Legal
Privacy Policy
Last updated: 9 July 2026
In short
We collect as little as possible. The keywords you submit are processed only to return search-volume results, and are never sold.
You have the right to access, correct, export, and delete your data, and to object to or restrict our processing. Contact privacy@dataspline.io at any time.
01Who we are (data controller)
Dataspline is the data controller responsible for the personal data processed through the Service. For any privacy matter, including exercising your rights, contact our privacy team at privacy@dataspline.io.
If you are in the EU/EEA or the UK and believe we process your data unlawfully, you also have the right to lodge a complaint with your local supervisory authority (see section 8).
02Personal data we collect
Depending on how you use the Service, we may process:
- Query content: the keywords, region, and language you submit for a check, and the search-volume results we return.
- Account data: where accounts are enabled, your name and email address. (In the current version the Service is single-tenant and does not require an account.)
- Technical & usage data: IP address, device and browser type, and log data such as timestamps and pages viewed, collected to operate and secure the Service.
- Cookie data: essential cookies needed to run the Service, and, with your consent, optional analytics cookies (see section 9).
03How and why we use your data (legal bases)
We process personal data on the following GDPR legal bases:
- To provide the Service: running your keyword checks and returning results. Legal basis: performance of a contract (Art. 6(1)(b)).
- To secure and improve the Service: preventing abuse, debugging, and analysing aggregate usage. Legal basis: our legitimate interests (Art. 6(1)(f)).
- Optional analytics & communications: only where you have opted in. Legal basis: your consent (Art. 6(1)(a)), which you may withdraw at any time.
- Legal compliance: meeting our legal and regulatory obligations. Legal basis: legal obligation (Art. 6(1)(c)).
04Our data engine and sub-processors
Search-volume figures are produced by our data engine. To deliver results, we rely on a small number of vetted third-party processors, which may include cloud hosting, database, and search-volume data providers. All queries pass through our servers, so third parties never receive information that identifies you as an individual beyond what is strictly necessary to fulfil the request.
To protect our commercial arrangements, we do not publicly name our underlying data providers. Every sub-processor is nonetheless bound by a written data-processing agreement that requires GDPR-equivalent safeguards. We never sell your personal data or query content, and we do not use it to build advertising profiles.
05International data transfers
Where personal data is transferred outside the EEA or the UK, we ensure an adequate level of protection through appropriate safeguards, such as an adequacy decision or the European Commission’s Standard Contractual Clauses (and the UK International Data Transfer Addendum), together with supplementary technical measures. You can request a copy of the relevant safeguards from privacy@dataspline.io.
06Data retention
We keep personal data only for as long as necessary for the purposes set out above:
- Check content and results are retained to show you your history and are deleted on request or when no longer needed.
- Technical logs are typically retained for up to 12 months for security and troubleshooting.
- Account data is retained for the life of the account and deleted after closure, subject to any legal retention requirements.
07Your rights under the GDPR
Subject to applicable law, you have the right to:
- Access the personal data we hold about you.
- Rectify inaccurate or incomplete data.
- Erase your data (“right to be forgotten”).
- Restrict or object to our processing.
- Data portability: receive your data in a portable, machine-readable format.
- Withdraw consent at any time, without affecting prior lawful processing.
- Not be subject to solely automated decision-making with legal or similarly significant effects. We do not carry out such processing.
To exercise any right, email privacy@dataspline.io. We will respond within one month. You may also complain to your supervisory authority, for example your national data-protection authority in the EU, or the Information Commissioner’s Office (ICO) in the UK.
09How we protect your data
We apply technical and organisational measures appropriate to the risk, including encryption in transit, strict access controls, network isolation of our databases, and the full proxying of all outbound data requests so that source providers are never exposed to you. No system is perfectly secure, but we work continuously to protect your data.
10Children’s privacy
The Service is not directed to children under 16, and we do not knowingly collect their personal data. If you believe a child has provided us with personal data, contact us and we will delete it.
11Changes to this policy
We may update this Privacy Policy from time to time. We will post the new version here and update the “Last updated” date, and for material changes we will provide a more prominent notice.
12Contact us
Questions about this policy or your personal data? Email privacy@dataspline.io. We take your privacy seriously and aim to respond quickly.