Spoterix Spoterix

Privacy Notice

Last updated: April 9, 2026

Controller and Scope

[COMPANY_NAME], [COMPANY_ADDRESS] ("we", "us") is the controller for personal data processed in connection with the Spoterix RFQ platform.

This notice applies to business users, business contacts, and supplier contacts who use or are referenced in the platform.

Categories of Personal Data

  • Account and profile data: name, email, role, company assignment, login metadata.
  • Business transaction data: RFQs, quotes, comments, shipment and routing records, attachments.
  • Support and audit data: support requests, event logs, change history, security events.
  • Technical data: IP address, device/browser metadata, request timestamps, API usage logs.

Purposes and Legal Bases

  • Contract performance: provide and operate the platform, authentication, workflow automation, notifications, and reporting.
  • Legitimate interests: service reliability, fraud prevention, abuse prevention, product security, auditability, and quality improvements.
  • Legal obligations: accounting, tax, regulatory, and lawful disclosure duties.
  • Consent where required: specific optional features that send content to external AI services.

Recipients and Processors

We use carefully selected processors for hosting, email delivery, logging, and optional AI-assisted extraction features. Processors are contractually bound to confidentiality and security obligations.

Where we act as processor for customer data, processing is governed by our Data Processing Addendum (DPA).

International Data Transfers

Personal data may be processed in Switzerland, the EEA, the UK, or other countries depending on the selected infrastructure and subprocessors.

Where required by law, we use recognized safeguards such as adequacy decisions and Standard Contractual Clauses (SCCs).

Retention

  • Account and operational records are retained for the active contract period and a reasonable post-contract archive period.
  • Audit/security logs are retained according to security, compliance, and evidentiary needs.
  • Data is deleted or anonymized when no longer required, unless mandatory law requires longer retention.

Security Measures

We apply technical and organizational measures, including role-based access, authentication controls, encrypted transport, logging, backup controls, and least-privilege operations.

No system is fully risk-free; customers remain responsible for secure credential handling and access governance within their organization.

Data Subject Rights

Depending on applicable law, data subjects may request access, correction, deletion, restriction, objection, or portability.

For customer-managed datasets, requests should first be sent to the respective customer organization. We support customers in handling such requests under the DPA.

Cookies and Similar Technologies

The platform is designed to work without non-essential tracking cookies. Technically necessary storage may be used for authentication and security.

Contact

Privacy contact: [PRIVACY_CONTACT_EMAIL]

General legal contact: [LEGAL_CONTACT_EMAIL]