Data Policy
Last updated: March 31, 2026 · Version 1.2
Issued by Spotbookr Inc on behalf of Spotsavr
Introduction
When you use Spotsavr, you share information with us. This Policy explains how Spotbookr Inc, as the operator of Spotsavr, acts as the data controller for that information, meaning we determine why and how your data is processed.
This Policy applies to data collected through spotsavr.com, app.spotsavr.com, related emails, and any other Spotsavr-branded services operated by Spotbookr Inc. It should be read alongside our Cookie Policy and Terms & Conditions.
1. Who We Are
Spotbookr Inc is the data controller for personal data collected through Spotsavr. Spotbookr Inc is the parent company of a group of technology platforms including:
- spotsavr.com, influencer promo code platform (this Service)
- spotbookr.com, the Spotbookr parent platform
- sbkrindex.com, a Spotbookr data and index platform
- Other current and future subsidiaries, affiliated platforms, and products of Spotbookr Inc (the “Spotbookr Group”)
References to “we”, “us”, or “our” in this Policy refer to Spotbookr Inc as data controller. Where data is processed across the Spotbookr Group, relevant group entities may act as joint controllers or processors, as described in Section 5.
2. Data We Collect
We collect data about you in several ways: data you give us directly, data generated by your use of the Service, and data we receive from third parties.
2.1 Data You Provide Directly
| Data | When collected | Why |
|---|---|---|
| Email address | Registration | Account creation, login, communications |
| Username / display name | Registration or profile setup | Identify you on the platform |
| Password (hashed & salted) | Registration | Secure authentication |
| Profile picture | Optional, profile setup | Personalise your profile |
| Bio / interests | Optional, profile setup | Feed personalisation |
| Reports / feedback | When you report a code or contact us | Service improvement, support |
2.2 Data Generated by Your Use of the Service
| Data | Description |
|---|---|
| Usage data | Pages visited, features used, time spent on each section, scroll depth, click patterns |
| Interaction data | Codes you copy, save, like, or report; brands and creators you follow or unfollow |
| Search & filter data | Search terms entered, filters applied, categories browsed |
| Session data | Login times, session duration, logout events, 2FA activity |
| Device & technical data | IP address, browser type and version, operating system, device type, screen resolution, language settings |
| Referral data | The URL or source that referred you to Spotsavr |
| Error & performance data | Errors encountered, page load times, API response times |
| Deal sighting data | Promotional banner text from retailer pages (domain, banner snippet up to 1,000 chars, source) — captured when no specific promo code is identified |
| Code discovery data | When the Hermes browser extension detects a potential promo code on a web page, the following is sent to our servers: the domain, the code text, the detection method (banner, URL, input field, or meta tag), and a short context snippet (up to 500 characters). The full page content is never transmitted. |
| Email engagement data | Whether you opened an email we sent (via a tracking pixel), whether you clicked a link in the email (via a redirect), your IP address and user agent at the time of the interaction |
2.3 Data from Third Parties
We may receive data about you from:
- Other Spotbookr Group platforms, if you use SSO (single sign-on) to access Spotsavr from another Spotbookr platform, we receive basic account data from that platform.
- Social media platforms, if you connect a social account (where this feature is offered), we receive the data you authorise.
- Email service providers, whether you have opened or interacted with emails we send you.
- First-party email tracking: emails sent by Spotsavr may contain a tracking pixel (1×1 transparent image) and tracked links. When you open an email or click a link, we record the event type, timestamp, your IP address, and user agent. This data is used to measure engagement and improve email quality.
3. How We Use Your Data
We use your data only for legitimate purposes. Here is a full breakdown:
| Purpose | Data Used | Details |
|---|---|---|
| Providing the Service | Account, usage, interaction data | To operate Spotsavr, authenticate you, deliver your personalized feed, and process your code saves and likes |
| Personalisation | Interests, interaction data, follows | To rank and surface codes most relevant to you based on the brands and creators you follow |
| Communications | Email address | To send account confirmation, security alerts, password resets, and service notifications. You may opt out of non-essential communications. |
| Security & fraud prevention | IP address, device data, session data | To detect unauthorized access, prevent account takeovers, and protect the integrity of the platform |
| Service improvement | Usage, error, performance data | To identify bugs, improve features, and measure the impact of changes |
| Analytics | Aggregated usage data | To understand how the Service is used at scale, including which features are popular and how users navigate the platform |
| Research & technical development | Interaction, usage, and preference data | See Section 12 for full details. Data is used across the Spotbookr Group for product development, algorithm training, and platform research. |
| Code database expansion | Code discovery data | To discover new promo codes across retailer websites, improve code freshness, and grow the Spotsavr database |
| Email engagement analysis | Email tracking data | To measure open and click rates, optimise email content and frequency, and ensure deliverability |
| Legal compliance | All categories as required | To comply with applicable laws, respond to legal requests, and enforce our Terms & Conditions |
4. Legal Basis for Processing
Where applicable data protection law requires us to identify a legal basis for processing your personal data, we rely on the following:
- Contract performance: Processing necessary to provide the Service you have signed up for (e.g. authentication, feed delivery).
- Consent: Where you have given specific consent, such as for research and development data use, cross-platform sharing within the Spotbookr Group, and certain cookies. You may withdraw consent at any time, though this will not affect the lawfulness of processing before withdrawal.
- Legitimate interests: Where processing is necessary for our legitimate business interests (e.g. fraud prevention, analytics, service improvement), provided those interests are not overridden by your rights.
- Legal obligation: Where processing is required to comply with applicable law.
5. Data Sharing Within the Spotbookr Group
By creating an account or using Spotsavr, you expressly acknowledge and consent to your personal data and usage data being shared with and processed by other entities within the Spotbookr Group, including:
- Spotbookr.com, the Spotbookr parent platform
- SBKRIndex.com, the Spotbookr data index platform
- Any other current or future subsidiaries, affiliates, and platforms operated by Spotbookr Inc
Data shared within the Spotbookr Group is used for the following purposes:
- Providing seamless authentication and SSO across Spotbookr Group platforms;
- Internal analytics and business reporting across the Group;
- Technical research and product development (see Section 12);
- Training and improving algorithms used across Spotbookr Group platforms, including recommendation systems, quality scoring models, and content ranking;
- Fraud prevention and security coordination across platforms;
- Operational and administrative purposes.
All entities within the Spotbookr Group are bound by data protection obligations consistent with this Policy. Data shared within the Group is not used for purposes beyond those described above without additional consent.
6. Sharing with Third Parties Outside the Spotbookr Group
We do not sell your personal data to third parties outside the Spotbookr Group. However, we may share data with the following categories of trusted service providers:
| Category | Purpose | Examples |
|---|---|---|
| Cloud hosting & infrastructure | Storing and serving data and the application | VPS providers, CDN services |
| Email delivery | Sending transactional and notification emails | SMTP / email API providers |
| Analytics | Web analytics and performance monitoring | Google Analytics 4 (Google LLC) — collects anonymised usage data including pages visited, session duration, device type, and approximate location. Google's privacy policy: policies.google.com/privacy. By creating an account and accepting these Terms, you consent to analytics tracking while using the Spotsavr service. |
| Security | DDoS protection, bot detection, fraud prevention | Security service providers |
All third-party service providers are contractually required to:
- Only process data on our documented instructions;
- Implement appropriate technical and organizational security measures;
- Not use your data for their own independent purposes;
- Delete or return data when their services are no longer required.
We may also disclose data where required to do so by law, court order, or government authority, or where we reasonably believe disclosure is necessary to protect the rights, property, or safety of Spotbookr Inc, its users, or the public.
7. International Data Transfers
Spotbookr Inc is a technology company and your data may be processed in countries outside your own, including countries that may not have equivalent data protection laws to those in your jurisdiction. Where we transfer personal data internationally, we take appropriate steps to ensure that it receives an adequate level of protection, including through contractual arrangements with data processors.
8. Data Retention
We retain your data for as long as necessary to provide the Service and for the purposes described in this Policy. The following retention periods apply:
| Data Type | Retention Period |
|---|---|
| Account data (email, username, password hash) | For the life of your account, plus up to 90 days after deletion for administrative purposes |
| Interaction data (saves, likes, follows, copies) | For the life of your account; may be retained in anonymized form after deletion |
| Usage & session logs | Up to 12 months in identifiable form; may be retained in aggregated/anonymized form indefinitely for research |
| Device & IP data | Up to 6 months, or longer where required for security or legal purposes |
| Email communications | Up to 24 months |
| Code discovery data | Indefinitely, or until the discovered code is confirmed expired and removed from the database |
| Email engagement data (opens, clicks) | Up to 12 months in identifiable form; retained in aggregated form indefinitely |
| Research & analytics data (anonymized) | Indefinitely, in anonymized or aggregated form |
When you request deletion of your account, we will delete or anonymise your personal data within a reasonable period, subject to any legal obligations that require us to retain certain data for longer (e.g. fraud investigation, legal proceedings).
9. Data Security
We implement appropriate technical and organizational measures to protect your personal data against unauthorized access, accidental loss, alteration, disclosure, or destruction. These measures include:
- Password hashing using industry-standard algorithms (bcrypt);
- HTTPS encryption for all data in transit;
- Two-factor authentication (2FA) available for all accounts;
- Access controls limiting who within Spotbookr Inc can access personal data;
- Regular security reviews of our infrastructure;
- Session expiry and token rotation.
Despite these measures, no system is 100% secure. We cannot guarantee the absolute security of your data and are not responsible for security breaches that are outside our reasonable control. In the event of a data breach affecting your rights, we will notify you and relevant authorities as required by applicable law.
10. Your Rights
Depending on your jurisdiction, you may have some or all of the following rights with respect to your personal data:
| Right | What it means |
|---|---|
| Right of access | You can request a copy of the personal data we hold about you |
| Right to rectification | You can ask us to correct inaccurate or incomplete data |
| Right to erasure | You can ask us to delete your personal data (subject to legal retention obligations) |
| Right to restriction | You can ask us to restrict how we use your data in certain circumstances |
| Right to data portability | You can ask for your data in a machine-readable format to transfer to another provider |
| Right to object | You can object to processing based on legitimate interests, including for research purposes |
| Right to withdraw consent | Where processing is based on consent, you can withdraw it at any time |
To exercise any of these rights, please contact us via spotbookr.com. We will respond within a reasonable timeframe and no later than required by applicable law. We may need to verify your identity before processing your request.
If you are unhappy with how we have handled your data, you have the right to lodge a complaint with the relevant data protection authority in your jurisdiction.
11. Children’s Privacy
The Service is not directed at children under the age of 18. We do not knowingly collect personal data from persons under 18. If you are under 18, please do not use the Service or provide any personal data. If we become aware that we have collected data from a person under 18 without appropriate consent, we will delete that data as promptly as possible. If you believe a child has provided us with their personal data, please contact us immediately.
12. Research & Technical Use of Your Data
One of the core purposes for which we collect and process data is research and technical development across the Spotbookr Group. We want to be fully transparent about what this means:
What “research and technical purposes” means in practice
Your interaction data, including which codes you view, copy, save, like, and skip; which brands and creators you follow; how you navigate the feed; and how your preferences change over time, is used to:
- Train and improve the quality scoring algorithms that rank codes across Spotsavr and other Spotbookr Group platforms;
- Develop and refine personalisation and recommendation models;
- Understand user behavior patterns to improve product design and feature development across the Spotbookr Group;
- Conduct A/B testing and experimentation to evaluate new features;
- Build and maintain data infrastructure shared across the Spotbookr Group, including spotbookr.com and sbkrindex.com.
Where possible, data used for research purposes is anonymized or aggregated so it cannot be linked back to you individually. Where identifiable data is used, it is accessed only by authorized personnel within the Spotbookr Group and handled in accordance with this Policy.
You have the right to object to your data being used for research purposes. To do so, contact us via spotbookr.com. Note that objecting to this use may limit our ability to personalise the Service for you.
13. Changes to This Policy
We may update this Data Policy from time to time. When we make changes, we will update the “Last updated” date at the top. For material changes, we will endeavor to notify you via email or through a prominent notice in the Service. Continued use of the Service after changes are posted constitutes acceptance of the revised Policy.
14. Contact & Complaints
For any questions, requests, or concerns about how we handle your data, or to exercise your rights under Section 10, please contact us:
Spotbookr Inc, Data & Privacy
Website: spotbookr.com
See also: Terms & Conditions · Cookie Policy
If you are located in the European Economic Area or United Kingdom and believe we have not handled your data in accordance with applicable law, you have the right to lodge a complaint with your local data protection supervisory authority.