Privacy Policy

Last updated: February 12, 2026

Spoon Seller LLC ("PrivaBase", "we", "us") is committed to protecting your privacy. This policy explains how we collect, use, and protect your information.

1. Information We Collect

Account Information

When you register, we collect your name, email address, and password (stored as a bcrypt hash). We never store plaintext passwords.

Usage Data

We collect API usage data (endpoints accessed, timestamps, response times) to provide the Service and improve performance. We use Google Analytics (GA4) for anonymous website analytics.

Compliance Data

Data you upload for compliance checks, documents, vendor assessments, and other features is your data. We process it only to provide the Service.

Diagnostic Data

When reporting issues, you may optionally share browser type, screen size, and timezone. This is only collected with your explicit consent.

2. How We Use Your Information

• Provide, maintain, and improve the Service
• Process transactions and send billing notifications
• Send product updates and security alerts
• Respond to support requests
• Analyze usage patterns to improve the platform

3. What We Don't Do

• We do not sell your data to third parties. Ever.
• We do not use your compliance data to train machine learning models
• We do not share your data with advertisers
• We do not access your data except to provide the Service or as required by law

4. Data Security

All data is encrypted in transit (TLS 1.3) and at rest (AES-256). Passwords are hashed with bcrypt. API keys and sensitive tokens are SHA-256 hashed before storage. We implement rate limiting, CORS restrictions, and comprehensive access controls.

5. Data Retention

Account data is retained while your account is active. Upon deletion, your data is removed within 30 days. Audit logs may be retained for up to 7 years as required for compliance purposes.

6. Your Rights

Depending on your jurisdiction, you have the right to:

• Access your personal data
• Correct inaccurate data
• Delete your account and data
• Export your data in a portable format
• Object to or restrict processing
• Withdraw consent at any time

To exercise these rights, email privacy@privabase.com.

7. Third-Party Services

We use: Vercel (hosting), Supabase (database), Stripe (payments), Google Analytics (website analytics), and Resend (transactional email). Each has their own privacy policy and we only share data necessary for their service.

8. Cookies

We use essential cookies for authentication and session management. Google Analytics uses anonymous cookies. No advertising or tracking cookies are used.

9. International Transfers

Data is processed in the United States. If you are in the EU/EEA, our use of standard contractual clauses and encryption provides appropriate safeguards.

10. Children's Privacy

The Service is not directed to individuals under 16. We do not knowingly collect data from children.

11. Changes

We may update this policy. Material changes will be communicated via email. Continued use after changes constitutes acceptance.

12. Contact

Data Protection Officer: privacy@privabase.com

Spoon Seller LLC, United States