Privacy Policy
Effective date: 09 January 2026
This Privacy Policy explains how Spotboard ("we", "us", or "our") processes your personal data when you use our services and website (the "Service"). It is intended to meet the requirements of the UK General Data Protection Regulation (UK GDPR) and the Data Protection Act 2018.
Who we are (Data Controller)
Spotboard is the data controller for the Service. If you have questions about this Policy or our data practices, please contact us at:
- Controller: Spotboard
- Contact email: [Insert privacy contact email]
- Postal address: [Insert registered/business address]
- ICO registration number (if applicable): [Insert ICO number]
What data we collect
We collect and process only what is necessary to operate the Service:
- Account data: your email address to authenticate you and provide access to your account.
- Authentication data: password you enter at sign-in (processed to authenticate; we do not store your password in cookies).
- Technical data: basic device, browser, and network information automatically supplied by your browser and our systems when you access the Service (e.g., IP address, user agent, timestamps) for security and service operation.
- Cookies and similar technologies: see the Cookie Notice below.
Purposes and legal bases
- Provide and secure the Service (including signing in, session management, preventing fraud and misuse): necessary for the performance of a contract with you or to take steps at your request before entering into a contract (UK GDPR Art. 6(1)(b)), and our legitimate interests in operating a secure service (Art. 6(1)(f)).
- Remember Me (optional): if you choose the "Remember me" option and give consent to the Remember Me cookie, we store your email in a browser cookie to pre-fill the sign-in form on future visits. This processing is based on your consent (Art. 6(1)(a)). You can withdraw consent at any time—see Cookie Notice below.
- Legal obligations: we may process data to comply with applicable laws and regulations (Art. 6(1)(c)).
Cookie Notice
We use only necessary cookies for the site to function and a single optional behaviour cookie for the Remember Me feature. We do not use analytics or marketing cookies.
| Cookie | Purpose | Category | Legal basis | Duration | Provider |
|---|---|---|---|---|---|
csrftoken |
Helps protect forms against cross-site request forgery (CSRF). | Strictly necessary | Art. 6(1)(b)/(f) | Up to 1 year (typical) | Spotboard |
sessionid |
Maintains your logged-in session. | Strictly necessary | Art. 6(1)(b) | Session (until you sign out or close browser) | Spotboard |
sb_cookie_consent |
Stores your cookie consent choice ("necessary" or "remember"). | Preference (strictly necessary to honour your choice) | Art. 6(1)(c)/(f) | Up to 180 days | Spotboard |
sb_remember_email |
If you opt in, stores your email to pre-fill the sign-in form. | Optional (Remember Me) | Consent — Art. 6(1)(a) | Up to 180 days | Spotboard |
You can change your cookie preference at any time by using the consent banner that appears when no choice has been made, or by clearing the consent cookie in your browser settings (which will make the banner reappear). If you withdraw consent for the Remember Me cookie, we will remove the stored email cookie.
Sharing and transfers
We do not sell your personal data. We may share data with service providers who act on our behalf (e.g., hosting/infrastructure) under appropriate contracts. If personal data is transferred outside the UK, we will ensure appropriate safeguards are in place (e.g., UK International Data Transfer Agreement or Standard Contractual Clauses).
Data retention
- Account and authentication data: retained while your account is active and for a reasonable period thereafter as required for our legitimate business needs and legal obligations.
- Session data: retained for the duration of your session.
- Remember Me cookie: up to 180 days or until you withdraw consent or clear cookies.
- Logs and security data: retained for a limited period necessary for security and troubleshooting.
Your rights
Under the UK GDPR, you have rights including to request access, rectification, erasure, restriction, and portability of your personal data, and to object to processing where our legal basis is legitimate interests. Where processing is based on consent, you may withdraw your consent at any time.
To exercise your rights, please contact us using the details above. We may need to verify your identity before fulfilling your request.
Complaints
If you have concerns about our use of your personal data, you can contact us. You also have the right to lodge a complaint with the UK Information Commissioner’s Office (ICO):
- https://ico.org.uk/make-a-complaint/
- ICO Helpline: 0303 123 1113
- Information Commissioner’s Office, Wycliffe House, Water Lane, Wilmslow, Cheshire, SK9 5AF, United Kingdom
Children
Our Service is not directed to children under 13. If you believe a child has provided us with personal data, please contact us and we will take appropriate steps.
Security
We implement appropriate technical and organisational measures to protect personal data. No method of transmission or storage is completely secure; if we become aware of a personal data breach that is likely to result in a risk to your rights and freedoms, we will notify you and the relevant authorities where required by law.
Changes to this Policy
We may update this Policy from time to time. We will post the updated version on this page and update the effective date above. If changes are material, we will take additional steps to inform you where required by law.