Privacy Policy

Spullio ("we," "us," or "our") is an inventory management application that takes your privacy seriously. This Privacy Policy explains what personal data we collect from users of the Spullio app ("Service"), how we use and store that data, and under what circumstances we share it. As a Netherlands-based service, we comply with the EU General Data Protection Regulation (GDPR) and other applicable privacy laws.

By using Spullio, you agree to the collection and use of information in accordance with this Privacy Policy. If you do not agree, please do not use the Service.

We collect various types of information to provide and improve our Service, including:

• Account Information: When you create an account via our authentication provider (Clerk), we collect personal identifiers such as your name, email address, and password. Clerk handles the sign-up/sign-in process on our behalf, so your login credentials and profile details are processed through Clerk's secure systems.
• User-Generated Content: The inventory data you input into Spullio (e.g. item names, descriptions, categories) and any files you upload (such as photos of items, documents, receipts) are stored in our database. This content may include personal data if you choose to include it in descriptions or attachments.
• Usage Data: We automatically collect usage information such as logins, page interactions, and features used. This may include device information, browser type, and IP address for security and analytics purposes. We use this data to troubleshoot issues, analyze trends, and improve the user experience.
• AI Query Data: If you use Spullio's AI-powered features (e.g. AI recognition of images or natural language search), the relevant data (such as the photo or text query) is sent to our AI service provider (OpenAI) for processing. We only transmit the information needed for the AI functionality (e.g. an image or query text), and we do not include more personal data than necessary.

We do not knowingly collect any sensitive personal information unless you voluntarily provide it through the app. We also do not knowingly solicit or collect data from children under 16 without appropriate consent (see "Children's Privacy" below).

We use the collected data for the following purposes:

• Providing and Improving the Service: Your data is used to operate Spullio's core functionality – for example, storing your inventory items, displaying your content back to you, and enabling search and organization features. We also analyze usage patterns to improve features, fix bugs, and enhance performance.
• Authentication and Account Management: We use your account information to authenticate you via Clerk when you log in, manage user accounts, and personalize your experience. Authentication cookies or tokens may be stored on your device to keep you logged in securely (see "Cookies" below).
• AI Functionality: For features like AI recognition or smart search, we send your query or content to OpenAI's API. The data is used by OpenAI's algorithms to generate responses or identifications for you. According to OpenAI, data submitted via their API is not used to train OpenAI's models or improve their services by default[1]. This means your content is processed only to provide you with the AI-driven results and not retained by OpenAI for model training.
• Payments and Subscription Management: If you choose a paid subscription, we use your information to manage billing through our payment processor (Stripe). For example, we may keep a record of your plan selection and payment status. Stripe will handle your payment card information directly, and we receive confirmation of payment and basic subscriber info (like your name, email, and subscription tier).
• Communications: We may use your contact information (email) to send you service-related notices such as confirmations, invoices, technical alerts, or updates about important changes. We will not send you marketing emails without your consent.
• Legal Compliance and Protection: We may process your personal data as required to comply with legal obligations, such as keeping transaction records for tax/accounting or responding to lawful requests by authorities. We also may use and disclose data as necessary to enforce our Terms of Service, investigate fraud, security issues, or protect the rights and safety of Spullio, our users, or others.

We do not sell, rent, or trade your personal information to third parties for their marketing purposes. We may share your information in the following limited circumstances:

• With Service Providers (Processors): We share data with trusted third-party providers who help us operate the Service. These providers process data only on our instructions and for the purposes described below:
• Legal Requirements: We may disclose your information if required by law, court order, or other governmental authority, or if we believe in good faith that disclosure is necessary to comply with legal obligations, protect our rights, or ensure the safety of our users.
• Business Transfers: In the event of a merger, acquisition, or sale of assets, your information may be transferred to the new entity, subject to the same privacy protections outlined in this policy.
• With Your Consent: We may share your information with third parties when you give us explicit consent to do so.
• Aggregated Data: We may share aggregated, non-personally identifiable information about our users for research, analytics, or business purposes.

Spullio uses cookies and similar technologies to ensure the Service functions correctly and to enhance your experience. In particular:

• Essential Cookies: When you log in, Clerk (our auth provider) may set a secure cookie or token in your browser to keep you signed in. This cookie is essential for the Service to recognize your account between page visits and is considered "strictly necessary." It does not track you outside of the Spullio service.
• Analytical Cookies: At this time, Spullio does not use any third-party analytics or advertising trackers that profile users. We may use our own internal analytics (or basic tools that do not collect personal data beyond usage metrics) to understand how the Service is used. If in the future we implement analytics cookies or similar technologies, we will update this Policy and, if required by law, obtain your consent.
• Third-Party Cookies: When using AI features like image recognition, the data is sent directly to our servers and then to OpenAI for processing, but we do not use any client-side tracking beyond the necessary API calls. Our service providers (Clerk, Supabase, Stripe) may set their own cookies as needed to provide their services.
• Managing Cookies: You have the ability to control cookies through your browser settings. However, please note that disabling cookies (especially the authentication cookie) may prevent you from using essential features of Spullio, as things like staying logged in rely on cookies. We might also use cookies to remember your preferences (e.g. interface settings or language) so that the app is more convenient to use.

We take the security of your personal information seriously and implement appropriate technical and organizational measures:

• Technical Measures: We use encryption, secure connections (HTTPS), and other industry-standard security practices to protect data in transit and at rest.
• Access Controls: Access to your personal data is limited to authorized personnel and service providers who need it to provide the Service.
• Regular Updates: We regularly update our security practices and monitor for potential vulnerabilities.
• Security Limitations: While we strive to protect your information, no method of transmission over the internet or electronic storage is 100% secure[5]. We cannot guarantee absolute security.

We retain your personal information for as long as necessary to provide the Service and comply with our legal obligations:

• Active Accounts: While your account is active, we retain your data to provide the Service.
• Account Deletion: When you delete your account, we will delete your personal data within 30 days, except where retention is required for legal or operational purposes.
• Legal Retention: Some data may be retained longer to comply with legal obligations, resolve disputes, or enforce our agreements.
• Backup Data: Data in our backup systems may take additional time to be completely removed.

Depending on your location, you may have certain rights regarding your personal information:

• Right to Access: You have the right to request information about the personal data we hold about you.
• Right to Rectification: You can request that we correct inaccurate or incomplete personal data.
• Right to Erasure: You can request that we delete your personal data ("right to be forgotten"), and we will erase your personal data, provided we do not have a legal obligation to retain it[6].
• Right to Data Portability: You can request a copy of your personal data in a structured, machine-readable format.
• Right to Object: You can object to certain types of processing of your personal data.
• Right to Restriction: You can request that we restrict the processing of your personal data in certain circumstances.
• Exercising Your Rights: To exercise these rights, please contact us at support@spullio.com. We will respond to your request within the timeframes required by applicable law.

Your data may be processed and stored outside your home country:

• EU Adequacy: As a Netherlands-based service, data processing within the EU is subject to GDPR protections.
• Third Country Transfers: Some of our service providers (such as OpenAI) may be located outside the EU[4]. We ensure appropriate safeguards are in place for such transfers.
• Transfer Safeguards: We use standard contractual clauses and other approved mechanisms to protect your data during international transfers.

• Age Restriction: Spullio is not intended for children under 16 years old. We do not knowingly collect personal information from children under 16 without parental consent[8].
• Parental Consent: If you are a parent or guardian and believe your child has provided personal information, please contact us immediately.
• Underage Data Discovery: If we discover that we have collected personal information from a child under 16 without parental consent, we will promptly delete such information.

• Policy Updates: We may update this Privacy Policy from time to time to reflect changes in our practices or applicable law.
• Change Notification: We will notify you of significant changes by updating the date at the top of this policy and, for material changes, by additional notice such as email or in-app notification.
• Continued Use: Your continued use of Spullio after changes are posted constitutes your acceptance of the revised Privacy Policy[9].

If you have any questions, concerns, or requests regarding this Privacy Policy or your personal data, please contact us. As a small, founder-led company, we are happy to assist you and take privacy seriously. You can reach out via:

• Email: support@spullio.com
• Spullio is a product of vanYperen.com

We will respond to your inquiries as promptly as possible. If you're in the EU, our founder serves as the data controller for Spullio and can address your GDPR-related queries or concerns. Thank you for trusting Spullio with your inventory data – we are committed to keeping that trust through our privacy practices.