emails related to your account and purchases
Enforcing subscription plan limits and usage tracking

Categories of Data Processed

Category	Data Elements	Retention
Account data	Email, hashed password, Stripe customer ID	Until account deletion + 30 days
Login history	IP address, timestamp	12 months
Usage logs	API calls, searches, exports, page views	12 months
Diagnostic data	Domain, business context notes, generated reports	200 days (auto-deleted)
Payment data	Stripe customer/subscription IDs (no card numbers)	Until account deletion

3. Processor Obligations

NewSiteLead shall:

Process personal data only on documented instructions from the Controller, unless required by law
Ensure that persons authorized to process personal data are bound by confidentiality obligations
Implement appropriate technical and organizational security measures (see Section 5)
Not engage additional sub-processors without prior notice to the Controller (see Section 4)
Assist the Controller in responding to data subject rights requests (access, rectification, erasure, portability)
Delete or return all personal data upon termination of the service, at the Controller's choice, subject to legal retention requirements
Make available all information necessary to demonstrate compliance with this DPA

4. Sub-Processors

NewSiteLead uses the following sub-processors:

Sub-Processor	Purpose	Data Processed	Location
Stripe, Inc.	Payment processing	Email, payment details	United States
Anthropic PBC	AI report generation	Domain name, business context notes	United States
MXroute	Transactional email delivery	Recipient email, email content	United States
Contabo GmbH	Infrastructure hosting	All data at rest	United States

We will notify active subscribers by email at least 14 days before adding a new sub-processor. If you object to a new sub-processor, you may terminate your subscription before the change takes effect.

5. Security Measures

NewSiteLead implements the following technical and organizational measures:

Encryption in transit: All data transmitted via HTTPS/TLS 1.2+
Encryption at rest: Database and backup storage on encrypted volumes
Access control: SSH key-based authentication, no shared credentials, principle of least privilege
Password security: Bcrypt hashing with per-user salts; API keys stored as SHA-256 hashes
Network security: Firewall rules (nftables) restricting access to internal services; Cloudflare WAF on public endpoints
Monitoring: Automated bot detection and blocking; login anomaly tracking
Backups: Regular automated backups with encrypted offsite storage
Vendor security: Sub-processors selected based on their own security posture and compliance certifications

6. Data Breach Notification

In the event of a personal data breach, NewSiteLead shall:

Notify the Controller without undue delay and no later than 72 hours after becoming aware of the breach
Provide details of the breach: nature, categories of data affected, approximate number of records, likely consequences, and measures taken or proposed to mitigate
Cooperate with the Controller in investigating and remediating the breach
Document the breach and remediation steps taken

7. Data Subject Rights

NewSiteLead will assist the Controller in fulfilling data subject requests including:

Access: Providing copies of personal data held
Rectification: Correcting inaccurate data
Erasure: Deleting data (available via account dashboard or by request)
Portability: Exporting data in machine-readable format
Restriction/Objection: Limiting or ceasing processing upon valid request

Requests should be directed to contact@newsitelead.com. We aim to respond within 15 business days.

8. International Data Transfers

All data processing occurs within the United States. NewSiteLead and all sub-processors are U.S.-based. If you are subject to GDPR or similar frameworks requiring specific transfer mechanisms, please contact us to discuss applicable safeguards (e.g., Standard Contractual Clauses).

9. Audit Rights

Upon reasonable written request (no more than once per calendar year), the Controller may request information about NewSiteLead's data processing practices and security measures to verify compliance with this DPA. NewSiteLead will provide written responses to audit questionnaires within 30 business days. On-site audits are not supported, but we will cooperate with reasonable alternative verification methods.

10. Term and Termination

This DPA is effective for the duration of your subscription. Upon termination:

Account data is deleted within 30 days of account deletion
Diagnostic Reports are auto-deleted after their 200-day retention period
Login history and usage logs are purged per the retention schedule in Section 2
We may retain data as required by law or to resolve disputes

11. Governing Law

This DPA is governed by the same terms as the Terms of Service — the laws of the State of California, with disputes resolved per the dispute resolution procedures in the ToS.

12. Contact

For DPA-related inquiries, data subject requests, or breach notifications:

NewSiteLead
25422 Trabuco Rd STE 184
Lake Forest, CA 92630
contact@newsitelead.com

Data Processing Agreement.