Spaak Privacy Policy

Last updated: 30 May, 2024


This privacy notice applies to Spaak Technologies ApS. (“Spaak,” “we,” “our,” “us”).

“Hamilton” refers to our software platform for public affairs.


Your data is your own, and we prioritize its privacy. To be absolutely clear, Spaak

Technologies will never sell your data (or your users' data) to third parties. We will only

access your account to assist with a problem or fix a software bug.


Identity & Access

When you sign up for Spaak, we ask for your name, company name, and email address.

That’s just so you can personalize your new account, and we can send you invoices,

updates, or other essential information. We’ll never sell your personal info to third parties,

and we won’t use your name or company in marketing statements without your permission,

either.


You always have the right to access the personal information we store about you. And, if you

wish to further limit our use of your personal information, please contact us.


Users of Hamilton can store any type of information in Hamilton, but Spaak does not access

or share that data, and does not know what type of data you or other users are storing. The

data is only used by the account owner and invited users as they intend to use it.


When you pay for Hamilton, we ask for your bank account details or similar details, so we

can charge you for our service, calculate taxes due, and send you invoices.


When you write Spaak with a question or to ask for help, we’ll keep that correspondence,

and the email address, for future reference. When you browse our marketing pages, we’ll

track that for statistical purposes (like conversion rates and to test new designs). We also

store any information you volunteer, like surveys, for as long as it makes sense.


The only times we’ll ever share your info:

  • To provide products or services you’ve requested, with your permission. See list of

third-party services we use under “Processors we use” in this policy.

  • To investigate, prevent, or take action regarding illegal activities, suspected fraud,

situations involving potential threats to the physical safety of any person, violations of

our Terms of Service, or as otherwise required by law.

  • If Spaak is acquired by or merged with another company — we don’t plan on that, but

if it happens — we’ll notify you well before any info about you is transferred and

becomes subject to a different privacy policy.

  • Spaak does not share individual’s personal data with non-agent third parties. If this

policy changes in the future, we will notify individuals and provide them with an

opportunity to opt-out of having their data shared.



User Input and Personal Information

Our software platform is designed to ensure the privacy and security of all users. As part of

our commitment to protecting your data, we have implemented a policy that prohibits the

inclusion of personal information in any user inputs or prompts.


We ask all users to adhere to the following rules:

  • Do not include any personal information in your prompts or any other inputs on the

platform.

  • Use generic or non-identifiable data when creating prompts or inputs.

  • Ensure that any information shared complies with this policy and does not

compromise your or others' privacy.


The purpose of these guidelines is to protect users' privacy and personal data and comply

with data protection regulations and standards.


As a user of our platform, you are responsible for ensuring that your inputs do not contain

personal information. By using our platform, you agree to comply with this policy and

understand the importance of protecting personal data.


Your Rights With Respect to Your Information

You may have heard about the General Data Protection Regulation (“GDPR”) in Europe.

GDPR gives people under its protection certain rights with respect to their personal

information collected by us on the Site. Accordingly, Spaak recognizes and will comply with

GDPR and those rights, except as limited by applicable law. The rights under GDPR include:


  • Right of Access. This includes your right to access the personal information we

gather about you, and your right to obtain information about the sharing, storage,

security and processing of that information.

  • Right to Correction. This is your right to request correction of your personal

information.

  • Right to Erasure. This is your right to request, subject to certain limitations under

applicable law, that your personal information be erased from our possession (also

known as the “Right to be forgotten”). However, if applicable law requires us to

comply with your request to delete your information, fulfillment of your request may

prevent you from using Spaak services and may result in closing your account.

  • Right to Complain. You have the right to make a complaint regarding our handling of

your personal information with the appropriate supervisory authority.

  • Right to Restrict Processing. This is your right to request restriction of how and why

your personal information is used or processed.

  • Right to Object. This is your right, in certain situations, to object to how or why your

personal information is processed.

  • Right to Portability. This is your right to receive the personal information we have

about you and the right to transmit it to another party.

  • Right to not be subject to Automated Decision-Making. This is your right to object and

prevent any decision that could have a legal, or similarly significant, effect on you

from being made solely based on automated processes. This right is limited,

however, if the decision is necessary for performance of any contract between you

and us, is allowed by applicable European law, or is based on your explicit consent.

  • Many of these rights can be exercised by signing in and directly updating your

account information. If you have questions about exercising these rights or need

assistance, please contact us at lucas@spaak.ai.


You may also have the right to make a GDPR complaint to the relevant Supervisory

Authority. A list of Supervisory Authorities is available here:

https://edpb.europa.eu/about-edpb/board/members_en


Processors we use

As part of the services we provide, such as cloud computing providers and customer support

software, to provide our services. For identification of these processors, and where they are

located, please see the list below.


Spaak is the controller of data about you (our customer). This does not include data about

your customers/users.


  • Attio - CRM. United Kingdom

  • Hetzner - Supplier of dedicated servers. Germany & Finland.


Security & Encryption

All data is encrypted via SSL/TLS when transmitted from our servers to your browser. The

database backups are also encrypted. Your prompts inputted to Hamilton are encrypted in

our database and passwords, too. All data isn’t encrypted while it’s live in our database, but

we go to great lengths to secure your data at rest.


Cookies

In order to improve our services and the website, and provide more convenient, relevant

experiences to you, we and our vendors may use “cookies”, “web beacons”, and similar

devices to track your activities.


Third Parties

You understand that Spaak uses third party vendors and hosting partners to provide the

necessary hardware, software, networking, storage, and related technology required to

provide you with our services. A current list of vendors is available upon request.


Data Deletion

When you cancel your account, you can request to get your data deleted on

lucas@spaak.ai. Spaak furthermore reserves the right to delete your data 60 days after you

have canceled your account. This information can not be recovered once it has been

permanently deleted.


Law Enforcement

While we may be required to disclose your personal information in response to a lawful

request by public authorities, including to meet national security or law enforcement

requirements, Spaak won’t otherwise hand your data over to law enforcement unless a court

order says we have to. We flat-out reject such other requests from local and federal law.

enforcement when they seek data without a court order. And unless we’re legally prevented

from it, we’ll always inform you when such requests are made. We will provide delayed

notice if the legal prohibition is lifted.


Location of Site and Data

This Site and Hamilton is operated in the EU with servers in Germany and Finland.


Changes & Questions

Spaak may update this policy once in a while — we’ll notify you about significant changes by

emailing the account owner or by placing a prominent notice on our site. You can access,

change or delete your personal information at any time by contacting us at lucas@spaak.ai,

or by mail at Spaak Technologies ApS., Jagtvej 113H, 2. sal, København N 2200, Danmark.


Questions about this privacy policy? Please contact us at lucas@spaak.ai, or by mail at

Spaak Technologies ApS., Straussvej 14 1 th, 2450 København SV, Danmark, and we’ll be

happy to answer them!


This policy has been adapted from the Basecamp open-source policies / CC BY 4.0.