Privacy Policy

Last updated: 1 February 2026

  1. WHO WE ARE

Spinal Technology Ltd is a company registered in England and Wales. We operate the platform at withspinal.com and provide AI-powered accounts receivable automation services. We are the data controller for personal data processed through our platform.


This Privacy Policy explains what personal data we collect, why we collect it, how we use it, and what rights you have. It applies to our website, platform, and services.


  1. WHAT DATA WE COLLECT

Information you provide directly

• Account registration details (name, email address, business name, job title)

• Contact form submissions and support requests

• Documents and data you upload to the platform (contracts, invoices, financial records)

• Communication content when you contact us


Information collected automatically

• Usage data and interaction logs (pages visited, features used, timestamps)

• Device and browser information (IP address, browser type, operating system)

• Session and authentication tokens

• Performance and error data


Information from third parties

• Identity verification data from our authentication provider

• Integration data where you connect third-party accounting or ERP systems

• Publicly available business information


  1. HOW WE USE YOUR DATA

Purpose - Legal Basis

Providing and operating the platform - Contract performance

Account creation and management - Contract performance

Processing invoices and financial documents - Contract performance

Customer support and communications - Contract performance / Legitimate interests

Security monitoring and fraud prevention - Legitimate interests

Platform analytics and improvement - Legitimate interests

Legal compliance and regulatory obligations - Legal obligation

Marketing communications (with consent) - Consent


  1. DATA SHARING

We do not sell your personal data. We may share data with carefully selected service providers including cloud infrastructure, payment processors, AI and ML providers, support tools, and analytics platforms. All providers are contractually bound to process data only on our instructions.


Your data may be transferred outside the UK and EEA. Where this occurs, we ensure appropriate safeguards are in place, such as Standard Contractual Clauses or adequacy decisions.


We may also disclose data where required by law or court order.


  1. DATA RETENTION

We retain your personal data for as long as your account is active or as needed to provide services. After account closure, we retain data for up to 7 years to comply with legal, tax, and regulatory obligations. Usage logs and analytics data are retained for 24 months.


  1. YOUR RIGHTS

Under UK GDPR and the Data Protection Act 2018, you have the right to: access your personal data, rectify inaccurate data, erase your data (right to be forgotten), restrict processing, data portability, object to processing, and withdraw consent.


To exercise any of these rights, contact us at privacy@withspinal.com. We will respond within 30 days.


  1. COOKIES AND TRACKING

We use essential cookies for authentication and security. We use analytics cookies to understand how users interact with our platform. You can manage cookie preferences through your browser settings.


  1. SECURITY

We implement appropriate technical and organisational measures to protect your data, including encryption in transit and at rest, access controls, regular security assessments, and incident response procedures.