Privacy Policy

Last updated: 11 March 2026

1. Introduction

Spillist ("we", "us", "our") operates the Spillist website at spillist.com and the Spillist mobile application (together, the "Service"). This Privacy Policy explains how we collect, use, disclose, and safeguard your information when you use our Service.

By using the Service, you agree to the collection and use of information in accordance with this policy. If you do not agree, please do not use the Service.

2. Information We Collect

2.1 Account Information

When you create an account, we collect your email address and, if you use Sign in with Apple, your Apple ID credentials (we only receive the information Apple shares with us based on your preferences). We may also collect a display name and username you choose to set.

2.2 Content You Provide

When you use the Service to extract places from videos, you provide us with URLs to publicly available social media content. We process these URLs to extract place names, locations, and related information. We store the extracted data (place names, types, locations, confidence scores) in your account.

We also collect lists you create, items you save, trip itineraries, notes, and any content you add to the Service.

2.3 Usage Data

We automatically collect certain information when you use the Service, including your IP address, browser type, device type, operating system, pages visited, and the dates and times of your visits. On the mobile app, we may collect device identifiers and app usage data.

2.4 Payment Information

If you purchase a subscription or credits, payment is processed by Stripe (web) or Apple (in-app purchases). We do not store your full credit card number. Stripe provides us with a partial card number and billing details for record-keeping. Apple provides us with transaction receipts.

3. How We Use Your Information

We use the information we collect to:

  • Provide, maintain, and improve the Service
  • Process your extractions and deliver results
  • Manage your account and subscriptions
  • Send you transactional emails (account verification, extraction results, collaboration invites)
  • Respond to your requests and support queries
  • Detect and prevent fraud, abuse, and security incidents
  • Comply with legal obligations
  • Aggregate anonymised data for analytics and product improvement

We do not sell your personal information. We do not use your data for targeted advertising.

4. AI and Data Processing

Our Service uses artificial intelligence (OpenAI) to analyse video content and extract place information. When you submit a URL for extraction:

  • We download and process the video temporarily to extract audio and visual information
  • Audio is transcribed using OpenAI Whisper. Visual text is extracted via OCR
  • The transcribed text and extracted data are sent to OpenAI GPT-4o to identify places
  • Temporary video files are deleted after processing
  • We retain the extracted place data (not the video content) as part of your account

OpenAI processes data according to their API data usage policy. Data sent via the API is not used to train their models.

5. Data Sharing and Disclosure

We may share your information with:

  • Service providers: Supabase (database and authentication), Vercel (hosting), Railway (video processing), OpenAI (AI extraction), Stripe (payments), Resend (email), Mapbox (maps)
  • Other users: If you share a list or collaborate, other users can see the list contents and your display name or username
  • Public profiles: If you create a public profile, your username, display name, and public lists are visible to anyone
  • Legal requirements: If required by law, regulation, legal process, or governmental request

6. Data Retention

We retain your account data for as long as your account is active. If you delete your account, we will delete your personal data within 30 days, except where we are required to retain it for legal or legitimate business purposes (e.g. fraud prevention, financial records).

Anonymised, aggregated data (e.g. total extraction counts, popular destinations) may be retained indefinitely.

7. Data Security

We implement appropriate technical and organisational measures to protect your data, including encryption in transit (TLS), encrypted storage, access controls, and regular security reviews. However, no method of transmission or storage is 100% secure, and we cannot guarantee absolute security.

8. Your Rights

Depending on your location, you may have the right to:

  • Access the personal data we hold about you
  • Request correction of inaccurate data
  • Request deletion of your data
  • Object to or restrict processing of your data
  • Request portability of your data
  • Withdraw consent where processing is based on consent

To exercise any of these rights, contact us at hello@spillist.com.

9. Cookies

We use essential cookies for authentication and session management. We do not use advertising or tracking cookies. Our analytics are privacy-respecting and do not track individual users across sites.

10. Children's Privacy

The Service is not intended for children under 13 (or 16 in the EEA). We do not knowingly collect personal information from children. If we learn that we have collected data from a child under the applicable age, we will delete it promptly.

11. International Data Transfers

Your data may be processed in countries other than your own, including the United States and the European Union. We ensure appropriate safeguards are in place for international transfers.

12. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on the Service and updating the "Last updated" date. Your continued use of the Service after changes constitutes acceptance.

13. Contact Us

If you have questions about this Privacy Policy, contact us at:

hello@spillist.com

← Back to Spillist