homepricingaboutcontact
Sign inSign up
Legal

Privacy Policy

Last updated: June 2026

This Privacy Policy explains how Spore collects, uses, shares, and protects personal data when you visit our website, create an account, and use the Spore platform. We are committed to handling personal data in line with the General Data Protection Regulation (GDPR) and applicable Estonian data protection law.

On this page

  • 1. Who We Are
  • 2. Scope of This Policy
  • 3. Our Role Controller and Processor
  • 4. Information We Collect
  • 5. How We Use Your Information
  • 6. Legal Basis for Processing
  • 7. Data Sharing and Subprocessors
  • 8. International Data Transfers
  • 9. Data Retention
  • 10. Security
  • 11. Your Rights
  • 12. Customer Content and Data Subject Requests
  • 13. Children
  • 14. Changes to This Policy
  • 15. Contact Us

1. Who We Are

Spore is operated by:

Sporenet OÜ (operating as Spore)

Erika tn 14, Põhja-Tallinna linnaosa

10416 Tallinn, Harju maakond

Estonia

Registry code: 16686175

Email: info@netspore.ee

For the personal data described in this policy, Sporenet OÜ is the data controller unless stated otherwise in Section 3.

2. Scope of This Policy

This policy applies to:

  • Visitors to our marketing website
  • People who sign up for and use a Spore account, including team members invited to an organization
  • People who contact us for sales or support

It does not govern how our customers use the platform to process data about their own contacts and leads. For that data, our customer is the controller and we act as their processor — see Section 3.

3. Our Role Controller and Processor

Spore is a self-serve platform for data enrichment, lead research, and outreach workflows. Our relationship to personal data depends on the type of data:

  • We are the controller for account, billing, and usage data — the information needed to create your account, operate the platform, take payment, and improve the service.
  • We are a processor for the contacts, leads, and other records you upload, import, or enrich through the platform ("Customer Content"). You decide what data to process and for what purpose; we process it on your documented instructions to provide the service. As the controller of Customer Content, you are responsible for having a lawful basis for that processing and for responding to the rights requests of the individuals it concerns.

Processing of Customer Content is governed by our Data Processing Agreement, which forms part of our Terms of Service.

4. Information We Collect

4.1 Information You Provide

When you sign up, contact us, or use the platform, we collect:

  • Account data: name, email address, password (stored hashed), and organization name
  • Profile and team data: your role within an organization and invitations you send or receive
  • Billing data: plan selection and billing details. Card payments are processed by Stripe; we do not store full card numbers.
  • Support and sales data: the contents of messages you send us

4.2 Information We Collect Automatically

When you use the platform we automatically collect:

  • Log and device information: IP address, browser type, operating system, access times, and pages or features viewed
  • Product analytics: how you navigate and use the platform, collected through PostHog (EU-hosted). Optional analytics tracking on our marketing site is activated only after you consent via our cookie banner.
  • Cookies and similar technologies: as described in our Cookie Policy

4.3 Customer Content

When you upload, import, or enrich records, the platform processes the personal data contained in those records (for example, business contact names, email addresses, job titles, and company details). We process this Customer Content as your processor, as described in Section 3.

5. How We Use Your Information

As controller, we use account, billing, and usage data to:

  • Provide, maintain, secure, and improve the platform
  • Authenticate you and protect against fraud and abuse
  • Process transactions, manage credits, and send related billing information
  • Provide customer support and respond to your requests
  • Send service and security notices, and — where permitted — product updates
  • Monitor and analyze usage trends to improve features and performance
  • Comply with our legal obligations

6. Legal Basis for Processing

Under GDPR, we rely on the following legal bases for processing data where we are the controller:

  • Contractual necessity (Article 6(1)(b)): to create and operate your account and deliver the platform you have signed up for
  • Legitimate interests (Article 6(1)(f)): to secure the platform, prevent abuse, understand product usage, and communicate with business customers. We balance these interests against your rights and you may object at any time.
  • Consent (Article 6(1)(a)): for optional analytics cookies and any marketing emails. You may withdraw consent at any time.
  • Legal obligation (Article 6(1)(c)): to meet accounting, tax, and other legal requirements

7. Data Sharing and Subprocessors

We do not sell your personal data. We share data only with service providers ("subprocessors") who process it on our behalf under appropriate data processing agreements, and where required by law. Our key subprocessors include:

  • Stripe — payment processing
  • PostHog (EU-hosted) — product analytics
  • Resend — transactional email delivery
  • Vercel — application hosting and delivery
  • Amazon Web Services (AWS) — file and image storage
  • Cloudflare — bot protection (Turnstile) and content delivery
  • Google — authentication (Google sign-in) and AI model processing
  • OpenAI — AI model processing for in-product AI features

We may also disclose data when required by law, court order, or to protect our legal rights, and in connection with a merger, acquisition, or sale of assets (with notice where required).

8. International Data Transfers

We aim to keep personal data within the European Economic Area (EEA) wherever possible. Some subprocessors operate outside the EEA. When we transfer data internationally, we rely on appropriate safeguards under GDPR Chapter V, including:

  • Standard Contractual Clauses approved by the European Commission
  • Adequacy decisions where applicable
  • Other legally recognized transfer mechanisms

9. Data Retention

We retain personal data only as long as necessary for the purposes described in this policy:

  • Account data: for the life of your account and deleted within 90 days after account closure, unless a longer period is required by law
  • Customer Content: processed for as long as you keep it in the platform; deleted in line with your instructions and within 90 days after account closure
  • Billing and financial records: as required by Estonian accounting and tax law (typically 7 years)
  • Analytics data: retained in aggregated or pseudonymized form
  • Support and sales communications: up to 24 months after the last contact

After the applicable period, data is securely deleted or anonymized.

10. Security

We take appropriate technical and organizational measures to protect personal data against loss, misuse, and unauthorized access, including encryption in transit, hashed credentials, access controls, and least-privilege practices. No method of transmission or storage is completely secure, but we work to protect your data and to respond promptly to any incident.

11. Your Rights

Under GDPR you have the following rights regarding personal data we hold about you as controller:

  • Access (Article 15): request a copy of your personal data
  • Rectification (Article 16): request correction of inaccurate or incomplete data
  • Erasure (Article 17): request deletion of your personal data
  • Restriction (Article 18): request that we limit how we use your data
  • Portability (Article 20): receive your data in a structured, machine-readable format
  • Objection (Article 21): object to processing based on legitimate interests
  • Withdraw consent: where processing is based on consent

To exercise any of these rights, contact us at info@netspore.ee. We will respond within one month, as required by GDPR. You also have the right to lodge a complaint with the Estonian Data Protection Inspectorate (Andmekaitse Inspektsioon) or your local supervisory authority.

12. Customer Content and Data Subject Requests

If you are an individual whose personal data has been uploaded or processed by one of our customers through the platform, that customer is the controller of your data. Please direct access, correction, or deletion requests to them.

If you contact us directly, we will forward your request to the relevant customer and provide reasonable assistance, but the customer bears primary responsibility for responding as the controller.

13. Children

The platform is intended for business use and is not directed to individuals under 16. We do not knowingly collect personal data from children. If you believe a child has provided us personal data, contact us and we will delete it.

14. Changes to This Policy

We may update this Privacy Policy from time to time. We will post the updated version on this page with a revised "Last updated" date and, for material changes, provide additional notice where required. We encourage you to review this policy periodically.

15. Contact Us

If you have any questions about this Privacy Policy or how we handle personal data, contact us at:

Email: info@netspore.ee

Address: Sporenet OÜ, Erika tn 14, 10416 Tallinn, Estonia

B2B lead intelligence built on official government company registers. Primary-source records, synced weekly, with AI enrichment layered on top.

The B2B lead generation agency behind Spore. We research your market, enrich it with AI, and hand it back ready for outreach.

Product

  • source
  • workflow
  • pricing

Company

  • about
  • contact

Resources

  • faq

Legal

  • privacy
  • terms
  • cookies
© 2026 Sporenet OÜ
  • inLinkedIn