%22%2F%3E%0A%3C%2Fg%3E%0A%3C%2Fsvg%3E%0A)
PRIVACY POLICY
Last Updated: November 12, 2025
This Privacy Policy describes how Wordspace.io, LLC ("Wordspace.io," "we," "our," or "us") collects, uses, stores, and protects personal and non-personal information in connection with our website (wordspace.io), application (app.wordspace.io), and related software and services (collectively, the "Service"). By using the Service, you consent to the practices described in this Policy.
1. OVERVIEW
Wordspace.io values your privacy and is committed to handling your information responsibly. This Policy explains what data we collect, how it is used, who may access it, and your rights under applicable laws such as the General Data Protection Regulation (EU) 2016/679 ("GDPR"), the UK GDPR, and the California Consumer Privacy Act of 2018 ("CCPA").
2. INFORMATION WE COLLECT
We collect information directly from you, automatically through your use of the Service, and from third parties where permitted.
2.1 Account and Contact Information
- Name, email address, workspace or company name, and authentication credentials (including Google SSO identifiers).
- Communication records such as customer-support inquiries and issue reports.
2.2 Service and Usage Data
- Shortened URLs, QR codes, redirects, analytics metrics (scan counts, device types, geolocation, IP address, timestamps), and UTM parameters.
- Uploaded content including logos and brand imagery used for QR code customization.
- Performance, diagnostic, and interaction data generated by your use of the platform.
2.3 Cookies and Tracking Technologies
- Cookies, tracking pixels, and similar identifiers are used on wordspace.io and app.wordspace.io to authenticate sessions, measure performance, and deliver analytics.
- You may adjust browser settings to reject or delete cookies, though certain functionality may be limited.
2.4 Third-Party Data
- Information received from identity providers (e.g., Google) when you authenticate using external credentials.
- Publicly available data associated with your account domain or IP address for fraud prevention and security purposes.
Wordspace.io does not collect or store payment card numbers or sensitive billing information; all payments are handled by Stripe, subject to its own privacy policy at https://stripe.com/privacy.
3. HOW WE USE INFORMATION
We process information for the following purposes:
- To provide, maintain, and improve the Service.
- To authenticate users and manage Accounts.
- To generate analytics, insights, and aggregated usage metrics.
- To send operational notifications, updates, and support communications.
- To prevent abuse, enforce Terms of Service, and comply with law.
- To develop new features, including machine-learning and performance optimizations.
Aggregated or anonymized data may be used indefinitely for research and reporting.
4. LEGAL BASES FOR PROCESSING (GDPR)
Where GDPR applies, we rely on one or more of the following lawful bases:
- Contractual necessity: to deliver the Service you request.
- Legitimate interests: to operate, improve, and secure the platform.
- Legal obligation: to comply with applicable regulations or governmental requests.
- Consent: where required for non-essential cookies or marketing communications.
5. DATA RETENTION
Personal data is retained for as long as necessary to provide the Service, comply with obligations, resolve disputes, and enforce agreements. Aggregated and anonymized analytics may be retained indefinitely.
6. DISCLOSURE OF INFORMATION
Wordspace.io shares limited data with trusted third parties, referred to as "Subprocessors," to support the operation of its service.
| Category | Subprocessor / Partner | Purpose |
|---|---|---|
| Infrastructure | Cloudflare, Vercel, Railway | Hosting, content delivery, and network security |
| Data Storage & Auth | Supabase | Database and authentication |
| Payment Processing | Stripe | Subscription billing |
| Identity Services | SSO authentication | |
| Analytics | Grafana (self-hosted/custom) | Performance monitoring |
| Email Delivery | Email Service Providers (ESPs) | Transactional and marketing emails |
All subprocessors are bound by contractual data-protection obligations. Wordspace.io does not sell or rent personal data.
7. INTERNATIONAL DATA TRANSFERS
Data may be processed and stored in the United States or other countries where our subprocessors operate. For transfers from the European Economic Area, the United Kingdom, or Switzerland, we rely on Standard Contractual Clauses (EU Decision 2021/914) and the UK Addendum to ensure adequate protection.
8. SECURITY
Wordspace.io maintains administrative, technical, and physical safeguards designed to protect personal data against accidental or unlawful destruction, loss, alteration, unauthorized disclosure, or access. Measures include:
- Encryption in transit (TLS) and at rest.
- Network firewalls and intrusion detection.
- Access controls with multifactor authentication.
- Regular security assessments and vulnerability testing.
While no system is completely secure, we continually monitor and improve our security posture.
9. YOUR RIGHTS AND CHOICES
Depending on your jurisdiction, you may have the following rights:
- Access – request a copy of personal data held about you.
- Correction – request correction of inaccurate or incomplete data.
- Deletion – request deletion of personal data, subject to legal retention limits.
- Restriction – request restriction of processing in certain circumstances.
- Portability – request transfer of your data in a structured format.
- Objection – object to processing based on legitimate interests.
To exercise these rights, contact support@wordspace.io. We may verify your identity before fulfilling the request. Residents of California may designate an authorized agent to make requests under the CCPA.
10. CHILDREN'S PRIVACY
The Service is not intended for children under eighteen (18) years of age. Wordspace.io does not knowingly collect personal data from minors. If we become aware that such information has been collected, it will be promptly deleted.
11. THIRD-PARTY LINKS AND SERVICES
Our Service may contain links to or integrate with third-party websites or tools. Wordspace.io is not responsible for the content or privacy practices of those third parties. Users should review the applicable policies of each third-party service they engage with.
12. DATA BREACH NOTIFICATION
In the event of a personal-data breach likely to result in risk to individuals, Wordspace.io will notify affected users and relevant supervisory authorities as required by applicable law, describing the nature of the breach, likely consequences, and remedial actions taken.
13. DO NOT TRACK / COOKIE PREFERENCES
Wordspace.io does not currently respond to "Do Not Track" browser signals. Users can manage cookie preferences within their browser or device settings.
14. CHANGES TO THIS POLICY
We may revise this Privacy Policy from time to time. Material updates will be announced by reasonable means, including in-app notice or email. The "Last Updated" date above reflects the latest version. Continued use of the Service after any change constitutes acceptance of the revised Policy.
15. CONTACT INFORMATION
For questions, requests, or concerns regarding this Policy or our data-handling practices, please contact: