About Services Verification Center Security & Compliance Documentation Infrastructure Status Contact
Spinboss Protect  /  Privacy Policy
§ PP — Privacy Policy

Privacy Policy

This Privacy Policy describes how Spinboss Protect collects, processes, retains, and discloses personal data in connection with the operation of its legal communication and rights enforcement infrastructure.

EFFECTIVE · 2026-01-01 · VERSION 2.1

§ PR.01

Scope and Applicability

This Policy applies to the processing of personal data through the spinboss-protect.com domain, the Verification Center, the Documentation Center, the abuse intake channels, and the authenticated correspondence relays operated by Spinboss Protect.

Where regional frameworks impose stricter requirements — including the EU General Data Protection Regulation (GDPR), the UK GDPR, the California Consumer Privacy Act (CCPA), and applicable national equivalents — the stricter framework is applied.

§ PR.02

Categories of Personal Data

We process limited categories of personal data necessary for the operation of legal correspondence, including the names and email addresses of senders and recipients, content of correspondence necessary to substantiate or respond to a notice, technical identifiers such as message identifiers and reference codes, and metadata associated with the authentication and transport of communications.

We do not knowingly collect special categories of personal data unless such data is voluntarily provided in the body of an inbound notice or counter-notice and is necessary to the matter at hand.

§ PR.03

Lawful Basis for Processing

Processing is conducted under one or more of the following lawful bases: performance of a contract or pre-contractual measures, compliance with a legal obligation, the exercise or defence of legal claims, and the legitimate interests of Spinboss Protect or third parties in the proper administration of rights enforcement and abuse coordination.

Where processing is based on legitimate interest, a balancing assessment is recorded and is available to data subjects on request.

§ PR.04

Retention

Correspondence and reconciliation logs are retained for the duration of the matter to which they relate and for such additional period as is required by applicable law or as is necessary for the exercise or defence of legal claims, in no case exceeding the published maximum retention windows.

Operational telemetry logs are retained for a maximum of twenty-four (24) months unless required for an ongoing matter.

§ PR.05

Disclosure

We disclose personal data to counterparties only to the extent necessary to substantiate or respond to a notice. We may disclose personal data to law enforcement and competent authorities where required by law and proportionate to the request.

We do not sell or rent personal data, and we do not use personal data for behavioural advertising.

§ PR.06

Data Subject Rights

Subject to applicable law, data subjects may exercise rights of access, rectification, erasure, restriction, portability, and objection by writing to compliance@spinboss-protect.com. Identity will be verified before any substantive response is issued.

Where a right cannot be honoured because doing so would prejudice the exercise or defence of a legal claim, we will document the basis for the limitation and notify the data subject in writing.

§ PR.07

International Transfers

Where personal data is transferred outside the European Economic Area or other regulated regions, transfers are conducted under appropriate safeguards including Standard Contractual Clauses or equivalent mechanisms recognized by the receiving jurisdiction.

§ PR.08

Contact

Privacy queries are received at compliance@spinboss-protect.com. Complaints may also be lodged with the competent supervisory authority of the data subject's habitual residence.