Privacy Policy

Last updated: April 2026

Futuris Partners Pty Ltd (“we”, “us”, “our”) operates Spoogle (“the Service”). This Privacy Policy explains what information we collect, how we use it, who we share it with, and what rights you have over your data.

We take your privacy seriously. We only collect data necessary to provide the Service, and we never sell your personal information.

1. Information We Collect2. How We Use Your Information3. Third-Party Services4. Data Storage and Security5. HubSpot Data Access6. Page Content Processing7. Your Rights8. Cookies and Tracking9. Children's Privacy10. Data Retention11. International Data Transfers12. Changes to This Policy13. Contact

1. Information We Collect

Account information:

  • Email address
  • Password (encrypted)
  • Authentication provider information (if you sign in with Google)

Business profile information:

  • Company name, website URL, industry
  • Product or service descriptions
  • Target audience description
  • Company description, founded year, location
  • Social media profile URLs (LinkedIn, Twitter, Facebook, YouTube)
  • Logo URL

Website and schema data:

  • Domains you add to your account
  • URLs discovered during crawls
  • Page titles, paths, and categorisation
  • Generated schema markup (JSON-LD)
  • Quality scores and generation history

Payment information:

  • Stripe customer ID and payment history
  • Credit pack purchase records and balance
  • We do not store full payment card details — Stripe handles all payment processing

HubSpot connection data (if connected):

  • HubSpot portal ID and portal name
  • Encrypted OAuth access and refresh tokens
  • Associated domain names
  • Deployment history

Usage data:

  • Log data (IP address, browser type, pages visited, actions taken)
  • Performance and error data
  • Analytics via Google Analytics and PostHog

Communications:

  • Messages you send via the contact form
  • Support requests and correspondence

2. How We Use Your Information

We use collected information to:

  • Provide and operate the Service (authenticate you, generate schema, process payments, deploy to HubSpot)
  • Personalise schema generation using your business profile
  • Improve the Service (identify bugs, measure performance, refine features)
  • Communicate with you about your account, service updates, and support
  • Prevent fraud, abuse, and security incidents
  • Comply with legal obligations

We do not use your business profile, website content, or generated schema for training AI models. Your data is used only to deliver the Service to you.

3. Third-Party Services

Spoogle relies on the following third-party services to operate. These services process your data on our behalf, subject to their own privacy policies:

Supabase — authentication, database, and storage infrastructure. Stores your account, business profile, URLs, schemas, and credit history.

Stripe — payment processing. Handles credit pack purchases. We receive a customer ID and transaction metadata; Stripe holds your payment details.

Vercel — hosting and deployment. Processes web requests and serves the application.

Firecrawl — website scraping service. When you trigger a crawl, Firecrawl fetches publicly accessible content from the URL. Content is passed to us in-memory and not retained by Firecrawl beyond the session.

OpenRouter and Anthropic — LLM inference. Generated schema requests (containing your business profile and page content) are sent to Claude models via OpenRouter. Content is processed to generate schema and is not retained for training.

HubSpot (if you connect your account) — CMS integration. Spoogle reads CMS page metadata and writes schema to the headHtml field. No other HubSpot data is accessed.

Google Analytics — website analytics. Tracks aggregate usage patterns to help us improve the Service.

PostHog — product analytics. Tracks feature usage and user journeys to help us improve the product.

Google OAuth (if you sign in with Google) — we receive your email and basic profile information via Google.

4. Data Storage and Security

Storage location:

  • Primary data is stored in Supabase infrastructure
  • Supabase operates from multiple regions; data is stored in the region closest to our infrastructure
  • Payment data is held by Stripe
  • Analytics data is held by Google Analytics and PostHog

Security measures:

  • All data is transmitted over HTTPS
  • Passwords are hashed and salted
  • HubSpot OAuth tokens are encrypted at rest using AES-256-GCM
  • Access to production infrastructure is restricted to authorised personnel
  • Row-level security (RLS) is enforced at the database level to prevent unauthorised access between accounts

No system is perfectly secure. While we take reasonable measures to protect your data, we cannot guarantee absolute security. If a data breach occurs that affects your personal information, we will notify you and relevant authorities as required by applicable law.

5. HubSpot Data Access

If you connect HubSpot to Spoogle, the following data is accessed:

What we access:

  • CMS page metadata (titles, URLs, page IDs) for landing pages, site pages, and blog posts
  • The headHtml field of CMS pages (read to detect existing schema, write to deploy new schema)
  • Portal identification information (portal ID, portal name, associated domains)

What we do NOT access:

  • Contact records
  • Deal or sales data
  • Marketing campaigns, emails, or workflows
  • CRM properties
  • Any data outside CMS pages

OAuth tokens are encrypted at rest. You can disconnect HubSpot at any time from your Spoogle account settings, which revokes all access.

6. Page Content Processing

When you trigger a crawl or schema generation, Firecrawl scrapes the publicly accessible content of the URL. This content is:

  • Processed in-memory to generate or grade schema
  • Passed to the LLM provider (Anthropic via OpenRouter) along with your business profile
  • Stored in our database as part of the generation log (for debugging, auditing, and your reference)
  • Not sold, shared, or used for any purpose outside the Service

Spoogle does not attempt to access content behind authentication, paywalls, or other access controls. You are responsible for ensuring you have the right to crawl and process the URLs you submit.

7. Your Rights

Depending on your jurisdiction, you have the following rights over your personal data:

  • Access — request a copy of the personal data we hold about you
  • Correction — request correction of inaccurate or incomplete data
  • Deletion — request deletion of your data (subject to legal retention requirements)
  • Portability — request your data in a structured, machine-readable format
  • Objection — object to processing of your data for certain purposes
  • Restriction — request we limit how we process your data
  • Withdrawal of consent — withdraw consent for processing based on consent

To exercise any of these rights, contact blake@futurispartners.com.au. We will respond within 30 days.

You can also:

  • Edit your business profile directly in the Service at any time
  • Disconnect HubSpot from your account settings
  • Delete your account from account settings, which triggers a 30-day soft-delete followed by permanent deletion

8. Cookies and Tracking

Spoogle uses cookies and similar technologies for:

Essential cookies — authentication session, security, and core functionality. These cannot be disabled.

Analytics cookies — Google Analytics and PostHog track usage patterns to help us improve the Service. These collect information about how you use Spoogle (pages visited, features used, time spent), not personally identifiable information by default.

Third-party cookies — Stripe, HubSpot OAuth, and Google OAuth may set cookies during their respective flows.

You can control cookies through your browser settings. Disabling essential cookies may prevent the Service from functioning correctly.

9. Children's Privacy

Spoogle is not directed at or intended for children under the age of 16. We do not knowingly collect personal information from children. If you believe a child has provided information to us, contact blake@futurispartners.com.au and we will delete it.

10. Data Retention

  • Active accounts: Data is retained as long as your account is active
  • Deleted accounts: Data enters a 30-day soft-delete period, after which it is permanently removed
  • Financial records: Retained for 7 years to comply with tax and accounting obligations
  • Analytics data: Retained in accordance with Google Analytics and PostHog defaults (typically 14 months for GA)
  • Support communications: Retained for 2 years

11. International Data Transfers

Spoogle is operated by Futuris Partners Pty Ltd in Australia. Your data may be transferred to, stored in, and processed in countries outside your country of residence, including the United States (where several of our third-party services operate).

Where data is transferred internationally, we rely on standard contractual clauses, adequacy decisions, or other legally recognised safeguards to ensure appropriate protection.

12. Changes to This Policy

We may update this Privacy Policy from time to time. When we do:

  • We will update the “Last updated” date at the top
  • Material changes will be communicated via email or in-app notice
  • Continued use of the Service after changes constitutes acceptance

If you do not agree to the updated policy, you may delete your account.

13. Contact

For privacy-related questions, data requests, or complaints, contact:

Futuris Partners Pty Ltd
Email: blake@futurispartners.com.au

If you are in Australia and believe we have not addressed your concerns adequately, you may contact the Office of the Australian Information Commissioner.

If you are in the European Union or United Kingdom, you may contact your local data protection authority.

By using Spoogle, you acknowledge that you have read and understood this Privacy Policy.