Privacy Policy

Effective Date: 16 May 2026   
Last Updated: 4 June 2026   
Version: 2.0

Your privacy matters to us. This Privacy Policy explains exactly what personal data Spamvora collects, why we collect it, how we use and protect it, and what rights you have. We are committed to full transparency. By using our Service, you agree to the data practices described in this Policy.

1
Who We Are

Spamvora (“we,” “us,” “our,” or the “Company”) is an AI-powered lead intelligence and spam protection platform delivered as a Software-as-a-Service (SaaS) product via a WordPress plugin and cloud-based dashboard.

Spamvora is operated as a sole proprietorship based in West Bengal, India. We help businesses and marketing agencies filter spam form submissions, score lead quality in real time, and protect advertising budgets from bot-generated or fraudulent traffic.

Website: spamvora.com
Contact: info@spamvora.com
Jurisdiction: West Bengal, India

2
What Data We Collect and Why

We only collect data that is necessary to provide, maintain, and improve the Service. Below is a full breakdown of every category of data we collect.

2.1 Account Registration Data

When you create a Spamvora account, we collect:

  • Full name — to identify your account
  • Email address — for account access, transactional notifications, and support communication
  • Password — stored in encrypted (hashed) form only; we never store plaintext passwords
  • Business or website name — to configure your Spamvora workspace

Legal basis (GDPR): Contract performance (Article 6(1)(b)).

2.2 Billing and Payment Data

All payments are processed by Paddle.com Market Limited, our Merchant of Record. We do not directly collect or store your credit card numbers, bank account details, or full payment card information.

Paddle provides us with limited transaction metadata such as:

  • Subscription plan and billing cycle
  • Transaction status (paid, failed, refunded)
  • Invoice identifiers
  • Country and currency of transaction

Paddle’s own Privacy Policy governs their handling of your payment data. We strongly encourage you to review it.

Legal basis (GDPR): Contract performance (Article 6(1)(b)); Legal obligation (Article 6(1)(c)).

2.3 Technical and Usage Data

When you interact with our website, dashboard, or API, we may automatically collect:

  • IP address
  • Browser type and version
  • Operating system
  • Device type
  • Referring URL and pages visited
  • Date and time of access
  • Feature usage patterns within the dashboard

Purpose: Service performance monitoring, security, abuse detection, and product improvement.
Legal basis (GDPR): Legitimate interests (Article 6(1)(f)).

2.4 Spam Detection and Lead Scoring Data

When your WordPress plugin sends form submission data to our API for scoring, our systems process:

  • Form field values submitted by your end users (e.g., name, email, phone, message)
  • Submitter IP address and geolocation signals
  • User-agent and browser fingerprint data
  • Submission behavior and timing signals
  • Traffic reputation indicators
  • Anti-bot and bot-behavior signals

This data is processed on your behalf as part of our spam scoring service. You are the data controller for your end users’ data; Spamvora acts as your data processor. See Section 9 for more detail on this relationship.

Legal basis (GDPR): Legitimate interests and contract performance.

2.5 Support and Communications Data

When you contact us for support or with questions, we collect:

  • Your name and email address
  • The content of your message or inquiry
  • Any attachments or screenshots you share

Purpose: Responding to your inquiry and improving our support quality.
Legal basis (GDPR): Legitimate interests (Article 6(1)(f)).

2.6 WordPress Plugin Behavioral Data

Our WordPress plugin communicates with Spamvora servers solely for spam detection, lead scoring, plugin update checks, and license validation. The plugin:

  • Does not install automatically — requires manual installation and activation by the website owner
  • Does not install hidden software or collect data unrelated to spam scoring
  • Does not redirect visitors, inject advertisements, or modify unrelated site settings
  • Does not execute malicious code or impersonate browser/security warnings
  • Can be disabled or completely uninstalled at any time by the website owner
  • Communicates via encrypted HTTPS connections only

Plugin update checks are served through: https://spamvora.com/wp-json/pum/v1/update?slug=spam-vora

3
How We Use Your Data

We use the data we collect for the following specific purposes only:

  • Providing the Service — spam detection, lead scoring, dashboard access, API processing
  • Account management — creating and maintaining your account, authentication, password resets
  • Billing and subscriptions — processing payments via Paddle, sending receipts, managing renewals
  • Transactional email — account verification, security alerts, payment confirmations (sent via AWS SES)
  • Customer support — responding to inquiries, debugging issues, and improving documentation
  • Security and abuse prevention — detecting fraud, preventing unauthorized access, protecting system integrity
  • Product improvement — analyzing usage patterns to improve features and performance
  • Legal compliance — meeting obligations under Indian law, GDPR, and other applicable regulations
  • Marketing communications — only with your explicit consent, and only until you opt out

We do not sell, rent, or trade your personal data to any third party for their marketing purposes.

4
Email Communications and Anti-Spam Commitment

Spamvora sends all emails exclusively through Amazon Web Services Simple Email Service (AWS SES), a trusted and reputable cloud email infrastructure provider. We maintain strict compliance with all applicable anti-spam laws.

4.1 Transactional Emails (Always Sent)

The following emails are sent automatically as part of your account and cannot be unsubscribed from while your account is active, as they are essential to service delivery:

  • Account registration and email verification
  • Password reset requests
  • Payment receipts and invoices (from Paddle)
  • Subscription renewal reminders and confirmations
  • Subscription cancellation confirmations
  • Critical security alerts (e.g., suspicious login attempts)
  • Plan change notifications
  • Service outage or maintenance notices

4.2 Marketing Emails (Opt-In Only)

We send marketing emails only to users who have explicitly opted in to receive them. These may include product updates, new features, tips, and promotional offers. You can opt out at any time.

4.3 How to Unsubscribe

You may opt out of marketing emails at any time by:

  • Clicking the Unsubscribe link in the footer of any marketing email (one-click unsubscribe, RFC 8058 compliant)
  • Emailing info@spamvora.com with “Unsubscribe” in the subject line

We process all opt-out requests within 10 business days in compliance with the CAN-SPAM Act.

4.4 Our Anti-Spam Standards

We commit to the following standards:

✓ We never purchase, rent, or scrape email address lists
✓ All email addresses are collected directly from users who register on our platform
✓ Every email clearly identifies Spamvora as the sender with accurate subject lines
✓ Every marketing email includes a physical mailing address or contact details
✓ We maintain and honor email suppression lists
✓ We monitor bounce rates (<5%) and complaint rates (<0.1%) per AWS SES requirements
✓ All outbound email uses DKIM, SPF, and DMARC authentication
✓ We comply with CAN-SPAM Act (USA), CASL (Canada), GDPR (EU), and India IT Act 2000

5
Cookies and Tracking Technologies

We use cookies and similar tracking technologies on our website and dashboard for the following purposes:

Cookie Type Purpose Required?
Essential Session management, authentication, security Yes
Functional Remembering preferences and dashboard settings Optional
Analytics Understanding how users navigate the platform to improve it Optional
Security Detecting bot traffic, fraud, and abusive behavior Yes

You can manage or disable non-essential cookies through your browser settings. Note that disabling essential cookies may affect your ability to log in or use the dashboard.

6
How We Share Your Data

We do not sell, rent, or trade your personal data. We share data only in the following limited circumstances:

6.1 Third-Party Service Providers (Sub-Processors)

We engage trusted third-party providers who process data strictly on our behalf and under our instructions:

Provider Purpose Data Shared
Paddle.com Payment processing, tax collection (Merchant of Record) Name, email, billing country, transaction details
Amazon Web Services (AWS SES) Transactional email delivery Email address, email content
AWS Infrastructure Cloud hosting, storage, API processing Account data, form scoring data

All sub-processors are bound by contractual data protection obligations consistent with applicable privacy laws.

6.2 Legal Requirements

We may disclose your data when required to do so by law, court order, or binding government request, or when we believe in good faith that disclosure is necessary to protect the rights, safety, or property of Spamvora, our users, or the public.

6.3 Business Transfers

In the event of a merger, acquisition, or sale of substantially all of our assets, your personal data may be transferred as part of that transaction. We will notify affected users via email and provide an opportunity to delete their account before the transfer is completed.

6.4 With Your Consent

We may share your data with third parties in other circumstances if you have given explicit, informed consent to do so.

7
International Data Transfers

Spamvora is based in India. When you use our Service, your data may be transferred to and processed in countries other than your own, including the United States (where AWS infrastructure is hosted).

For users in the European Economic Area (EEA), United Kingdom, or Switzerland, we ensure that all international data transfers are protected by appropriate safeguards, including:

  • Standard Contractual Clauses (SCCs) approved by the European Commission
  • Transfers to countries with an EU adequacy decision
  • Contractual data protection commitments with all sub-processors

8
Data Retention

We retain your personal data only for as long as necessary to fulfil the purposes described in this Policy, and in accordance with applicable legal obligations.

Data Type Retention Period
Account data For the duration of your account + 30 days after deletion request
Billing and transaction records 7 years (legal and tax compliance requirement)
Lead scoring / spam detection data Up to 90 days, then anonymized or deleted
Support correspondence 3 years from last contact
Server and access logs 90 days
Email suppression lists Indefinitely (to honor unsubscribe requests)

When data is no longer required, we securely delete or anonymize it. Anonymized or aggregated data that cannot identify individuals may be retained indefinitely for product improvement purposes.

9
Data Controller and Data Processor Relationship

This section is important if you are a Spamvora customer whose website visitors have their form data processed through our Service.

Your responsibility as a data controller: When your website visitors submit forms that are processed by Spamvora for spam scoring, you are the data controller — you determine why and how that data is collected. Spamvora processes it only as a data processor acting on your instructions. You must ensure you have a lawful basis for this processing and that your own privacy policy informs your visitors about it.
  • You (the Spamvora customer) are the data controller for your end users’ personal data
  • Spamvora is your data processor — we process end-user data only to deliver spam scoring results to you
  • We do not use your end users’ data for our own marketing purposes
  • We do not sell your end users’ data to any third party
  • You must display an adequate privacy notice on your own website that discloses the use of third-party spam protection services
  • Enterprise customers requiring a Data Processing Agreement (DPA) may request one by emailing info@spamvora.com

10
Security Measures

We implement industry-standard technical and organizational security measures to protect your personal data against unauthorized access, disclosure, alteration, or destruction. These include:

  • HTTPS encryption for all data transmitted between your browser/plugin and our servers
  • Encrypted password storage using strong one-way hashing (bcrypt)
  • Access controls with role-based permissions limiting data access to authorized personnel only
  • Firewall protection and DDoS mitigation on our infrastructure
  • Regular security monitoring and audit logging
  • API authentication via secure API keys
  • Email authentication via DKIM, SPF, and DMARC on all outbound email

However, no method of transmission over the internet or electronic storage is 100% secure. While we strive to protect your data, we cannot guarantee absolute security. In the event of a data breach that is likely to result in risk to your rights and freedoms, we will notify affected users as required by applicable law.

11
Your Privacy Rights

Depending on your location, you may have the following rights regarding your personal data. We honor these rights for all users regardless of jurisdiction.

Right What It Means
Right to Access Request a copy of the personal data we hold about you
Right to Rectification Request correction of inaccurate or incomplete data
Right to Erasure Request deletion of your personal data (“right to be forgotten”)
Right to Restrict Processing Request that we limit how we use your data in certain circumstances
Right to Data Portability Receive your data in a structured, machine-readable format
Right to Object Object to processing based on legitimate interests or for marketing
Right to Withdraw Consent Withdraw consent at any time where processing is consent-based

To exercise any of these rights, email us at info@spamvora.com with the subject line “Privacy Request.” We will respond within 30 days. We may ask you to verify your identity before processing the request. No fee is charged for exercising your rights unless requests are manifestly unfounded or excessive.

If you are located in the EU/EEA and are not satisfied with our response, you have the right to lodge a complaint with your local data protection supervisory authority.

12
Children’s Privacy

The Spamvora Service is not directed to children under the age of 13 (or 16 in the EU/EEA under GDPR). We do not knowingly collect, process, or store personal information from children.

If we become aware that we have inadvertently collected personal information from a child under the applicable age threshold, we will take immediate steps to delete that information. If you believe a child has provided us with personal data, please contact us at info@spamvora.com.

13
Transparency and Non-Deceptive Practices

Spamvora is committed to full transparency and ethical behavior. We explicitly confirm that our Service and WordPress plugin do not:

  • Install hidden or undisclosed software on your device or server
  • Display fake security alerts, infection warnings, or threat notifications
  • Force downloads or auto-install files without user action
  • Redirect users or visitors to unrelated websites without consent
  • Circumvent browser or operating system security controls
  • Collect financial data, government ID numbers, or sensitive personal data beyond what is necessary for spam scoring
  • Engage in any deceptive, misleading, or manipulative data practices
  • Interfere with unrelated applications, plugins, or services on your server

14
Governing Law

This Privacy Policy is governed by the laws of the Republic of India, including the Information Technology Act, 2000 and the Information Technology (Amendment) Act, 2008, and applicable rules made thereunder.

Users in the European Union are afforded additional rights under the General Data Protection Regulation (GDPR). Users in California, USA may have additional rights under the California Consumer Privacy Act (CCPA). We honor these rights as described in Section 11.

15
Changes to This Privacy Policy

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. When we make material changes, we will:

  • Update the “Last Updated” date at the top of this page
  • Notify registered users by email at least 14 days before material changes take effect
  • For minor clarifications, post the updated Policy without additional notice

Your continued use of the Service after the effective date constitutes your acceptance of the revised Policy. We encourage you to review this page periodically.

16
Contact Us

For any questions, concerns, or requests relating to this Privacy Policy or your personal data, please contact us:

General & Privacy

Spamvora

Sole Proprietorship, India

Email: info@spamvora.com

Website: spamvora.com

Subject Line: “Privacy Request”

Billing & Payments

All payment and billing data is handled by Paddle, our Merchant of Record.

Paddle Support:
paddle.com/support

Paddle’s Privacy Policy: paddle.com/legal/privacy

Response Commitment: We aim to respond to all privacy-related requests within 30 days of receipt. For urgent security concerns, include “URGENT” in your email subject line for priority handling.