iSpot← Back

Privacy Policy

Last updated: 2026-06-01

iSpot ("we", "us") provides a workshop tool-location service. This policy explains what personal data we process, why, and your rights under the Swiss FADP and the EU GDPR.

Data we collect

  • Account data: full name, work email, hashed password, role (admin or collaborator).
  • Workshop content: company name, locations, tools, photos and descriptions you upload.
  • Usage data: tool consultation history (which tool was opened, when, by which user).
  • Authentication data: session tokens stored in your browser to keep you signed in.
  • Essential cookies and local storage required to operate the service.

Data controller

The data controller is iSpot Work. See our Legal Notice for the postal address and contact details.

Why we process your data

To provide the service, authenticate users, isolate company workspaces, secure access, and improve reliability. We do not sell your data and do not use it for advertising.

Legal basis

Performance of the contract (providing the service), our legitimate interest (security, abuse prevention), and your consent where required (non-essential cookies, if any).

Your rights (GDPR / FADP)

You may access, rectify, export, restrict, object to, or delete your personal data, and lodge a complaint with a supervisory authority. To exercise these rights, contact your workspace administrator or write to us via the Contact page.

Account deletion & data export

You can request deletion of your account and a copy of your personal data at any time via the Contact page. We respond within 30 days. Workspace content created by you may remain in the workspace owned by your company unless they request deletion.

Data location & retention

Data is hosted on EU/US infrastructure provided by our backend partner under appropriate safeguards (Standard Contractual Clauses). Data is retained for the lifetime of your workspace and deleted within 30 days of account closure, except where retention is required by law.

Subprocessors

We rely on the following subprocessors to deliver the service: Supabase (database, authentication, file storage; EU/US hosting under Standard Contractual Clauses), Cloudflare (edge hosting and DNS), and Paddle.com Market Limited (payment processing, billing, tax compliance and invoicing — acting as our Merchant of Record for all transactions). Additional technical subprocessors may be added; the current list is available on request via the Contact page.

Security

We apply industry-standard technical and organizational measures: encryption in transit, hashed passwords, row-level access control, role-based permissions and audit logs.

Cookies

We use strictly necessary cookies and browser storage for authentication and language preferences. No advertising or third-party tracking cookies are used.

Changes

We may update this policy. The latest version is always available on this page.

Contact

contact@ispot.work