Privacy Policy

Last updated: 21 December 2025

Who we are

OSPEA ("we", "us", "our") provides a marketing and SEO software platform.

What this policy covers

This policy explains how we collect and use personal data when you:

  • visit our website,
  • sign up for an account, or
  • use our platform.

Personal data we collect

Website visitors

  • Analytics data (GA4): pages viewed, approximate location (country/city-level), device/browser information, referral source, and on-site interactions.
  • Technical data: IP address (processed by infrastructure providers for security and delivery), logs, and error diagnostics.

Users (accounts)

  • Account data: name, email address, authentication identifiers (e.g., via Clerk), workspace/team membership, and settings.
  • Support/enquiries: messages you send us, including via forms or email.

If you connect third-party services

If you connect services such as Google Search Console, we will access and store the minimum needed to provide the feature (e.g., connection tokens and reporting data). We will update this policy as these integrations go live.

Cookies

We use cookies for Google Analytics 4 only at present. See our Cookie Policy for details.

How we use your data (purposes)

We use personal data to:

  • operate and secure the website and platform,
  • provide and improve features,
  • understand how people use our site (analytics),
  • respond to enquiries and provide support,
  • prevent fraud/abuse and keep the service reliable.

Legal bases (UK GDPR / GDPR)

We rely on the following lawful bases:

  • Consent (Article 6(1)(a)) for analytics cookies (GA4). We only set analytics cookies if you consent (where required).
  • Contract (Article 6(1)(b)) to provide the service to you when you create an account and use the platform.
  • Legitimate interests (Article 6(1)(f)) for security, preventing abuse, and improving the service (balanced against your rights).
  • Legal obligation (Article 6(1)(c)) where we must comply with legal requirements.

How we share your data

We share data only with trusted service providers ("processors") to run OSPEA, such as:

  • Hosting/infrastructure (e.g., server/CDN providers),
  • Authentication (e.g., Clerk),
  • Analytics (Google Analytics 4),
  • Error monitoring (if enabled later, e.g., Sentry),
  • Email delivery/support tooling (if used).

We do not sell your personal data.

International transfers

Some providers may process data outside the UK/EEA. Where this happens, we rely on appropriate safeguards such as Standard Contractual Clauses and other measures required by UK/EEA law.

Data retention

We keep personal data only as long as needed:

  • Website analytics: typically up to 14–26 months (configurable).
  • Account data: for the duration of your account, then a limited period to meet legal/security obligations.
  • Logs/security data: short retention unless needed for incident investigation.

Your rights

If you are in the UK/EEA, you have rights to:

  • access your data,
  • correct inaccurate data,
  • delete your data,
  • restrict or object to processing,
  • portability (where applicable),
  • withdraw consent (for analytics cookies).

To exercise rights: email privacy@ospea.io

Complaints

If you are in the UK, you can complain to the ICO (Information Commissioner's Office). If you are in the EU, you can complain to your local supervisory authority.

Children

OSPEA is not intended for children and we do not knowingly collect data from children.

Changes to this policy

We may update this policy. If changes are significant, we will provide a notice on the website or in the app.