Back to home

Privacy Policy

Effective date: 02/02/2026

Spott BV (Spott, we, us) values the privacy of visitors and users of www.spott.io and Spott's cloud-based platform (together the Website and the Platform). This Privacy Policy explains how Spott processes Personal Data when acting as data controller for the Website and for Spott's own commercial and administrative activities.

For more information on our certifications, security programs, and subprocessors, please visit https://compliance.spott.io/.

For Personal Data processed through the Platform on behalf of a Client, the Data Processing Agreement (DPA) governs, as reflected in Article 10 of Spott's General Terms. In case of conflict, the order of precedence in the Agreement applies.

1. Scope of this Policy

This Privacy Policy applies to Personal Data processed by Spott as data controller in relation to:

  • visitors of the Website,
  • prospects and customers (and their contact persons),
  • individuals communicating with Spott (e.g., via forms, email, events).

This Policy complements the Agreement, including the General Terms, the DPA, and the SLA.

2. Data Controller

The data controller is:

Spott BV, Frederik Lintsstraat 57, 3000 Leuven, Belgium.
Contact: legal@spott.io

3. Personal Data we process

Depending on context, we may process:

  • identification and contact details (name, email, phone, role, company),
  • communications (messages, requests, support tickets),
  • technical data (IP address, device and log data, cookies),
  • account and access data (login details, authentication data, audit logs),
  • billing and contract data (where applicable).

We do not intentionally collect dates of birth unless exceptionally required for a specific lawful purpose.

4. Purposes and legal bases

We process Personal Data for the following purposes:

4.1. Website operation and communications

  • responding to questions, demo requests, and contact submissions
    Legal basis:     legitimate interests and/or steps prior to entering into a contract.

4.2. Sales and relationship management

  • managing prospect and customer relationships, follow-up, events
    Legal basis:     legitimate interests and/or performance of a contract.

4.3. Contract administration and billing

  • subscriptions, Order Forms, invoicing, payments, accounting, compliance
    Legal basis:     performance of a contract and legal obligations.

4.4. Security, integrity, and fraud prevention

  • maintaining security, preventing abuse, monitoring availability and integrity
    Legal basis:     legitimate interests and legal obligations where applicable.

4.5. Disputes and enforcement

  • handling claims, disputes, litigation, and enforcing the Agreement
    Legal basis:     legitimate interests and/or performance of a contract and legal obligations.

4.6. Marketing

  • sending product updates, newsletters, event invitations, satisfaction surveys
    Legal basis:     legitimate interests and, where required by law, consent (opt-out available at any time).

4.7. Cookies

  • operating the Website and measuring usage
    Legal basis:     legitimate interests and, where required, consent. See the Cookie Policy.

5. Sharing of Personal Data

We may share Personal Data with:

  • Service providers and subprocessors (e.g., hosting, analytics, email delivery) strictly as needed and under appropriate contractual safeguards.
  • Third-party integrations enabled by the Client (Client controls configuration; third-party terms apply).
  • Authorities where required by law or valid legal request.

We do not sell Personal Data.

6. International transfers

Personal Data may be processed outside the EEA where our service providers operate.

Where required, Spott implements appropriate safeguards, including Standard Contractual Clauses and supplementary measures such as encryption and access controls.

7. Data retention

We retain Personal Data no longer than necessary for the purposes above, considering:

  • the duration of the customer relationship and the Agreement,
  • statutory retention obligations (e.g., accounting),
  • applicable limitation periods for claims.

8. Security

Spott applies appropriate technical and organizational measures to protect Personal Data, including access controls, encryption, monitoring, and least-privilege principles. No system is completely secure, and risks cannot be eliminated.

9. Your rights

Where applicable under GDPR and other laws, you may have the right to:

  • access, rectification, erasure, restriction,
  • objection (including to direct marketing),
  • data portability (where applicable),
  • withdraw consent at any time (without affecting prior processing),
  • lodge a complaint with a supervisory authority.

Requests can be sent to legal@spott.io. We may request reasonable verification to protect your data.

10. Client Data processed through the Platform

For Personal Data processed through the Platform on behalf of a Client, the Client is typically the data controller and Spott acts as processor, as set out in the DPA. Spott processes such data only to provide the Services and as described in the Agreement.

11. AI and third-party AI providers

Spott may provide AI Features. As set out in the Agreement:

  • Spott does not use Client Data to train, fine-tune, validate, or improve AI models.
  • Where third-party AI providers are used, Spott applies contractual safeguards consistent with the Agreement.

12. Updates

We may update this Privacy Policy from time to time. The updated version will be published on this page and effective as of the stated date.

Outp(l)ace everyone.

You can’t win tomorrow’s placements
with yesterday’s tools.

Try Spott for free
Book a demo
Five diverse business people sitting together, smiling and laughing in a bright office.