Legal
Privacy Policy
Effective date: 20th June 2025
Introduction
This policy (hereinafter referred to as „Policy" or „Privacy Policy") explains how Spoks Technologies Inc. collects, uses, stores, and shares personal data. We operate a software platform that allows businesses to manage and coordinate marketing activities with their customers, followers, or contacts. In order to operate this service, We use personal information about our clients or clients' customers, according to the following principles.
This Policy covers the processing of data of:
- Spoks' Clients - Users who log in to use Our Platform
- Other Users of Spoks - Users who haven't registered to use Our Platform
- Third Parties (Customers) - contacts uploaded by our Clients for marketing use.
We process data in accordance with applicable privacy laws, including:
- United States Laws: such as the California Consumer Privacy Act (CCPA) and its amendments under the California Privacy Rights Act (CPRA)
- European Union Laws: notably the General Data Protection Regulation (GDPR)
We operate as:
- A Data Controller when processing the data of Users of Spoks. Spoks acts as a Data Controller when it collects and processes Personal Data for its own business purposes, including account registration, service delivery, analytics, and direct communications. In that case, We determine the purposes and means of processing Personal Data
- Service Provider (under U.S. law) or Data Processor (under EU law) when processing contact data uploaded by Our Clients. Spoks acts as a Service Provider (under U.S. law) or Data Processor (under EU law) when it processes data uploaded by Clients to enable communication, execute campaigns, or perform analytics, strictly following Clients' instructions.
Definitions
For purposes of this Privacy Policy, the following terms shall have the meanings set forth below:
„We", „Us", „Our", „Spoks" - Spoks Technologies Inc., a Delaware Corporation, File number: 10178760,
„Spoks Platform", „Platform" - web and mobile application developed and maintained by Spoks, through which Registered Users can manage, coordinate marketing activities and interact with third parties (Consumers), delivered as software-as-a-service (SaaS). The webpage is available at spoks.com, mobile app is available on App Store and Google Play Store.
„Client" - a business or individual who registers for Platform to manage relationships, campaigns, or communication with their own clients, followers, or contacts and uses Platform after logging in.
„Customer" - an individual whose personal data is uploaded to the Platform by a Client for marketing use (e.g., the Client's customer, follower, or contact). The Customer is not a direct user of the Platform but is affected by its use.
„User" - any individual who visits Spoks Platform or otherwise interacts with Us. Users of the Spoks Platform can be logged in (Client) or not (Visitor).
„Visitor" - a User who is not logged in to the Spoks Platform but has access to basic application functionalities
„Personal Data", „Personal Information" - any information relating to an identified or identifiable natural person, as defined in applicable privacy laws.
„Service Provider" (US), „Data Processor" (EEA) - a legal entity that processes Personal Data on behalf of a Data Controller. It acts according to a written agreement prohibiting the Service Provider from retaining, using, or disclosing Personal Information for any purpose other than for the specific purpose of performing the services outlined in the agreement.
„Data Controller" - An entity that determines the purposes and means of processing Personal Data. The Company acts as a Controller when it collects and processes Personal Data for its own business purposes, including account registration, service delivery, analytics, and direct communications.
Categories of Personal Data We Are Processing
The categories of data Spoks processes depend on the role Spoks operates in.
As Data Controller:
- Contact information: names, email addresses, phone numbers,
- Account data: login credentials, account settings, billing information,
- Technical data: IP addresses, browser information, device data,
- Usage data: Platform interactions, feature usage, session information.
As Service Provider/Data Processor:
- Contact information of Clients' customers: names, email addresses, phone numbers,
- Marketing data: communication preferences, engagement metrics, execution of marketing activities on behalf of the Client,
- Custom data fields as uploaded by Clients.
Our Platform is not intended for children under 16. We do not knowingly collect Personal Data from children under 16. If we discover we have collected such data, we will delete it promptly.
Purposes of Processing
The purpose of processing data depends on the category of Personal Data as well as the role that Spoks operates in.
As Data Controller, Spoks processes Personal Data in order to:
- Provide and maintain Platform services,
- Process account registration and authentication,
- Send service-related communications,
- Support customer service requests,
- Analyze Platform performance and usage,
- Ensure Platform security and prevent fraud,
- Comply with legal obligations.
As Data Processor/Service Provider, Spoks processes Personal Data in order to:
- Enable Clients to manage contact databases,
- Facilitate marketing campaign execution,
- Provide campaign analytics and reporting,
- Support customer communication activities.
Legal Basis for Processing (EAA) and Legal Grounds (U.S.)
For U.S. Users
We comply with federal and state data privacy laws where applicable. We process data for disclosed business purposes in compliance with applicable regulations.
For EEA Users
We process personal data based on the following legal grounds:
- Consent (Art. 6(1)(a)) – for optional features like marketing emails
- Performance of Contract (Art. 6(1)(b)) – to provide our services
- Legal Obligations (Art. 6(1)(c)) – such as accounting or fraud detection
- Legitimate Interests (Art. 6(1)(f)) – to improve our platform or ensure network security
When acting as a Processor, we rely on our Clients (the Data Controller) to determine the lawful basis.
Your Privacy Rights
Rights of U.S. Residents
Different US states have enacted varying privacy regulations with different requirements and thresholds. Depending on your state of residence and applicable law, you may have the following common rights:
- Right to Know: Request information about the Personal Data we collect, use, and share about you.
- Right to Access: Obtain copies of your Personal Data we maintain.
- Right to Delete: Request deletion of your Personal Data, subject to legal and business exceptions.
- Right to Correct: Request correction of inaccurate Personal Data.
- Right to Opt-Out: Opt out of the sale or sharing of Personal Data for advertising purposes.
- Right to Limit Processing: Request limitation of sensitive Personal Data processing.
- Right to Non-Discrimination: Receive equal treatment regardless of exercising privacy rights.
The specific availability and scope of these rights depend on your state's privacy laws
Rights of EEA Residents
You have the following rights:
- Right of access to your data - Request confirmation of whether we process your Personal Data and obtain copies of your data along with information about processing purposes, recipients, and retention period (Art. 15)
- Right to rectification - Request correction of inaccurate or incomplete Personal Data without undue delay (Art. 16)
- Right to erasure - so-called "right to be forgotten", request deletion of your Personal Data when it is no longer necessary for the original purpose, consent is withdrawn, processing is unlawful, or erasure is required for legal compliance. This right is subject to legal and legitimate interest exceptions (Art. 17)
- Right to restrict processing - request limitation of processing when you contest data accuracy, processing is unlawful, or you object to processing pending verification of our legitimate grounds (Art. 18)
- Right to data portability - receive your Personal Data in a structured, machine-readable format and transmit it to another controller when processing is based on consent or contract and carried out by automated means (Art. 20)
- Right to object to processing - Object to processing based on legitimate interests, including profiling, and to direct marketing communications. We will cease processing unless we demonstrate compelling legitimate grounds (Art. 21)
- Right to withdraw consent - withdraw consent at any time for processing activities based on consent, without affecting the lawfulness of processing before withdrawal (Art. 7(3))
- Right to lodge a complaint with a supervisory authority - file complaints with your local data protection authority regarding our processing practices (Art. 77)
Data Transfers Outside Your Jurisdiction
We may process Personal Data internationally for business operations and service delivery.
- For US Users: Data is primarily processed in the United States under applicable domestic privacy laws.
- EAA Users: International transfers use appropriate safeguards, including Standard Contractual Clauses approved by European authorities or adequacy decisions where available.
Retention of Personal Data
Spoks retains personal data only for as long as necessary to fulfill the purposes for which it was collected, including providing our services, complying with legal obligations, or establishing or defending legal claims.
Please note that retention periods vary in different jurisdictions.
Our retention periods are determined based on the nature of the data, business requirements, legal obligations, regulatory guidance, operational necessity, and security considerations. Different types of data may be retained for different periods based on these factors.
Personal Data related to active accounts and services is retained during the relationship and for a reasonable period thereafter to support potential account reactivation, address service issues, meet business record requirements, and comply with applicable legal obligations.
Certain data may be retained for longer periods when required by applicable law, including financial records for tax and accounting purposes, communications for regulatory compliance, security logs for incident investigation, and other data as mandated by legal or regulatory authorities.
When acting as a Service Provider or Data Processor, we retain Personal Data according to Client instructions, service agreement terms, and applicable legal requirements. Such data is typically deleted promptly following service termination unless the Client instructs otherwise or legal obligations require retention.
We implement automated processes to delete data when retention is no longer necessary, subject to technical limitations and legal requirements.
We honor verified deletion requests unless retention is legally required or necessary for legitimate business purposes such as fraud prevention, security incident investigation, or protection of legal rights.
Cookies and Tracking Technologies
We use cookies and similar tracking technologies to enhance Our Users' experience, analyze usage patterns, and deliver relevant content.
Cookies are small documents (usually text) containing the identifier of the device used by the User.
Cookies are used in particular to use various functions available on the Spoks Platform, optimize the use of the Platform, for statistical purposes, and adapt content of the System to the User's preferences.
The System collects two types of cookies, i.e. session cookies and persistent cookies. Session cookies are stored on the User's end device until the end of using the System's services. Persistent cookies are stored on the User's end device for the time specified in the file or until they are deleted from the end device.
By default, web browsers often have the ability to save cookies on the end device of the User.
The User voluntarily consents to the use of cookies to collect data through them, including accessing data stored on the User's device. The User's consent is not required for cookies that serve the proper functioning of the Spoks Platform.
The Spoks Platform functionality may be affected and incorrect functioning may occur if cookies are not handled by the user's end device.
The User may make changes regarding cookies at any time, both by accepting new cookies and disabling the possibility of saving on the end device.
Types of cookies We might use:
- Essential cookies: required for core functionality of the Spoks Platform
- Analytical cookies: to understand how Users interact with Spoks Platform and to improve performance
- Optional marketing cookies: used to deliver relevant advertising content. These are only activated with explicit user consent in jurisdictions where such consent is required (e.g., the European Union).
Data Security
Spoks takes care to ensure that Personal Data is secured in a proper manner to prevent unauthorized access, use, or disclosure. We implement appropriate organizational and technical safeguards to protect data, including:
- Encryption of data in transit and at rest,
- Access controls and authentication requirements,
- Security monitoring and incident response,
- Regular security assessments,
- Employee training and confidentiality obligations
While we maintain strong security measures, no system is completely secure. Spoks encourages all Users to take additional precautions, such as logging out after each session at Spoks Platform, refraining from sharing personal data unnecessarily and reporting suspected security issues.
Subprocessors
To provide ultimate quality of Spoks, We use the services of other Sub-Processors, including:
- Cloud infrastructure providers,
- Analytics services,
- Communication platforms,
- Security services,
- Customer support tools.
All third parties are contractually required to maintain appropriate data protection standards. Current service providers include major technology companies with established privacy and security practices.
A current list of Spoks' subprocessors that might Process Personal Data:
- Google Inc.
- Functional Software Inc. (Sentry.io)
- Twilio Inc. (Segment.com).
Changes to This Policy
Spoks reserves the right to update or modify the Privacy Policy at any time to reflect changes in Our practices or legal obligations. In the event of significant changes, we will notify users by posting information on the Legal section on our website or within the mobile app.
We encourage Users to review this policy periodically to stay informed of how Spoks protects Personal Data.
Continued Platform use after changes indicates acceptance of the updated terms. Users who disagree with changes may close their accounts and request data deletion.
Contact Us
Spoks aims for each User to be aware of the Policy's principles and their rights. If you have questions, concerns, or wish to exercise your rights, do not hesitate to contact Us at: privacy@spoks.com
We will respond to your inquiry in accordance with applicable law and within a reasonable timeframe.