Privacy Policy

1. Introduction

Spotly ("we," "our," or "us") operates a platform that connects creative professionals with unique spaces for photo shoots, video production, and other creative projects. This Privacy Policy describes how we collect, use, disclose, and safeguard your information when you use our website, mobile application, and related services (collectively, the "Service").

By using our Service, you agree to the collection and use of information in accordance with this policy. If you do not agree with our policies and practices, please do not use our Service.

2. Information We Collect

2.1 Information You Provide to Us

• Account Information: Name, email address, password, and account type (Creator, Owner, or Admin)
• Profile Information: Profile pictures, biographical information, and preferences
• Location Listings: Property descriptions, addresses, pricing, availability schedules, and uploaded images
• Booking Information: Booking requests, dates, times, messages, and payment details
• Communications: Messages, reviews, ratings, and correspondence with us or other users
• Support Requests: Information provided when contacting customer support

2.2 Information Collected Automatically

• Device Information: IP address, browser type, operating system, device identifiers
• Usage Information: Pages visited, time spent on pages, click-through rates, search queries
• Location Data: Approximate location based on IP address for location recommendations and content personalization
• Cookies and Tracking: Authentication tokens, user preferences, language settings, and analytics data

2.3 Information from Third Parties

• OAuth Providers: When you sign in with Google, Facebook, or Apple, we receive your name, email, and profile picture
• Payment Processors: Transaction data and payment verification information
• Geolocation Services: Country and city information for content localization

3. How We Use Your Information

3.1 Service Provision

• Create and manage your account
• Process bookings and facilitate transactions
• Enable communication between users
• Display location listings and search results
• Provide customer support and resolve disputes

3.2 Platform Improvement

• Analyze usage patterns to improve our Service
• Personalize content and recommendations
• Conduct research and analytics
• Develop new features and functionality

3.3 Communication

• Send transactional emails (booking confirmations, notifications)
• Provide customer support responses
• Send important updates about our Service
• Marketing communications (with your consent)

3.4 Safety and Security

• Verify user identity and prevent fraud
• Enforce our Terms of Service
• Protect against abuse and harmful activities
• Comply with legal obligations

4. How We Share Your Information

We do not sell your personal information. We may share your information in the following circumstances:

4.1 With Other Users

• Your public profile information (name, profile picture) is visible to other users
• Location owners can see booking requests and creator contact information
• Creators can see location owner information for confirmed bookings
• Reviews and ratings are publicly visible

4.2 Service Providers

• Cloudinary: Image hosting and optimization services
• Google Maps: Location services and mapping functionality
• Email Services: Transactional and notification emails
• Payment Processors: Secure payment processing
• Analytics Providers: Website and app performance analytics

4.3 Legal Requirements

We may disclose your information if required by law, legal process, or government request, or to protect our rights, property, or safety, or that of others.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction.

5. Data Storage and Security

5.1 Data Storage

• User data is stored in secure PostgreSQL databases
• Images are stored on Cloudinary's secure cloud infrastructure
• Data is primarily stored on servers in the United States
• We implement appropriate data backup and recovery procedures

5.2 Security Measures

• Passwords are encrypted using industry-standard bcrypt hashing
• Data transmission is secured using HTTPS/TLS encryption
• Access controls and authentication mechanisms protect sensitive data
• Regular security audits and monitoring
• Employee access is limited on a need-to-know basis

6. Cookies and Tracking Technologies

6.1 Types of Cookies We Use

• Essential Cookies: Required for authentication and basic functionality
• Preference Cookies: Remember your language and location settings
• Analytics Cookies: Help us understand how users interact with our Service
• Performance Cookies: Monitor and improve website performance

6.2 Local Storage

We use browser local storage to cache user preferences, city search analytics (for improving recommendations), and temporary session data to enhance your experience.

6.3 Managing Cookies

You can control cookies through your browser settings. However, disabling certain cookies may limit functionality of our Service.

7. International Users and Data Transfers

Our Service is operated from the United States. If you are accessing our Service from outside the United States, please be aware that your information may be transferred to, stored, and processed in the United States and other countries where our service providers operate.

By using our Service, you consent to the transfer of your information to countries that may have different data protection laws than your country of residence.

7.1 European Union Users (GDPR)

If you are in the European Union, you have additional rights under the General Data Protection Regulation (GDPR), including the right to access, rectify, erase, restrict processing, data portability, and object to processing of your personal data.

8. Your Rights and Choices

8.1 Account Management

• Access: Review and update your account information at any time
• Correction: Correct inaccurate or incomplete information
• Deletion: Request deletion of your account and associated data
• Download: Request a copy of your personal data

8.2 Communication Preferences

• Opt out of marketing communications
• Manage notification preferences in your account settings
• Unsubscribe from emails using the link provided

8.3 Data Portability

You can request a copy of your data in a structured, machine-readable format. Contact us at privacy@spotly.com to make this request.

9. Data Retention

• Active Accounts: We retain your data while your account is active
• Deleted Accounts: Data is deleted within 30 days of account deletion, except where required for legal compliance
• Inactive Accounts: Accounts inactive for 2+ years may be subject to deletion after notice
• Financial Records: Transaction data may be retained longer for tax and legal compliance
• Legal Holds: Data subject to legal proceedings or investigations may be retained as required

10. Children's Privacy

Our Service is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately.

11. Third-Party Links and Services

Our Service may contain links to third-party websites or services that are not owned or controlled by us. We are not responsible for the privacy practices of these third parties. We encourage you to review their privacy policies.

11.1 Integrated Services

• Google Services: Maps, OAuth authentication (subject to Google's Privacy Policy)
• Facebook/Meta: OAuth authentication (subject to Facebook's Data Policy)
• Apple: OAuth authentication (subject to Apple's Privacy Policy)
• Cloudinary: Image hosting and processing (subject to Cloudinary's Privacy Policy)

12. Changes to This Privacy Policy

We may update this Privacy Policy from time to time. We will notify you of any changes by:

• Posting the new Privacy Policy on this page
• Updating the "Last updated" date
• Sending email notification for material changes
• Providing in-app notifications

Your continued use of our Service after changes become effective constitutes acceptance of the revised policy.

13. Legal Basis for Processing (GDPR)

For users in the European Union, we process your personal data based on the following legal grounds:

• Contract Performance: Processing necessary to provide our services
• Legitimate Interest: Improving our services, security, and fraud prevention
• Legal Compliance: Meeting regulatory and legal requirements
• Consent: Marketing communications and optional features

14. Contact Us

If you have any questions, concerns, or requests regarding this Privacy Policy or our data practices, please contact us:

For EU residents: You also have the right to lodge a complaint with your local data protection authority if you believe we have not adequately addressed your concerns.