Privacy policy
Last updated: 3 July 2026
This policy explains how SpooqW ("we", "us") — operated by Aretè Tecnologia, registered office in Belpasso (CT) 95032, Italy, VAT number IT05945010873 — processes personal data when you visit our website or use the SpooqW cloud platform. We process personal data as a controller in accordance with the EU General Data Protection Regulation (GDPR).
1. Data we collect
- Account data — email address, password (stored only as a salted hash), name, company, role and team size you provide at signup or in your profile.
- Billing data — subscription plan and invoicing details, processed by Stripe. We never see or store full card numbers.
- Usage data — actions inside the platform (pipelines created, runs launched) recorded in per-tenant audit logs, plus technical logs (IP address, browser type) kept for security.
- Support data — messages you send to our support and sales addresses.
2. Your pipeline data
Data you process through SpooqW pipelines (your databases, streams and lakehouse tables) is your data. We process it solely to operate the service on your instructions, acting as a processor. We never sell it, mine it or use it to train models. Connection credentials are encrypted at rest with AES-256-GCM.
3. Why we process personal data
- Contract (art. 6.1.b GDPR) — creating your account, running the service, billing, support.
- Legitimate interest (art. 6.1.f) — securing the platform, preventing abuse, improving the product.
- Consent (art. 6.1.a) — marketing communications, if you opt in at signup. You can withdraw at any time.
- Legal obligation (art. 6.1.c) — accounting and tax retention duties.
4. Processors and transfers
We share data only with processors needed to run the service: our cloud infrastructure provider, Stripe (payments), our transactional email provider, and Cloudflare (bot protection on signup). Where a processor is outside the EEA, transfers rely on adequacy decisions or Standard Contractual Clauses.
5. Retention
Account data is kept while your account is active and deleted or anonymised within 90 days of account deletion, except where the law requires longer retention (e.g. invoices). Security logs are kept up to 12 months.
6. Your rights
You may request access, rectification, erasure, restriction, portability, and object to processing, and lodge a complaint with your supervisory authority (in Italy, the Garante per la protezione dei dati personali). Write to privacy@spooqw.io — we answer within 30 days.
7. Changes
We will notify registered users by email of material changes to this policy before they take effect.