/legal/privacy

Privacy Policy

last updated 2026-05-13

  1. 01

    Introduction

    Spanna ("we", "us", or "our") respects your privacy and is committed to protecting your personal data. This Privacy Policy explains how we collect, use, and safeguard information when you use Spanna's desktop application, web client, and website (collectively, "the Service").

  2. 02

    Information we collect

    • Account information: Email address, display name, and avatar when you create an account.
    • Usage analytics: Aggregated usage statistics such as feature usage frequency, session duration, and app version. On the desktop app you are asked at first launch and analytics are off until you opt in. On the web client analytics are on by default and can be turned off from your account menu.
    • Session recordings (web only): We record interaction sessions in PostHog with all text values and input fields masked at the source. We see clicks, scrolls, and navigation — never typed content.
    • Crash reports: Diagnostic data when the application encounters an error. Off by default on desktop until you opt in. Native crash dumps written by the desktop OS stay on your machine and are never uploaded.
    • Payment information: Billing details are processed securely by Paddle. We do not store your full credit card number.
    • Workspace metadata: Connection names, connection organisation, saved query metadata, and related settings used to power workspace features.
    • Encrypted credential material: When vault-backed storage is used, credential material is stored in encrypted form for local or cloud-backed workspace access.
    • Hashed source IP: We SHA-256 hash and store the source IP of telemetry submissions for abuse detection. The original IP is not retained.
    • Visitor attribution: On first visit to the marketing site we record UTM parameters, the page you landed on, and a randomly-generated visitor ID, so we can understand which campaigns and content lead to signups.
    • Device telemetry properties: App version, OS family, architecture, and a per-install identifier are attached to telemetry events when telemetry is enabled.
    • Feedback submissions: When you send feedback from the desktop app we receive your message, your optional email address, and (only if you tick the box) a diagnostics blob.
  3. 03

    Information we do not collect

    Spanna does not market database-content storage or retention as part of the Service. Desktop connects directly to your database. Browser-client requests are proxied through Spanna infrastructure to support browser access and are not described as a retained product data store, except for limited operational and aggregate audit metadata such as operation type, duration, and status.

  4. 04

    How we use your information

    • To provide, maintain, and improve the Service.
    • To process payments and manage subscriptions.
    • To send transactional emails (account verification, password resets).
    • To diagnose bugs and improve stability (via opt-in crash reports).
    • To understand usage patterns and prioritise features (via opt-in analytics).
  5. 05

    Cloud Vault & encryption

    Spanna supports local desktop use with no account at all. When you create a Free account, encrypted saved connections and connection folders can sync across signed-in desktop installs. Pro uses the same encrypted account workspace for the browser client and adds saved queries, settings, and higher limits.

  6. 06

    Data sharing

    We do not sell, trade, or rent your personal information. We share data with the following processors strictly to operate the Service:

    • Supabase (EU region): Database, authentication, file storage, and edge functions.
    • Paddle: Subscription payment processing — merchant of record.
    • PostHog (EU region): Product analytics and masked session recordings on the web client.
    • Google Tag Manager and Google Ads: Conversion tracking on the marketing site (spanna.app).
    • Plausible: Cookieless page-view analytics on the marketing site.
    • Loops: Transactional email (verification, password reset) and lifecycle email.
    • HelpScout: In-app support beacon.
    • Cloudflare Turnstile: Bot-protection on signup.
    • Law enforcement: When required by law or to protect our legal rights.
  7. 07

    Data retention

    We retain your account data for as long as your account is active. If you delete your account, the cascade-delete in our database removes your personal data immediately. Backup snapshots held by our hosting provider are purged on their own rolling schedule. Aggregated analytics data may be retained indefinitely.

  8. 08

    Cookies

    Spanna's website and web client use essential cookies for authentication and session management. The marketing site additionally loads Google Tag Manager and Google Ads, which set advertising and conversion cookies, and PostHog, which sets identifier cookies for product analytics. Plausible is cookieless. The web client itself loads only the cookies needed to keep you signed in.

  9. 09

    Your rights

    Depending on your jurisdiction, you may have the right to:

    • Access the personal data we hold about you.
    • Request correction or deletion of your personal data — account deletion is available in your account settings and runs immediately.
    • Object to or restrict processing of your data.
    • Request a copy of your data in a portable format — email hello@spanna.app and we will arrange a manual export.
    • Withdraw consent for optional data collection (analytics, crash reports) at any time via Settings.
  10. 10

    Children's privacy

    The Service is not intended for users under the age of 16. We do not knowingly collect personal data from children under 16.

  11. 11

    Security

    We implement industry-standard security measures including encryption in transit (TLS), encryption at rest, and client-side encryption for sensitive data. However, no method of transmission or storage is 100% secure.

  12. 12

    Changes to this policy

    We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on this website with a revised "Last updated" date.

  13. 13

    Contact

    If you have questions about this Privacy Policy or wish to exercise your rights, contact us at hello@spanna.app.

❯ contact: hello@spanna.app