Privacy Policy

Last Updated: November 29, 2025

SpillStack ("we," "our," or "us") is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our mobile application ("App") and related services (collectively, the "Services").

Please read this Privacy Policy carefully. By using the Services, you agree to the collection and use of information in accordance with this policy. If you do not agree with the terms of this Privacy Policy, please do not access or use the Services.

1. Information We Collect

1.1 Information You Provide to Us

We may collect information that you voluntarily provide when using the Services, including:

• Account Information: When you create an account, we collect your email address and any profile information you choose to provide.
• User Content: Ideas, notes, voice recordings, transcriptions, and any other content you create, upload, or store within the App.
• Communications: Information you provide when you contact us for support or feedback.

1.2 Information Collected Automatically

When you use the Services, we may automatically collect certain information, including:

• Device Information: Device type, operating system version, unique device identifiers, and mobile network information.
• Usage Information: How you interact with the App, including features used, time spent, and crash reports.
• Log Data: IP address, browser type, access times, and referring URLs.

1.3 Voice and Audio Data

When you use our voice recording feature:

• Audio recordings are processed to generate text transcriptions.
• Voice data is processed using third-party AI transcription services.
• We do not permanently store raw audio recordings on our servers after transcription is complete, unless you explicitly choose to save them.

2. How We Use Your Information

We use the information we collect for the following purposes:

• Provide and Maintain Services: To operate, maintain, and improve the App and its features.
• Process Your Content: To transcribe voice recordings, categorize ideas, and generate AI-powered titles and summaries.
• Personalization: To personalize your experience and provide content recommendations.
• Communications: To respond to your inquiries and send service-related notifications.
• Analytics: To analyze usage patterns and improve our Services.
• Security: To detect, prevent, and address technical issues and security threats.
• Legal Compliance: To comply with applicable laws, regulations, and legal processes.

3. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

• Service Providers: We share information with third-party vendors who perform services on our behalf, such as cloud hosting, AI transcription, and analytics. These providers are contractually obligated to protect your information.
• Legal Requirements: We may disclose information if required by law, regulation, legal process, or governmental request.
• Protection of Rights: We may disclose information to protect our rights, privacy, safety, or property, or that of our users or others.
• Business Transfers: In connection with a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.
• With Your Consent: We may share information for other purposes with your explicit consent.

4. Data Storage and Security

We implement appropriate technical and organizational measures to protect your personal information against unauthorized access, alteration, disclosure, or destruction. These measures include:

• Encryption of data in transit and at rest
• Secure cloud infrastructure with industry-standard protections
• Regular security assessments and updates
• Access controls limiting employee access to personal data

However, no method of transmission over the Internet or electronic storage is 100% secure. While we strive to protect your information, we cannot guarantee absolute security.

5. Data Retention

We retain your personal information for as long as your account is active or as needed to provide you with the Services. We will also retain and use your information as necessary to:

• Comply with legal obligations
• Resolve disputes
• Enforce our agreements

When you delete your account, we will delete or anonymize your personal information within 30 days, except where retention is required by law.

6. Your Rights and Choices

Depending on your location, you may have certain rights regarding your personal information:

• Access: Request access to the personal information we hold about you.
• Correction: Request correction of inaccurate or incomplete information.
• Deletion: Request deletion of your personal information, subject to certain exceptions.
• Portability: Request a copy of your data in a portable format.
• Opt-Out: Opt out of certain data processing activities, such as marketing communications.
• Withdraw Consent: Where processing is based on consent, you may withdraw consent at any time.

To exercise these rights, please contact us at spillstack.com/contact.

7. Children's Privacy

The Services are not intended for children under the age of 13 (or 16 in certain jurisdictions). We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately, and we will take steps to delete such information.

8. International Data Transfers

Your information may be transferred to and processed in countries other than your country of residence. These countries may have data protection laws that differ from your jurisdiction. By using the Services, you consent to such transfers. We ensure appropriate safeguards are in place to protect your information in accordance with this Privacy Policy.

9. Third-Party Services

The Services may contain links to third-party websites or integrate with third-party services. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies before providing any personal information.

10. California Privacy Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

• Right to Know: Request disclosure of personal information collected, used, and disclosed.
• Right to Delete: Request deletion of personal information, with certain exceptions.
• Right to Non-Discrimination: You will not be discriminated against for exercising your privacy rights.

To submit a CCPA request, please contact us at spillstack.com/contact.

11. European Privacy Rights (GDPR)

If you are located in the European Economic Area (EEA), United Kingdom, or Switzerland, you have rights under the General Data Protection Regulation (GDPR), including:

• The right to access, rectify, or erase your personal data
• The right to restrict or object to processing
• The right to data portability
• The right to lodge a complaint with a supervisory authority

Our legal bases for processing include: performance of contract, legitimate interests, compliance with legal obligations, and your consent.

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new Privacy Policy on this page and updating the "Last Updated" date. We encourage you to review this Privacy Policy periodically.

13. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

SpillStack
Contact us at spillstack.com/contact