SpacDeskLegal
Privacy Policy
Last updated: 2026-05-04
SpacDesk respects your privacy. This policy explains what we collect, why we collect it, and how you can control it.
1. Information we collect
Account information. If you create an account, we collect your email address and (optionally) name through our authentication provider, Clerk. We do not store your password — Clerk handles credentials directly.
Billing information. If you subscribe to a paid plan, payment method details are collected and stored by our payment processor, Stripe. SpacDesk never sees your full card number.
Usage data. We log API requests (timestamp, endpoint, response code, IP-address hash) for rate-limiting, abuse-prevention, and quota enforcement. IP addresses are hashed with SHA-256 before storage.
Cookies. We use first-party cookies for session management and preference storage. We do not use third-party advertising or tracking cookies.
2. How we use your information
- Authenticate you and provide access to your subscription.
- Process payments and manage subscriptions.
- Enforce rate limits and prevent abuse.
- Send service-related communications (billing receipts, security alerts, account changes).
- Diagnose, debug, and improve the product.
3. How we share your information
We share data with the following providers, only as necessary to operate the service:
- Clerk — authentication.
- Stripe — payment processing.
- Cloudflare — DDoS protection and edge delivery.
We do not sell, rent, or share your personal information for marketing or advertising purposes.
4. Public SEC data
SpacDesk's core dataset consists of public filings retrieved from the SEC EDGAR system, plus derived analytics. This data describes public companies, not you. Nothing in your account or usage is ever cross-referenced with the public SPAC dataset.
5. Data retention
- Account records — retained while your account is active.
- API usage logs — retained 90 days for abuse-prevention, then aggregated and discarded.
- Billing records — retained 7 years for tax-compliance purposes.
6. Your rights
You can:
- Access your account information at
/account. - Export your data on request.
- Delete your account and associated data on request.
- Opt out of non-essential email by adjusting account settings.
To exercise any of these rights, contact [email protected].
7. Security
We use industry-standard security practices: TLS in transit, encrypted storage at rest, hashed credentials, and least-privilege access controls. No system is impervious — if we discover a breach affecting your data, we will notify you within 72 hours.
8. Changes
We may update this policy. Material changes will be announced via email and noted in the "Last updated" date above.
9. Contact
Questions? Email [email protected].