Policy

Privacy Policy

Last updated on 19 November 2025

1. Introduction

SpotBeam.ai (“SpotBeam”, “we”, “our”, or “us”) is committed to protecting your privacy. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our website, platform, and AI-based services (collectively, the “Services”). By accessing SpotBeam.ai, you agree to the practices described in this Privacy Policy.

2. Information We Collect
2.1 Information You Provide

We collect information you provide directly:

  • Account information (name, email address, password)

  • Company information (company name, website)

  • Payment information (processed securely by our payment providers)

  • Communications with our support team

  • Preferences and settings within the platform

2.2 Information Collected Automatically

  • IP address, browser type, device information

  • Usage patterns (pages visited, features used, timestamp logs)

  • AI interaction data (prompts, responses, generated content)

  • Cookies and tracking technologies for analytics

2.3 Third-Party Integrations

When you connect external accounts, we may access the following to operate the service:

Google Business Profile

  • Reviews

  • Review replies

  • Business info & updates

  • Insights/analytics

Meta (Facebook & Instagram)

  • Page access

  • Post scheduling and publishing

  • Ad account configurations

  • Ad performance metrics

WhatsApp

  • Incoming messages

  • Lead details

  • Automated replies

We only access the data required to deliver the features you choose to use.

3. How We Use Your Information

We use your information to:

  • Provide and improve SpotBeam services

  • Automate review replies, posts, ads, and lead responses

  • Synchronize your business data with Google, Meta, and WhatsApp

  • Offer insights, analytics, and performance dashboards

  • Personalize AI-generated content

  • Prevent fraud and ensure platform security

  • Communicate updates, billing reminders, and support responses

4. How We Store & Protect Your Data

  • All data is encrypted at rest and in transit.

  • Access is limited to authorized personnel.

  • Cloud infrastructure follows industry security standards.

  • Regular audits and system monitoring protect against vulnerabilities.

You are responsible for maintaining the confidentiality of your password.

5. AI Data Handling

  • AI inputs (reviews, prompts, messages, content) are processed solely to generate outputs for your account.

  • We do not use customer data to train external or public AI models.

  • You can request deletion of your stored data anytime.

  1. Data Sharing and Disclosure

We share your information only in these circumstances:

5.1 Service Providers

We work with third-party service providers:

  • Cloud hosting providers (AWS, Google Cloud)

  • Google, Meta, WhatsApp APIs only when you connect your accounts

  • Payment processors (Stripe)

  • Email delivery services

  • AI processing (OpenAI)

  • Analytics and monitoring tools

5.2 Legal Requirements

We may disclose information if required by law, court order, or government request.

5.3 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred to the acquiring entity.

5.4 What We Don't Do

We never:

  • Sell your personal data to third parties

  • Share your analytics data with competitors or advertisers

  • Use your data to train AI models for other customers

6. Data Security

We implement industry-standard security measures:

  • Encryption in transit (TLS 1.3) and at rest (AES-256)

  • OAuth 2.0 for secure third-party authentication

  • Regular security audits and penetration testing

  • Access controls and least-privilege principles

  • SOC 2 compliance (Type II)

  • Secure data centers with physical security

  • Regular backups with encrypted storage

7. Data Retention

We retain your data as follows:

  • Active accounts: Data retained while your account is active

  • Canceled accounts: Data deleted 30 days after cancellation

  • Analytics data: Retained for up to 13 months for historical comparisons

  • Logs and security data: Retained for 90 days

  • Financial records: Retained for 7 years for tax and legal compliance

You can request immediate data deletion by contacting support.

8. Your Rights and Choices

You have the right to:

  • Access: Request a copy of your personal data

  • Correction: Update inaccurate or incomplete information

  • Deletion: Request deletion of your data (right to be forgotten)

  • Export: Download your data in a portable format

  • Opt-out: Unsubscribe from marketing emails

  • Revoke consent: Disconnect third-party integrations at any time

  • Object: Object to processing for legitimate interests or direct marketing

To exercise these rights, contact us at info@spotbeam.ai or through your account settings.

9. Cookies and Tracking

We use cookies and similar technologies:

  • Essential cookies: Required for authentication and security

  • Functional cookies: Remember your preferences and settings

  • Analytics cookies: Understand how you use our service

  • Marketing cookies: Deliver relevant ads (with consent)

You can control cookies through your browser settings. Note that disabling essential cookies may affect functionality.

10. International Data Transfers

Spotbeam operates globally. Your data may be transferred to and processed in countries other than your own. We ensure appropriate safeguards are in place, including:

  • Standard Contractual Clauses approved by the EU Commission

  • Data Processing Agreements with all service providers

  • Adequacy decisions where applicable

11. Children's Privacy

Spotbeam is not intended for users under 16 years of age. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us immediately

12. California Privacy Rights (CCPA)

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • Right to know what personal information is collected

  • Right to know if personal information is sold or disclosed

  • Right to say no to the sale of personal information (we don't sell data)

  • Right to access your personal information

  • Right to deletion of personal information

  • Right to non-discrimination for exercising your rights

13. GDPR Compliance (European Users)

For users in the European Economic Area (EEA), UK, and Switzerland, we comply with GDPR requirements. Our legal basis for processing includes:

  • Contract performance: Processing necessary to provide the Service

  • Consent: For marketing communications and optional features

  • Legitimate interests: For service improvement and security

  • Legal obligations: For compliance with laws

14. Changes to Privacy Policy

We may update this Privacy Policy periodically. We will notify you of material changes via:

  • Email notification to your registered email address

  • Prominent notice within the Service

  • Update to the "Last Updated" date at the top of this page

Continued use of Spotbeam after changes constitutes acceptance of the updated policy.

15. Contact Us

If you have questions, concerns, or requests regarding this Privacy Policy or your data:

Email: info@spotbeam.ai
Data Protection Officer: info@spotbeam.ai

We aim to respond to all inquiries within 30 days.