Privacy Policy

This Privacy Policy describes how Spawnbase ("we", "us", or "our") collects, uses, and shares information when you use our workflow automation platform ("Service").

1. Information We Collect

Account Information

When you create an account using Google, GitHub, or Magic Link authentication, we collect:

• Name and email address
• Profile picture (from your OAuth provider)
• OAuth provider identifiers

Workflow Data

When you create and run workflows, we collect:

• Workflow definitions and configurations
• Run history, status, and timing information
• Workflow outputs and results
• Cost and usage metrics

Usage Data

We automatically collect information about how you use the Service:

• Features used and actions taken
• Run counts and execution patterns
• Error logs and diagnostic information

Technical Data

We collect standard technical information including:

• IP address and approximate location
• Browser type and version
• Device type and operating system
• Referring URLs and page views

Payment Information (Future)

When billing is introduced, payment information will be processed by Stripe. We do not store credit card numbers or full payment details on our servers.

2. Third-Party Services & Data Sharing

We share information with the following third-party services to provide the Service:

Pipedream

When you connect integrations (Sentry, Slack, Gmail, etc.), your credentials are stored and managed by Pipedream. We receive only the data necessary to execute your workflows.

LLM Providers

When workflows use AI agents, prompts and relevant context are sent to language model providers (OpenAI, Anthropic, etc.) via Cloudflare AI Gateway for processing. We do not control how these providers handle your data.

Analytics (PostHog)

We use PostHog to understand how users interact with the Service and to improve our product. This includes page views, feature usage, and anonymized behavioral data.

Error Tracking (Sentry)

We use Sentry to monitor and fix errors in the Service. Error reports may include technical information about your session.

Payments (Stripe)

When billing is introduced, payments will be processed by Stripe. Stripe handles all payment card data directly.

3. How We Use Your Information

We use the information we collect to:

• Provide, maintain, and improve the Service
• Execute and monitor your workflows
• Send service-related communications (account updates, security alerts)
• Respond to your support requests
• Detect and prevent fraud, abuse, and security incidents
• Analyze usage patterns to improve the Service
• Comply with legal obligations

Important: We do NOT use your workflow data, prompts, or outputs to train AI or machine learning models. Your data is used only to provide the Service to you.

4. Data Security

We implement appropriate technical and organizational measures to protect your data:

• All data transmitted over HTTPS encryption
• Secure storage with access controls
• Regular security reviews and updates
• Limited employee access on a need-to-know basis

However, no method of transmission or storage is 100% secure. We cannot guarantee absolute security of your data.

5. Data Retention

• Active accounts: Data retained while your account is active
• Deleted accounts: Data purged within 30 days of deletion
• Run logs: Retained for 90 days, then automatically deleted
• Backups: May persist for up to 90 days after deletion for disaster recovery

We may retain certain information longer if required for legal compliance, dispute resolution, or fraud prevention.

6. Your Rights

You have the right to:

• Access: Request a copy of the data we hold about you
• Correction: Request correction of inaccurate information
• Deletion: Request deletion of your account and associated data
• Export: Export your workflow definitions
• Opt-out: Opt out of non-essential communications

To exercise these rights, contact us at legal@spawnbase.ai.

7. Cookies & Tracking

We use the following types of cookies:

• Essential cookies: Required for authentication and security
• Analytics cookies: PostHog for understanding usage patterns

We do not use third-party advertising cookies.

We do not sell your personal information to third parties. We do not share your data for advertising purposes.

8. Children's Privacy

Spawnbase is not intended for users under 13 years of age (or 16 in the EU). We do not knowingly collect information from children. If you believe a child has provided us with personal information, please contact us and we will delete it.

9. International Data Transfers

Your data may be processed in the United States and other countries where our service providers operate. Cloudflare's edge network processes requests globally. By using the Service, you consent to this transfer of information.

10. Changes to This Policy

We may update this Privacy Policy from time to time. For material changes, we will notify you via email or prominent notice in the Service. Your continued use after changes take effect constitutes acceptance of the updated policy.

11. Contact Us

For privacy-related questions or to exercise your rights, contact us at legal@spawnbase.ai.