Spill

Privacy Policy

Last updated: February 13, 2026

1. Introduction

Spill ("we", "our", or "us") operates the Spill feedback platform. This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our service.

2. Information We Collect

Account Information

When you create an account, we collect your email address, name, and authentication credentials. If you sign in via Google OAuth, we receive your email and basic profile information from Google.

Business Information

You may provide business details such as your cafe name, location addresses, logos, and branding preferences.

Feedback Data

Customer feedback submitted through your QR code forms, including text messages, audio recordings, video recordings, and photos. Audio and video may be automatically transcribed using AI services.

Payment Information

Payment processing is handled by Stripe. We do not store credit card numbers or sensitive payment details on our servers. We retain your Stripe customer ID and subscription status.

Usage Data

We may collect information about how you interact with our service, including pages visited, features used, and general usage patterns.

3. How We Use Your Information

  • To provide and maintain our service
  • To process your subscription and payments
  • To send you feedback alerts and digest emails based on your preferences
  • To transcribe audio and video feedback using AI services (OpenAI Whisper)
  • To provide analytics and insights about your customer feedback
  • To communicate with you about your account and service updates
  • To improve and optimize our platform

4. Third-Party Services

We use the following third-party services:

  • Supabase — Database hosting, authentication, and file storage
  • Stripe — Payment processing and subscription management
  • OpenAI — Audio and video transcription (Whisper API)
  • Resend — Transactional email delivery
  • Vercel — Application hosting

Each of these services has their own privacy policy governing how they handle your data.

5. Data Storage and Security

Your data is stored securely using Supabase (built on PostgreSQL) with row-level security policies to ensure data isolation between accounts. Media files are stored in encrypted cloud storage. We implement industry-standard security measures to protect your information.

6. Customer Feedback Privacy

Feedback submitted by your customers through QR code forms is stored in your account and is only accessible to you (the account owner). We do not share individual feedback with third parties. Customers who submit feedback are not required to provide any personal information.

7. Data Retention

We retain your data for as long as your account is active. If you cancel your subscription, your data is retained for 90 days to allow you to reactivate or export your data. After 90 days, all your data (including feedback, media, locations, and forms) is permanently deleted.

You can delete your account at any time through the Settings page, which immediately and permanently removes all your data.

8. Your Rights

You have the right to:

  • Access your personal data through your account dashboard
  • Export all your data at any time (Settings → Export Data)
  • Delete your account and all associated data (Settings → Delete Account)
  • Update your profile information at any time
  • Control email notifications through your alert preferences

9. Cookies

We use essential cookies to maintain your authentication session and remember your preferences. We do not use third-party tracking cookies or advertising cookies. You can manage your cookie preferences through the cookie consent banner displayed when you first visit our site.

10. Children's Privacy

Our service is not directed to individuals under the age of 16. We do not knowingly collect personal information from children. If you believe we have collected information from a child, please contact us.

11. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of any material changes by posting the new policy on this page and updating the "Last updated" date.

12. Contact Us

If you have any questions about this Privacy Policy or our data practices, please contact us at privacy@getspill.app.