Legal

Privacy Policy

Last updated: 24 April 2026

This Privacy Policy explains how Spun App Ltd (“Spun”, “we”, “us”, or “our”) collects, uses, and shares personal data when you use our website and services. We are the data controller for the personal data described in this policy, except where we act as a processor on behalf of our business customers (see our Data Processing Agreement).

1. Who we are

Spun App Ltd is a company registered in England and Wales under company number 17136483.

Registered address: 53 Langley Crescent, Brighton, BN2 6NL, United Kingdom.
Contact: privacy@spun.bot

For the purposes of the UK GDPR and the Data Protection Act 2018, Spun App Ltd is the controller of the personal data we collect about you as a website visitor or account holder.

2. What personal data we collect

Information you give us

  • Account data — name, email address, password hash (via Clerk), profile image.
  • Billing data — billing name, billing address, payment card details (handled directly by Stripe — we do not store full card numbers), VAT number, and subscription history.
  • Content you submit — messages, prompts, uploaded images, brand assets, campaign briefs, and any other content you send to the service.
  • Connected-platform data — OAuth tokens and account identifiers for advertising platforms you connect (e.g. Meta, Google). These are brokered by Pipedream Connect.
  • Support data — correspondence when you contact us by email.

Information we collect automatically

  • Usage data — pages viewed, features used, credit/usage counters, and session timestamps.
  • Device & log data — IP address, browser type, operating system, referring URL, and diagnostic logs.
  • Cookies & similar technologies — see our Cookie Policy.

Information we receive from third parties

  • Authentication providers — if you sign in with Google or another single sign-on option via Clerk, we receive your name, email, and profile image.
  • Payment processor — Stripe sends us subscription status, invoice metadata, and the last four digits of your card.
  • Advertising platforms — when you connect an ad account, we receive campaign performance metrics so we can report back to you.

3. How we use your personal data

We use personal data to:

  • Provide, operate, and improve the Spun service;
  • Authenticate you and secure your account;
  • Generate AI responses, ad creatives, and campaign outputs you request;
  • Execute campaigns on your behalf on platforms you have connected;
  • Process payments and manage subscriptions;
  • Provide customer support and respond to enquiries;
  • Send service announcements and transactional emails;
  • Monitor, prevent, and investigate fraud, abuse, and security incidents;
  • Comply with legal obligations and enforce our Terms of Service.

4. Legal bases for processing (UK/EU GDPR)

We rely on the following legal bases under Article 6 UK GDPR:

  • Contract — to provide the service you have signed up for.
  • Legitimate interests — to secure, improve, and market the service, to prevent fraud, and to keep the service running reliably. We have balanced these interests against your rights.
  • Legal obligation — for tax, accounting, and regulatory compliance.
  • Consent — for non-essential cookies, analytics, and marketing emails. You can withdraw consent at any time.

5. How we share your personal data

We share personal data with third-party service providers (“sub-processors”) who help us run the service. A full list is maintained at spun.bot/subprocessors.

We may also share personal data:

  • With advertising platforms you authorise (e.g. Meta, Google Ads) when you instruct Spun to launch or manage campaigns on them;
  • With professional advisers (lawyers, accountants, auditors) bound by confidentiality;
  • With regulators, courts, or law enforcement where required by law;
  • In connection with a business transfer, merger, acquisition, or sale of assets.

We do not sell your personal data.

6. International data transfers

Several of our sub-processors are based in the United States or process data globally. When we transfer personal data outside the UK or EEA, we rely on appropriate safeguards such as the UK International Data Transfer Addendum, the EU Standard Contractual Clauses, or adequacy decisions where available.

7. How long we keep your data

We keep personal data only as long as necessary for the purposes set out in this policy:

  • Account data — for the life of your account, then deleted within 30 days of account closure (unless we are required to retain it for legal reasons).
  • Billing records — 7 years, to comply with UK tax law.
  • Support correspondence — up to 3 years after your last interaction.
  • Backups — rotated out within 30 days.

8. Your rights

Under UK/EU GDPR, you have the right to:

  • Access the personal data we hold about you;
  • Rectify inaccurate or incomplete data;
  • Erase your data (“right to be forgotten”);
  • Restrict or object to certain processing;
  • Data portability;
  • Withdraw consent at any time;
  • Lodge a complaint with the UK Information Commissioner’s Office (ico.org.uk) or your local supervisory authority.

To exercise any of these rights, email privacy@spun.bot. We will respond within one month.

9. Security

We use industry-standard measures to protect personal data, including TLS encryption in transit, encryption at rest, role-based access controls, and regular security reviews. No system is 100% secure, but we work hard to keep yours safe.

10. Children

Spun is not directed at children under 16, and we do not knowingly collect personal data from children. If you believe a child has provided us with personal data, please contact us.

11. Changes to this policy

We may update this Privacy Policy from time to time. Material changes will be notified by email or in-app notice. The “Last updated” date at the top of this page shows when it was last revised.

12. Contact us

Questions about this policy or how we handle your data? Email us at privacy@spun.bot or write to:

Spun App Ltd (company no. 17136483)
53 Langley Crescent
Brighton, BN2 6NL
United Kingdom