Spotable
Register your business
Privacy Policy

How Spotable handles personal data.

Spotable helps UK clubs and recurring programmes manage reserved places, members, participants, schedules and payments. This policy explains what data we collect, why we use it and the choices you have.

UK focused No selling personal data Payment data handled by Stripe

Privacy Policy

Effective date: 15 May 2026

Who We Are

Spotable provides software for businesses that run recurring, limited-capacity programmes. In this policy, “Spotable”, “we”, “us” and “our” refer to the provider of the Spotable platform.

For many club and member records, the business using Spotable is the data controller and Spotable acts as a processor. For direct enquiries, account administration and platform operations, Spotable may act as controller.

Information We Collect

Depending on how you use Spotable, we may collect:

  • Contact details such as name, email address, phone number, organisation and role.
  • Account details for owners, staff and customers, including login email and encrypted password data.
  • Participant details entered by a parent, guardian, customer or business, such as names, session choices and relevant notes needed to run the programme.
  • Programme data such as classes, sessions, locations, schedules, attendance, waiting lists, memberships, credits and invoices.
  • Payment and subscription status information. Card details are handled by Stripe and are not stored by Spotable.
  • Technical data such as IP address, device/browser information, security logs, embed session state and basic usage activity.
  • Messages submitted through contact, registration, support or enquiry forms.

How We Use Information

We use personal data to:

  • Provide and maintain the Spotable platform.
  • Create accounts, authenticate users and protect access to the service.
  • Help businesses manage reserved places, sessions, participants, locations, billing and communications.
  • Process platform subscriptions and customer payments through Stripe.
  • Respond to enquiries, support requests and registration interest.
  • Monitor reliability, security, fraud prevention and abuse prevention.
  • Comply with legal, tax, accounting and regulatory obligations.

Legal Bases

Where UK GDPR applies, we rely on one or more lawful bases depending on the context: contract performance, legitimate interests, legal obligations and, where required, consent.

Businesses using Spotable are responsible for telling their own customers, members, parents or guardians how they use data in their programme.

Children and Participant Data

Spotable may process participant information for programmes involving children where that information is entered by a parent, guardian, customer, staff member or business owner. This data is used to administer places, sessions and related programme operations.

We do not knowingly use children’s data for advertising or sell children’s personal data.

Sharing Information

We share personal data only where needed to run the service, including with:

  • The business, staff and authorised users connected to the relevant programme.
  • Stripe for payments, subscriptions, checkout and connected account services.
  • Hosting, infrastructure, email and operational service providers.
  • Professional advisers, regulators or authorities where legally required.

We do not sell personal data.

Payments

Payment processing is provided by Stripe. Spotable receives information such as payment status, customer identifiers, subscription identifiers, invoice references and limited billing metadata. Full card numbers and card security codes are handled by Stripe and are not stored by Spotable.

Cookies and Embedded Pages

Spotable uses cookies and similar browser storage where needed for login, security, embedded customer portals and session continuity. Some customer-facing pages may be embedded into a business’s own website. In that case, both Spotable and the business website may process technical data needed to display and operate the embedded experience.

Retention

We keep personal data only for as long as needed for the purposes described in this policy, including service delivery, account management, legal obligations, accounting records, dispute handling, security and backup retention.

Businesses using Spotable may control retention of some customer and participant records inside their own account.

Security

We use technical and organisational measures designed to protect personal data, including access controls, encrypted passwords, audit logging where appropriate and separation of tenant data. No system can be guaranteed completely secure.

Your Rights

Depending on your location and the context, you may have rights to access, correct, delete, restrict or object to certain processing, and to request a copy of your personal data.

If your data relates to a club or business using Spotable, you should usually contact that business first. You can also contact Spotable and we will help route the request where appropriate.

International Transfers

Some service providers may process data outside the UK. Where this happens, we rely on appropriate safeguards where required by law.

Changes to This Policy

We may update this policy as the platform, our suppliers or legal requirements change. The effective date above shows when this version became active.

Contact

For privacy questions or requests, contact us through the contact page or by emailing info@spotable.co.uk.