Spanify privacy policy

Effective date: 9 February 2026 · Version: 1.0

This Privacy Policy explains how SPANIFY LIMITED (“Spanify”, “we”, “us”) collects, uses, shares, and keeps personal data when you use our app, website, and related services (the “Service”).

We provide this information because people have the right to understand what happens to their data, including why we use it, who we share it with, and how long we keep it.

1) Who we are

Controller: SPANIFY LIMITED
Company number: 16788776
Registered office: Studio 73, 27 St. Anns Road, London, England, W11 4ST
Email (support + privacy requests): info@spanify.co

UK data protection fee reference (ICO): C1875290

We do not currently appoint a Data Protection Officer.

2) Age limits

If you are in the UK, you must be at least 13 to use the Service.

If you are in the EEA (EU/EEA), you must be at least 16.

If you are outside the UK and the EEA, you must be at least 16.

We do not knowingly collect personal data from people below the minimum age for their location. If we learn someone is underage, we may close the account and delete associated data.

If you offer an online service to UK children and rely on consent for certain processing, extra rules apply for under-13s.

3) What data we collect

A) Account and profile data

  • Email address
  • Password (stored in hashed form)
  • Internal user ID
  • Time zone and basic account settings
  • Community profile details (if enabled), such as display name and short bio

B) Device and technical data

  • IP address (for security, fraud prevention, and debugging)
  • Device and app information (such as device model, OS version, app version, language)
  • A device/app instance identifier (used for analytics and debugging)

C) Usage and product data

  • Onboarding progress (for example, onboarding started/completed)
  • Focus sessions and related events (for example, session started/completed, planned vs actual duration, interruptions, streaks)
  • Training usage (for example, training started/completed)
  • Notifications (for example, scheduled/sent/opened)

D) Blocker data (where enabled)

The list of apps/sites you choose to block, stored for syncing across your devices. Current payload: package name, app name, app icon data.

Blocker status and permissions state (for example, whether the blocker is enabled and whether required permissions are present)

We may access installed-app information on Android so you can choose what to block. We do not store your full installed-app list on our servers.

E) AI coaching data (where enabled)

The messages you send in AI chat and the responses you receive

Metadata such as model/version, message counts, token counts, and feedback (where implemented)

Do not share sensitive information in AI chat (for example health details, government IDs, banking details).

F) Payments and subscription data

If you subscribe through Apple App Store or Google Play, billing is handled by the store. We receive subscription status signals needed to unlock paid features (for example, whether your subscription is active, renewal status, and purchase/restore results).

G) Support and communications

  • Messages you send to support (email or in-app)
  • Logs we need to investigate issues you report

4) What we do not collect (at launch)

At launch we do not collect:

  • Your camera, microphone, photos, or videos (unless we add a feature that clearly needs it)
  • Your browsing history or keystrokes
  • The content of other apps on your device

If we add features that change this, we will update this policy and, where required, ask for permission in the app.

5) Why we use your data and our lawful bases

Data protection law requires us to explain the purpose and the legal basis for processing.

We use personal data for:

A) Provide and run the Service (contract)

  • Create and manage your account
  • Run focus sessions, training, blocker features, community features, and AI coaching features
  • Sync your settings across devices

B) Security and abuse prevention (legitimate interests, and sometimes legal obligation)

  • Protect accounts from unauthorised access
  • Detect and prevent abuse, fraud, and attacks
  • Maintain logs for incident investigation

C) Improve the Service (legitimate interests)

  • Understand which features are used
  • Fix bugs and improve reliability
  • Measure performance of onboarding and features

You can switch off product analytics in Settings (see Section 7).

D) Support (contract or legitimate interests)

  • Respond to support requests
  • Debug issues and provide help

E) Legal and compliance (legal obligation)

  • Respond to lawful requests and legal claims
  • Meet regulatory and compliance duties when they apply

6) Who we share data with

We share personal data with service providers that help us run the Service:

  • Cloud hosting: AWS (London, UK) for our backend and databases
  • Analytics and crash reporting: Firebase services (Google) (for app analytics, crash reporting, and configuration)
  • AI providers: OpenAI, Google (Gemini), Anthropic (Claude), called directly via their APIs for AI coaching features
  • App stores: Apple and Google for in-app purchases and subscription management
  • Support tooling: tools used to manage support requests (if used)

We do not sell your personal data.

7) Analytics controls (opt-out)

We use product analytics to understand how the Service is used and to improve it. You can opt out:

Settings → Privacy → Share usage analytics (default ON)

If you turn this OFF, we stop sending product analytics events from that device going forward.

Even if you opt out, we may still process limited data that is required to run the Service (for example, account login, subscription status, security logs, and support-related logs).

8) Cookies and similar technologies

Our website and app may use cookies and similar technologies (including SDKs) that store or access information on your device. Under UK rules, these technologies are regulated under PECR.

Where consent is required for non-essential cookies or similar technologies, we will request it through appropriate controls (for example, a cookie banner on the website or an in-app control).

9) International transfers

Some of our service providers are outside the UK/EEA, or may access data from outside the UK/EEA (for example, AI providers). When personal data is transferred internationally, we use safeguards required by law (for example, standard contractual clauses and related UK mechanisms where applicable).

10) How long we keep data

We keep personal data for as long as needed for the purposes in this policy, then delete it or anonymise it.

AI chat retention

AI chat content is retained for 30 days by default.

If you delete chat history, messages are deleted immediately from our active systems.

Deleted messages are removed from backups as backups rotate (typically within about 30 days).

Account deletion

If you delete your account, we delete personal data from active systems and remove it from backups as backups rotate (typically within about 30 days), unless we must keep limited information longer for legal or security reasons.

Logs

Security and server logs (including IP addresses) are kept for a limited period and then deleted, unless needed to investigate abuse or incidents.

11) Your rights

Depending on your location, you may have rights including:

  • access to your personal data
  • correction of inaccurate data
  • deletion of your data
  • restriction of processing
  • objection to processing
  • data portability
  • withdrawal of consent (where we rely on consent)

Privacy notices should tell people which rights they have and how to exercise them.

To exercise your rights, contact info@spanify.co. We may need to verify your identity.

12) Automated decision-making

We do not make decisions that have legal or similarly significant effects on you using automated processing. AI coaching is suggestions only.

13) Security

We use security measures designed to protect personal data, including access controls and encrypted connections for data in transit. Only authorised staff and contractors can access production systems where access is needed for their role.

No system is perfectly secure. If we learn of a security breach that affects your personal data, we will take steps required by law.

14) Complaints

If you have concerns, contact us first at info@spanify.co.

If you are in the UK, you can also complain to the Information Commissioner’s Office (ICO). If you are in the EEA, you can complain to your local data protection authority.

15) Changes to this policy

We may update this Privacy Policy. If changes are material, we will notify you in-app and/or by email. Continued use of the Service after the effective date means you accept the updated policy.